Feature Request: Windows Hello Timeout [Under consideration for future Hello improvements]
At the moment, when I turn on my machine I have to enter my master password, and then anytime after when I need to unlock 1password I can enter my Windows pin. This is great!
However, I often leave my computer on for a week. It would be great if I could say, lock my vault after 5 minutes of activity, and after 2 hours of inactivity force me to use my Master Password to unlock the vault.
The main advantage of this is it forces me to enter my master password at regular intervals (but not too much to be annoying) so I won't forget it.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @cpmcgrath,
That is an interesting idea, thank you for the suggestion! :+1:
Right now, your Master Password is required every time you exit 1Password completely and start it again, and after your PC restart. I will make sure to pass your suggestion along to our team to see if it is possible. Moreover, we receive the opposite requests from time to time (make Windows Hello always on), so the current behaviour is the middle-ground we are comfortable at the moment.
Let me know if you have any other questions, we are always here for you. Thank you!
Cheers,
Greg0 -
I second this request.
0 -
Hi - revisiting this thread as it would be incredibly helpful and more secure/comforting to simply have the same timeout option that's already available for TouchID on the Mac available for Windows Hello:
"Require Master Password: If you want 1Password to require your Master Password instead of Touch ID after a specific amount of time, change this setting."
Thanks for all of the ongoing support and improvements.
0 -
Hi @Mobe,
Thanks for your request.
Keep in mind that the 1Password's biometric system works differently on both platforms.
On Windows, we are not storing your encryption key anywhere on disk or the secure module like TPM, a temporary one-time key is in the memory until you reboot or terminate 1Password. On macOS, we are storing it in the macOS's keychain with Touch ID's secure enclave protection. What this means is that you can unlock 1Password on macOS with Touch ID the first time you open 1Password but you cannot do this on Windows, you're always required to enter the master password first.
Once we add the ability to unlock 1Password with Windows Hello from the start (which would require us to store a unique key on the secure TPM module), we'll absolutely add a time-out option but for now, we have no plans to add it in the current implementation. The timeout would not increase or decrease the security of 1Password because if your system is compromised to the point they can read your Hello key, they can do the same for your master password.
If you don't feel confident in Windows Hello because you may be traveling or something like that, which we will recommend that you disable Windows Hello globally, not just 1Password.
0