Windows Hello - Require password Options

Options
solarizde
solarizde
Community Member
in Windows

Hey,

due to the fact that I want to use the SSH Agent I have to use the Windows Hello function, which I'm actually not a big fan of.
Currently you can only set it to require a reauth by password every 2 Weeks:

This is insecure in my Eyes and avoid me from using 1password with SSH Function at all. Why are there only two options? I would prefer to have a Win Hello confirmation but require a password verification every day and after each Account logout / reboot.

Would it be possible to add that option to make this possible?

Also TPM give that Warning:

Is there any Information about that? I do not understand exactly. It reads like the TPM, which actually should improve security, is weaken it? What would be the benefit of using TPM than?

Thanks

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • ag_mike_d
    ag_mike_d
    Options

    Hello @solarizde,

    Thanks for your feedback. I'll include our developer documentation that discusses the requirement of Windows Hello to unlock 1Password: SSH agent Developer Documentation

    The require password every 2 weeks or 30 days is not related to the SSH agent but rather how often you need to reauthenticate 1Password with your account password when Windows Hello is in use. This is to help users to remember their account password when primarily relying on biometrics or a Windows PIN.

    With regard to the warning when enabling the Trusted Platform Module (TPM), I wanted to provide you with a link to another discussion that explains the reasoning behind this messaging.

    I would prefer to have a Win Hello confirmation but require a password verification every day and after each Account logout / reboot.

    If you'd like to use both Windows Hello and require account password authentication, leaving the (TPM setting) disabled will allow for Windows Hello unlock prompts only after you've used your password for that initial sign-in for the day or after 1Password has been completely terminated or your device restarted.

    Please let us know if this information helps, but if you if you have any additional questions, just let us know.

  • solarizde
    solarizde
    Community Member
    Options

    If you'd like to use both Windows Hello and require account password authentication, leaving the (TPM setting) disabled will allow for Windows Hello unlock prompts only after you've used your password for that initial sign-in for the day or after 1Password has been completely terminated or your device restarted.

    Thank you this wasn't clear.

  • ag_mike_d
    ag_mike_d
    Options

    Hello again @solarizde - You're most welcome. Let us know if you have any other questions or concerns.

This discussion has been closed.