1Password 8: account password required every 2 weeks?

13»

Comments

  • moontrx
    moontrx
    Community Member

    I just upgraded to 1Password 8 on my iPhone, and I could not believe there is no longer the option to opt out for requesting the MP every 2 weeks. This is a no-go guys. I do not like that anyone else decides for me how often I need to get forced to enter my MP. This has to be my decision and my risk, not yours!

    I'm ok with the restriction on a desktop environment, but even there I would prefer 4 instead of 2 weeks.

    So please, please bring here as soon as possible remediation.

  • fleetingshadow
    fleetingshadow
    Community Member

    Just upgraded and ran face-first into this. I was already getting frustrated by the frequency I needed to enter my master password on desktop, and now this on mobile.

    This is a serious usability issues. As others have pointed out, this is part of the starting setup procedure - making sure that password is stored in a safe and secure location just in case. We shouldn't need to repeatedly enter it over and over again on a biometrically secured device. I'd even be okay with using yubikeys to unlock it after an extended period of time - but as it is, this is painful.

    Please change course. I'll give it until the end of the year then start looking for a different solution.

  • miccom
    miccom
    Community Member

    I'm understanding the reason why 1Password is doing this and forgetting the 1Password password is a huge risk, but in the end, the user should make this decision and should be enabled to disable this restriction. From my point of view its a no-gu and not how biometrics works for me.

    This option needs to come bug for all devices.

  • jjjohn
    jjjohn
    Community Member

    I fully agree with moontrx, please give us the master pw config option of mobile 1pw7 back!

    Yesterday I was unpleasantly surprised by the fact that all my mobile devices requested me to enter my master pw at once. The same 32-char pw I keep in 1Password! I had to use my wife’s iPhone! Luckily we have a shared vault containing both our master pw, if that was not the case I would have had to look forp the printed pw in my physical vault.

    I honestly have not read a single valid argument why the option to only require a person to enter the master pw after reboot, an option available for mobile devices, was removed. In 1Password 7 this feature was disabled by default and more or less hidden so accidental use was unlikely. As stated by one of the other posters, 1Password advices you to print your security info during the onboarding process so in case of disaster you can still use that as a fallback to access to you pw vault.

  • Deg
    Deg
    Community Member

    @Ben, syncing the last authenticated time across devices would be very helpful!

  • n9yty
    n9yty
    Community Member

    Turn off this stupid two week requirement. Let the user be responsible, stop trying to nanny them into what YOU think is best. I made it long and complex for protection, I have it stored securely, but not conveniently, and now I have to have it readily available in a non-secure location because I can't get to 1Password once you decide to lock it up on me.

  • greggmc
    greggmc
    Community Member

    Huge thanks for reverting this change and letting us disable this.

  • broesph
    broesph
    Community Member

    Glad to see this is customizable now in the iOS app, thanks for listening to our feedback!

    @Ben any word on if we can expect the same for your desktop apps?

  • Ben
    Ben
    edited August 2022

    Hi all,

    Thank you for the continued input here. As some of you have noticed, we are changing this in the mobile apps to offer more flexibility. There is still lots of discussion around this, and so I won't be surprised if further changes are coming in this space, but no definite decisions have been communicated to me yet.

    I'd likely to take the opportunity to highlight:

    1. It is critically important that you memorize your account password and be able to type it. If not, the chances you eventually lose access to your data stored in 1Password skyrocket. Our support team will not be able to assist if this happens. Unlike authentication-based services, because 1Password is end-to-end encrypted; there is no "forgot password" function. If you lose your keys (Secret Key and/or account password) — that's it. Game over. I stress this because most services aren't end-to-end encrypted and as such people are accustom to being able to forget their passwords, plug in their email address, and get a new password. It does not work that way with 1Password.
    2. The Emergency Kit can help. We recommend printing this document, and writing your account password on it. Then store the completed document in a safe place. The Emergency Kit will not help if you haven't written your account password on it and kept it up to date. The Secret Key alone is not enough to access your account. Both are required to access your account.
    3. Implement a recovery plan for your family (or team). Account recovery can be performed by a Family Organizer or business administrator. We would strongly encourage you to have multiple people with these roles if you are part of a family/business membership. If you are the only Family Organizer for your family, and you forget your account password, not only does that put you in a tight spot, it puts your whole family in a tight spot.

    More to come. 😃

    Ben

  • greggmc
    greggmc
    Community Member

    @ben All of that is great advice, and makes sense to have that presented to the user very strongly when they change the password required interval. Hopefully that is compromise enough to keep the "never" setting and have that on all platforms.

  • Backspaze
    Backspaze
    Community Member

    @Ben is the TestFlight app not updated anymore? I was a bit surprised to get a string of notifications for this thread with thank you messages for adding the feature back, but I couldn't find the setting in my app. Taking a look in the App Store I can see that it's now running version 8.9.3, while the TestFlight version still remains at 8.9.2 which seems a bit backward.

    I want to remain on the beta branch to test new features, but if you've dropped that for iOS/iPadOS I might as well uninstall the app from TestFlight and download the app from the App Store.

  • @Backspaze

    I'm seeing v8.9.4 beta in TestFlight. Please reach out to us at support@1password.com via email so we can troubleshoot. 😃

    Ben

  • Backspaze
    Backspaze
    Community Member

    Thanks for the quick reply @Ben, I've sent an email and we'll see where it goes.

  • KDDU360
    KDDU360
    Community Member

    Forcing a password entry every 2 weeks on iPhone/iPad should be optional and not mandatory,

  • Backspaze
    Backspaze
    Community Member

    @KDDU360 it is optional since the latest release, and now it's also optional on Windows as well (at least if you're using the beta version and are on 8.9.4 or higher).

  • Backspaze
    Backspaze
    Community Member

    @Ben do you have any further information regarding adding an option for "after reboot" as it was in 1PW7? I haven't reread the entire thread, but if I recall correctly, most of the comments have been about adding the "never" option back, while I would've been happy with an "after reboot" option. So I realize I'm in the minority here, but it would be great to have that option back as well.

    My way of making sure that I'll remember my password is through the use of the "after reboot" option. It's something I have control over when it happens (compared to the prior only option of a 2 week interval) and I usually only reboot my devices when an update requires it.

    As it is right now, "every 2 weeks" is too often, so "never" or "every 30 days" are the only remaining options, but none of them really suits my use case. "Never" means I never have to enter my password and risk forgetting it, and "every 30 days" is something I don't have control over when it happens, as opposed to "after reboot".

  • jericho808
    jericho808
    Community Member

    Is there a way to downgrade back to version 7? The more I use version 8, the less I want to use 1password. I appreciate 1passwords’ desire to ensure security, but I don’t need or want this level of handholding on my ipad.

  • Kakkoister2
    Kakkoister2
    Community Member

    @jericho808 You should be able to find the version 7 under your purchased apps and downgrade that way if you're choosing to. Though remember 1PW is security software, I wouldn't recommend you go back to an old version of 1PW.

  • joemus
    joemus
    Community Member

    I’d like to add a vote for giving more frequent options in the Require Password setting. I always set it to every 24 hours so that I wouldn’t forget my password — but now the only two choices are 2 weeks and 30 days, which is way too infrequent and I’m definitely going to forget my password.

  • XIII
    XIII
    Community Member

    I accidentally discovered that you added the option "Never" now...

    Thank you! ❤️

  • CarOli
    CarOli
    Community Member

    Thank you for listening to the community @agilebits!

  • Reciprocity31
    Reciprocity31
    Community Member

    Version 7 was great cause it was fast and efficient. I could create an item or fill in a login or retrieve a piece of info quickly. But now in version 8 it feels like a pain to use. Having to enter my password on each device all the time makes it inconvenient and slow. There are a ton of use cases here so I won't add to them but dang, can we not just make everything for the lowest common denominator? Put an advanced setting deep in the Settings section. Make us agree that losing or forgetting master password could lose full access. THEN PUT A MENU IN ALLOWING US TO DETERMINE WHEN and HOW OFTEN WE WANT TO ENTER THE MASTER PASSWORD. I don't need 1Password holding my hand making sure I remember my master password. I am an adult and not only remember it but also have it stored in other places both digitally and non-digital. Putting up these walls on Mac, iOS, iPadOS etc makes me not want to use the product.

  • Backspaze
    Backspaze
    Community Member

    @Reciprocity31 the option to never ask for the password is available since about a month ago. You should be able to find it under Settings > Security > Require password if your apps are up to date.

  • klepp0906
    klepp0906
    Community Member

    just found this for the same reason as most everyone else here. i understand the merit on both sides of the debate. while i'm not entirely confident with going "never" across the board, im glad to see it has returned as an option. the synching timer across devices things still in the works? that would be a pretty solid/reasonable middle ground imo.

  • STRYKEN
    STRYKEN
    Community Member

    The requirement to enter your password MANUALLY every 14 days when you have biometric turned on is ridiculous! My wife installed and then deleted v8 because of this. I installed it a while back and tried to use it (don't like the UI nor UX). Then it forced me to manually enter my password so I ONLY use v7. Glad to hear there is an option now as we were researching other password managers due to this issue.

This discussion has been closed.