on Mac, for Touch ID -- where's the "Never" option for "Require Master Password"?

dmorrow
dmorrow
Community Member
in Mac

Unlike a password (which someone could memorize) a fingerprint requires my physical presence.

Now, I get there are some spy-movie scenarios (I'm unconscious, and someone uses my fingerprint - or maybe someone lifts my fingerprint off of a glass, makes a mold of it, etc) but I can't tell you how not worried in the slightest I am about any of those things happening. (Also, if someone steals my Mac, I could always remote-wipe the thing).

Fingerprint security is, for me, pretty good... at least for my personal laptop. Since I'm not some high-ranking government official worried about the security of my laptop constantly, I would really, really prefer it if Touch ID could completely replace the need for me entering a password, ever. It's installed on my Mac. When I restart my Mac I'm forced to enter the Mac's password to re-enable Touch ID at all. Once it's enabled like that, I'd like it if 1password could just work, as well.

I know it's not the most secure option... but again, my risk isn't as high as someone else might be. For the way I use it, the fingerprint is MORE secure than the master password. So, adding a NEVER option to the "Require Master Password" popup would be most appreciated.

1Password Version: 6.8.4
Extension Version: Not Provided
OS Version: 10.13
Sync Type: Not Provided
Referrer: forum-search:require master password touch id

Comments

  • rudy
    rudy
    edited December 2017

    @dmorrow,

    Thanks for the feedback, but Touch ID is not a replacement for knowing your Master Password. Its extremely unlikely that we'll be adding a Never option to the Mac version.

    Rudy

  • dmorrow
    dmorrow
    Community Member

    Why is that exactly? Not trying to be difficult, but I don’t understand why this is a security risk.

  • rickfillion
    rickfillion

    Hi @dmorrow,

    For some users it would probably be perfectly fine to have such an option. Unfortunately, with that option in 1Password for iOS we've found that far too many users become completely dependent on it and end up forgetting their Master Password. Certain situations like multiple Touch ID failures cause 1Password to delete the keys we store that allow for the unlock via Touch ID. We stand by the decision to delete the keys in cases where we think someone could be trying to fool Touch ID as it's not a perfectly secure mechanism (it has a 1 in 50000 chance of collisions). If someone forgets their Master Password and 1Password has deleted the keys to unlock in order to protect the user from a brute force attack then the user is left in a situation where they'll never be able to unlock their vault.

    Based on how this has worked out on 1Password for iOS (not very well), it's not likely that we'd ever bring that option to the Mac. It's more likely that we'd find a way to remove that option from 1Password for iOS.

    I hope that helps explain the reasoning.

    Rick

  • dmorrow
    dmorrow
    Community Member

    Thanks for the feedback

  • rickfillion
    rickfillion

    You're welcome.

    Rick

This discussion has been closed.