Asking for master password every 2 weeks on every machine is too much

chrissshe
chrissshe
Community Member
edited December 2021 in Lounge

I have 2 macbooks (one from work and one personal) and 1 PC. All 3 devices require me typing the master password at least every 2 weeks. On top of that, it's occasionally required on my phone as well. It's too much friction for using such a basic tool. I don't think there is anything we can do about it in Preferences. But in case I was wrong you can ignore the rest of the post.

I got my 1password subscription from my work. My wife loves it and uses it everyday. And I should say I love the concept as well. I tried to use it two period of times. But the frequency it requires master password is just too annoying.

I've read several similar posts from the past. The dev have made it clear that they do not intend to change this behavior. So this post is mainly just voicing my frustration. https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:require master password

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @chrissshe The master password is the main thing protecting your password vault from an attacker with access to your devices. It is used to generate the encryption key which protects your data. I guess you're required to enter it every 2 weeks to reduce the risk of forgetting it.

    If its too much to enter it every 2 weeks then that suggests you've chosen something difficult to type/remember. If its a randomly generated password then you may find a passphrase easier to type/remember.

    Your secret key protects against remote attackers probing 1Password servers. So your master password only needs to be 16-20 characters if using non-dictionary words or a bit longer if using dictionary words.

  • chrissshe
    chrissshe
    Community Member
    edited December 2021

    @rootzero I agree that typing it every two weeks reduces the risk of forgetting it. My point is my actual frequency is more than biweekly because of the multiple devices I own. It’s more than weekly

  • ag_ana
    ag_ana
    1Password Alumni

    @chrissshe:

    Of course, having multiple devices means that you need to unlock 1Password multiple times, but I am still curious to know if you have noticed which device is locking more often for you? Is it a desktop computer or a mobile device?

  • chrissshe
    chrissshe
    Community Member
    edited December 2021

    @ag_ana My two Macbooks lock more often than my mobile device (phone) because computer apps require at least biweekly login. I don't often use my desktop computer, but I assume it's also requires biweekly login if I were to use 1password on it

  • ag_ana
    ag_ana
    1Password Alumni

    @chrissshe:

    Please let us know this information:

    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided

    In addition, this information will also be useful:

    • Browser used and browser version
    • Whether this happens in the 1Password desktop app, or in the 1Password browser extension
    • How often 1Password locks exactly? Is it 10 minutes? 24 hours? 7 days?
  • chrissshe
    chrissshe
    Community Member
    edited December 2021

    Hi @ag_ana, just to clarify, it's NOT a bug. I believe this is the expected behavior of 1password. However, I'm expressing my frustration about this design choice. It has been the same design since I first tried it in 2019

    To iterate, as how the app is designed, each of my three computers needs retyping master password every now and then. The maximum period I'm allowed to set is 2 weeks. So on average, I have to enter master password three times every 2 weeks

  • XIII
    XIII
    Community Member
    edited December 2021

    What’s the current implementation?

    Two weeks after the last password request per device or two weeks after the last password request on any device used by one account? (Or something else?)

  • ag_ana
    ag_ana
    1Password Alumni
    edited December 2021

    @chrissshe:

    just to clarify, it's NOT a bug. I believe this is the expected behavior of 1password. However, I'm expressing my frustration about this design choice. It has been the same design since I first tried it in 2019

    I agree that it's not a bug, I just think you have your auto lock settings configured in the wrong manner ;) Hence my request for information.

  • chrissshe
    chrissshe
    Community Member
    edited December 2021

    @ag_ana My auto lock is set at "require master password every 2 weeks". As @XIII also asked, is this "two week" per device or shared across devices?

  • chrissshe
    chrissshe
    Community Member

    @ag_ana I use the latest version on Mac. I set them at "require master password every 2 weeks". As @XIII also asked, is this "two week" per device or not?

  • ag_ana
    ag_ana
    1Password Alumni
    edited December 2021

    @chrissshe:

    The lock settings are per device, otherwise it would not make any sense to offer different locking options on different devices, as one would just overwrite all of the others :+1:

    In addition to this, is it in any way possible for you to answer the questions I sent you above so we can help you and understand your configuration? It will take much longer to just guess your configuration information until we figure out how you have things really configured. Thank you!

  • chrissshe
    chrissshe
    Community Member

    @ag_ana You questions ask for the versions on various devices. I don't really have the "configuration" any more because I no longer use 1password. My latest trial period was in December. I installed the latest version at the time and then deleted them. To answer your question, I would have to download the latest version and immediately tell you that version number which is kinda pointless. Other questions:

    • it happened in the macbook APPs. I didn't play much around the extension
    • I can't tell EXACTLY how often they lock because I don't keep a timer for them. But roughly 2 weeks per device feels about right (it matches the setting anyway)

    About "otherwise it would not make any sense to offer different locking options...", your argument is basically "The lock settings are per device because we offer this settings per device". I don't even know how to respond to this... Yes you are right. As I mentioned in my initially post, my whole point is while I understand this is how 1password chooses to be, IMO it is a bad design. The longest a user can set is every 2 weeks. When taking multiple devices into account, it's annoyingly frequent.

    Others are free to disagree with me. I just want to echo what previous users brought up in 2019 https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks and see if there is a way to pass this opinion to the 1password team, who rejected it back then. I'd appreciate it if you could pass along the msg. With that, we can close this ticket as the communication was getting unpleasant. I do appreciate you working at this time. Have a good rest of the holiday.

  • chrissshe
    chrissshe
    Community Member

    @ag_ana You questions ask for the versions on various devices. I don't really have the "configuration" any more because I no longer use 1password. My latest trial period was in December. I installed the latest version at the time and then deleted them. To answer your question, I would have to download the latest version and immediately tell you that version number which is kinda pointless. Other questions:

    • it happened in the macbook APPs. I didn't play much around the extension
    • I can't tell EXACTLY how often they lock because I don't keep a timer for them. But roughly 2 weeks per device feels about right (it matches the setting anyway)

    About "otherwise it would not make any sense to offer different locking options...", your argument is basically "The lock settings are per device because we offer this settings per device". I don't even know how to respond to this... Yes you are right. As I mentioned in my initially post, my whole point is while I understand this is how 1password chooses to be, IMO it is a bad design. The longest a user can set is every 2 weeks. When taking multiple devices into account, it's annoyingly frequent.

    Others are free to disagree with me. I just want to echo what previous users brought up in 2019 https://1password.community/discussion/108258/requirement-for-re-enter-master-password-every-2-weeks and see if there is a way to pass this opinion to the 1password team, who rejected it back then. I'd appreciate it if you could pass along the msg. With that, we can close this ticket.

  • Hi @chrissshe

    Unlocking is something that happens entirely on the local device, and can be done offline. I'm not sure there would be a secure and reliable way to have the fact that one device has unlocked affect the state of other devices. That said I'd be happy to mention the thought to our security and engineering teams so they can bounce the idea around. Thank you for your interest in making 1Password better. :+1:

    Ben

This discussion has been closed.