Disable Password Reauthentication After 2 Weeks in 1Password 8

Oddycm
Oddycm
Community Member
edited March 2023 in iOS

Hello,

On 1Password 7 I remember there being an option to disable reauthentication permanently, this allowed me to use Face ID to authenticate for many months and ensure that I’m not prompted to type in a password (especially in a public place where someone might be behind me).

On 1Password 8 for iOS I see in the settings it states “You’ll still need to enter your account password every 2 weeks or when Face ID isn’t available”.

Is there any way to disable reauthentication via a Master password every two weeks?


1Password Version: 8.9.0
Extension Version: Not Provided
OS Version: iOS
Browser:_ Not Provided

Comments

  • Hi @Oddycm

    There was an option called "never" in 1Password 7, but it wasn't truly never. There isn't a way to disable this, but I wrote about our latest thoughts on the subject here:

    https://1password.community/discussion/comment/650390/#Comment_650390

    While I can't promise any specific changes at this point, there are some interesting ideas on the table to make this a better user experience.

    Ben

  • The2ndOctave
    The2ndOctave
    Community Member

    I really need this feature back. Or at least an option that is longer than 2 weeks. I don't understand the resistance to offer more options to users...

  • Hi @The2ndOctave:

    Thanks for your additional feedback here. As Ben mentioned in his linked post, adding the two week timer has reduced the number of forgotten password situations. While I can't promise anything specifically, what would be ideal here is some sort of global sync timer, where entering your account password on your desktop means you won't be prompted on your phone.

    Jack

  • TMEI
    TMEI
    Community Member

    +1

    Forcing user to enter there Password every 2 weeks will just end with user turning to weak Master-Passwords...

  • The2ndOctave
    The2ndOctave
    Community Member

    That's precisely what I'll have to do if I'm forced to enter the password every 2 weeks. I'll change it to a weaker password—which sucks.

  • Random206
    Random206
    Community Member

    +1 on this. I absolutely hate the fact that I need to authenticate every 2 weeks. It’s honestly infuriating. The fact I can’t turn this off and JUST use biometrics is upsetting even further. For security reasons, I don’t want to open my phone up to be prompted to type in a password where I may be filmed doing so.

    Same goes for the safari extension. Reauthorising the extension….every week….is not acceptable in my standards. I’d like to see both these options removed and the ability to have ‘Never’, and actually be never.

  • mikeizzy
    mikeizzy
    Community Member

    By removing the feature to set Require Master Password to “Never”, you will lose customers. I have the family plan, and this will be a deal breaker for some of us. We will continue to use 1Password 7 for now, but eventually we will switch to another service if this feature doesn’t return.

  • webhill
    webhill
    Community Member

    The thing is, it was hard enough to get the octogenarians and nonagenarians in the family to use 1password WITHOUT the mandatory reauthentication. With it? Not possible. Please bring back the “Never” option. Otherwise my parents will go back to reusing the same old password every time and I will be very sad.

  • npr
    npr
    Community Member

    This leads to a very poor mobile experience- or a very week master password- like the new home screen, the choice is yours!

  • Oddycm
    Oddycm
    Community Member

    @Ben @Jack.P_1P

    It seems there is some pushback to this design decision in 1Password 8, not just here but in a couple other posts and on Reddit as well.

    I understand the reasoning falls in the realm of helping users remember their password to ensure they are not locked out, though realistically there is only so much you can do to prevent people from shooting them selves in the foot.

    The crowd of people that don’t plan ahead with saving their master password and secret key will always be at risk of locking themselves out, I hope those of us that do have a plan and may even practice our Master passwords by ourselves do not have to be forced to do so by the software.

    Furthermore, bringing back the “Never” authentication option may be the simplest path forward rather than something a lot fancier like a global counter.

    Please convey these dissatisfactions internally though any ticketing procedures you may have.

  • XIII
    XIII
    Community Member

    I'm not a native speaker, but I think the way to put this is "we're tarred with the same brush"?

    Already reported this during the Early Access: extremely disappointed that you punish all users for an issue some might encounter.

  • wisewalnut
    wisewalnut
    Community Member

    @Ben @Jack.P_1P

    I’ve been using 1Password for many years and most of the time I have no problem remembering my 1Password password but sometimes my mind just blanks on me. I’ve had it happen multiple times when I couldn’t for the life of me remember my 1Password password when asked for it. Luckily I can usually grab another device with Touch ID and access 1Password to check my 1Password password (unless Touch ID fails three times, in which case I have to dig out my emergency kit, which is really annoying but has only happened once so far). The thought that the other device might then also require me to enter my 1Password password, just because it does so every two weeks, kind of scares me. This also defeats the main reason for me to use 1Password, which is that I can always access my passwords somewhat easily.

    Also this would probably mean I have to type in my password almost every time I use 1Password on my phone as I don’t use it that often, which is annoying. One of the other reasons for using 1Password is to not type passwords as typing a password is always super annoying, especially on a phone.

    So please reconsider adding a “never” option. Not having this makes 1Password really hard to use for me.

    Side request: Currently you have to enter your password when Touch ID / Face ID fails three times, could you please increase the amount of retries allowed (iOS has five attempts before requiring your passcode, I think eight would be a good amount for 1Password). This limit has been the main cause requiring me to enter my 1Password password in the past which can be a major inconvenience as described.

  • greggmc
    greggmc
    Community Member

    Just upgraded to v8 on iOS and noticed the lack of “never”, so I came here to voice my wish add that back. I have lived with this misfeature on macOS for a while, but didn’t expect it to also be part of the v8 update on iOS/iPadOS. This will do nothing but force weaker password and/or complicate my family members usage of 1Password. Please bring back “never”.

  • steven1
    steven1
    Community Member

    One of the nice use cases that was made possible with "Never require Authentication" was exactly the kind of secure estate planning that people have been asking for:
    -Use a 'spare' iPhone with 1pw configured on your account with 'Never'.
    -Create a device passcode that you share with your digital estate executor
    -update all passwords and put the phone in a safe or give to attorney. They have physical posession but not digital possession.
    Upon propoer authorization, the attorney can give your phone as per your wishes, who unlocks the phone, and then has access to all your passwords since it was set to 'Never'.

    If you keep your 1pw secret key and master password in this vault, that is all they need to access your account, You only ned to sync if you change your master password. Or, if you have a family subscription, you use one of the members' vaults to store your 1pw details, no need to change their pw and sync regularly.

    Oh well...been a vocal propoent of 1pw for many years, but the "we know best" attitude sure is wearing thin.

  • lwfitzgerald
    lwfitzgerald
    Community Member
    edited August 2022

    I've also just upgraded to v8 on iOS and was surprised to see the 2 week expiry added with no option to disable this to match the old v7 behaviour.

    To echo what @steven1 said, I really don't appreciate being babied and told that I can't be trusted to remember my master password without being prompted for it every 2 weeks. I also think other posters make a very good point that for those users that might forget their master password, this will just lead to them weakening them ala iOS 4 digit numeric lock codes.

    To give a real world example where this is intensely frustrating - I have a bunch of cards with individual PINs. When I withdraw cash at an ATM, I really don't want to be surprised by having to enter my (long/strong) master password while people wait behind me. Being locked out like this totally breaks the "just quickly open and get the password for something"-utility that I expect of a mobile password manager.

    Solving this really seems as simple as adding an reauth-timeout option (including "never"). I don't really understand the objection to doing this?

  • tetardbleu
    tetardbleu
    Community Member

    @Jack.P_1P

    what would be ideal here is some sort of global sync timer, where entering your account password on your desktop means you won't be prompted on your phone.

    I sincerely think it would be a great bridge between security and usability. Please add my vote for this.

  • joshhuggins
    joshhuggins
    Community Member

    Oh man, I am in such hot water with the wife. Just "upgraded" her phone to v8 and noticed that it has to sign in every 2 weeks. She has always just used biometric. The whole point is to have a strong complicated password to protect the account. She is not going to be doing that every 2 weeks, especially if she is out away from home where the main password is stored. You kidding me? If this doesn't get straightened out by the time our renewal comes up we will be done. Man I really don't want to have to move everything over to another service. Uggg 🙄 So frustrating!

  • DJRiful
    DJRiful
    Community Member
    edited August 2022

    This is really annoying every 2 weeks, my iOS already running Face ID or pin.

    My password is like 40 characters long, and I had to re-enter this every 2 weeks on my tiny iPhone 12 mini keyboard. It's painful and stupid - if I need to access my stuff in 1Password at store area. "Sorry give me 5 mins to unlock my account".

    Here goes, I'm going to set my master password down to 8 characters.

  • leesweet
    leesweet
    Community Member
    edited August 2022

    On my desktop I enter the MP several times a day, at least. The (user specific, bad) reason of 'forgetting' really needs the syncing idea implemented so you know (if you care) that we do indeed 'know' the MP. On the phone is the worst place to ever enter the MP, and was when back in the day I hated 1P totally (before larger phones, keyboards, touch-ID, etc.).

    Not going to start on least common denominator user support, etc.

  • NetMage
    NetMage
    Community Member

    There is always the option of upgrading back to 1Password 7. Between no Watch App, the terrible search experience, the less readable account screen, and this, I am thinking of doing it.

  • Oddycm
    Oddycm
    Community Member
    edited August 2022

    Looks like the recent update has brought back the “Never” option in 1Password 8!

    Just wanted to post a big thank you to the 1Password team for listening to the user feedbacks 🙂

  • sjdennis
    sjdennis
    Community Member

    Is this New requirement to re-enter your password every two weeks, or change your password every two weeks? I haven’t upgraded to 1Password 8 yet pending clarification on this issue. If one has to change their password every two weeks that would be F’ing ridiculous.

  • Dave_1P
    edited September 2022

    I want to thank everyone for taking the time to write in with their feedback. As of version 8.9.3 of 1Password for iOS (released August 30th 2022) you can now choose how often you're prompted for your account password.

    If you haven't already you can update using this guide: How to keep 1Password up to date

    @sjdennis

    When 1Password 8 for iOS first launched the app required users to enter their account password every two weeks even if Touch ID / Face ID was enabled. With the latest update to 1Password 8 users can now choose how often they're asked for their account password:

    • Never
    • Every 2 weeks
    • Every 30 days

    I hope that helps! 😊

  • natb
    natb
    Community Member

    Thank you for bringing back this feature! It's been driving me batty since the upgrade, and I found this thread when I finally remembered to look this up at home (because "while I'm already frustrated by having to go find some characters so I can unlock 1Password so I can do whatever it is I wanted to do, and maybe am in a hurry or holding up other people" isn't a good time to figure this out).

    I created my master password before I had an iOS device, and I've been using it for...15 years now? (Has 1Password been around that long? I can't remember the first version I had.) My master password uses one or more characters that can't be typed on the iOS keyboard, and entering a password is the last time I'm going to trust a third-party keyboard. So any time I need to type my master password on my iphone or ipad, I need to have an internet connection and go find those characters somewhere so I can copy-n-paste them. Ever since Touch ID, it's been a non-issue: I do it once when I set up the phone, and then maybe a couple times a year, at most, for one reason or another. I figured the annoyance was a reasonable trade-off for the literal inability of a nefarious actor to type in the master password if they got my phone. It wasn't intentional, but I figured it wasn't worth changing my master password over.

    So forgetting my master password isn't a worry; typing a long, complicated password on the iOS keyboard isn't a worry; but needing to re-enter my master password on the regular, no matter how much I successfully use Face ID is a problem, and being literally unable to unlock my 1password if I'm somewhere without an internet connection is a worry.

  • nerdAtTheBar
    nerdAtTheBar
    Community Member

    Hey 1Password Community Team and Devs - thank you for bringing this feature back.
    The other idea that seemed doable was syncing the timestamp of last login w/Master Password across all platforms.
    Cheers!

  • Dave_1P
    edited March 2023

    I'm happy that you're both enjoying the feature. 🙂

    Since this is a rather old thread I'm going to close it to save folks from receiving notifications when anyone replies.

    -Dave

This discussion has been closed.