Read first: Previous version support information

Feature Request: Can conceal fields other than password & Windows Hello on first startup

agilex
agilex
Community Member
edited April 2023 in 1Password 7 for Windows

Hi everyone, ancient 1Password user here who decided to give 1Password another shot :) It's good to see 1Password finally puts efforts into developing for non-Apple machines! Hopefully the Windows PC client will be functionally on par with the Mac version when it comes out of beta.

I have a few ideas to contribute to the new beta. Besides the tag system problem I mentioned here: https://discussions.agilebits.com/discussion/comment/424397/#Comment_424397, I'm hoping 1Password 7 to add the following 2 features:

  1. Users will be able to conceal fields other than passwords. For instance, I may want to put my security questions and answers in a note, but storing them as password is inconvenient as they could show up in security audit, and in this specific case (storing as notes), I could lose all formats such as newlines.
  2. Allow Windows Hello on first startup. Currently Windows Hello is enabled only after user unlocked the vault and let 1Password stay in memory. I wonder if there're actually any security benefits for such design (I think Windows Hello already utilizes TPM to secure passwords)?

Thanks a lot!

1Password Version: 7.0.532
Extension Version: Not Provided
OS Version: Windows 10
Sync Type: Not Provided

Comments

  • bundtkate
    bundtkate

    @agilex: For security questions, I would strongly recommend using generated word-based passwords as your answers and, yes, saving them as a password-type custom fields. Reason being, security questions are awful for security. Think about the types of questions they ask. The name of your pet or your mother's maiden name or where you were born – these are all things likely to be found on social media, or they're a matter of public record. A nice, strong, word-based password won't show up in Security Audit and keeps your account nice and safe from intrepid attackers able to research the answers to your security questions. It might be weird when you call customer service and you have to tell them your favorite super hero is heavy paralyze kneel soggy but it keeps your account safe and Security Audit tidy.

    Hello on first startup might be something we'll consider down the road, but for now we're being extra cautious and requiring your Master Password the first time you open 1Password after it's terminated. This gives our team time to further investigate the security implications of permanently storing your unique device encryption key used by Hello to make sure it's something we're comfortable doing and the we're able to do it right. :+1:

This discussion has been closed.