Safari Biometrics disabled? [SOLVED]

+1 for the frustration here; this makes the Safari extension extremely inconvenient to use now; it's easier to just manually open the 1P app and use Face ID (then manually copy credentials back to Safari) than to type my long master password -- especially if I happen to be in public.

The explanation that a change in WebAuthn implementation is incompatible with 1P's security model is sensible if true, and I'm supportive of AB/1P prioritizing security over usability here if so. However I'd be really curious for more technical detail on what changed and what assumptions 1P was making about WebAuthn that were broken. This would give an idea whether this is likely to be fixable in a 1P update or whether it will depend on Apple's willingness to change their WebAuthn implementation (which is far more uncertain and might mean no fix until iOS 17+...). It would also give greater confidence that the reasoning is legitimate & in our best interest as users, and thus probably alleviate some of the frustration expressed in this thread.

I also wonder if there are other ways that 1P could work around this, e.g. can the Safari extension launch the app, have the app do the Touch/Face ID authentication, then send a token back to the Safari Extension? That would be similar to how some mobile apps handle cross-app OAuth flows, and it appears there is an API for secure messaging between the native app and its associated extension: https://developer.apple.com/documentation/safariservices/safari_web_extensions/messaging_between_the_app_and_javascript_in_a_safari_web_extension?language=objc

Thanks in advance for any additional transparency that can be provided.

I had to switch to Keeper because of this. Hopefully they will get it figured out at some point. Unfortunately they lose this customer because of it.

I agree that it’s how it was handled and NOT communicated as much as the feature being gone.

Jack.P_1P Not only is the biometrics gone but I have to retry my password for the extension pretty much every time I go back to Safari. Even with it setting to every 1 or 2 weeks. I’ll give these to my next 1Password renewal. If not fixed I’m taking my money elsewhere.

AMonitorDarkly I suppose that’s fair, that they could have made users aware of the upcoming issue/regression by sending something to all users outside of just release notes.

I had to switch to Keeper because of this. Hopefully they will get it figured out at some point. Unfortunately they lose this customer because of it.

SyberCorp For me, this is more a matter of how this was handled. This is a significant enough regression that, while necessary for security, warrants a public statement. AB did nothing to inform users of this other than a small blurb in the release notes which AB knows the vast majority of users aren’t going to see. As a result, many people came to the forums thinking this was a bug only to find out that AB, once again, broke critical functionality without telling anyone.

I’m glad AB was putting security first here but as usual their execution was pretty poor.

Just my input about some of the people commenting that 1Password/AgileBits should have accounted for this while iOS 16 was still in beta, etc., and how they don't have the users' backs.

If the API they use was modified to have lowered security than what AgileBits was comfortable with their app/users using (because it would potentially put user data at risk), unless Apple changed the API again to appease AgileBits, I don't get what you expect AgileBits to do about it short of lowering their standards and agreeing to put user data at risk, or magically create their own API that somehow becomes a part of iOS 16. So, from my perspective, they absolutely DO have the collective backs of the users by refusing to use an inferior API from a security standpoint.

That all being said, I too am upset about the lack of the biometrics in the Safari extension because of the other things it took away in removing it.

The "disabling" is inconsistent I have 2 phones, 1 an iphoneXR, 1 an iPhone 13 Pro. Both running ios 16.02. The FaceID works on the XR but not on the 13 Pro. I also notice that the FaceID does authenticate on the 13 Pro but isn't unlocking 1Password. Further, my sons iPhone 14 Pro also works to unlock FaceID. Why all the inconsistency? Frustrating.

This makes 1password unusable. I love your product and and your company, and have used it forever. And I understand it may be beyond your control, but that doesn’t change the fact that it makes 1password unusable. Is this the beginning of the end?

Is there a reason I had to find this in your community rather than direct in the articles about enabling Face ID? You sure wasted a lot of my time troubleshooting. You need to update the Face ID and extension documentation.

This is a huge regression in functionality. I really hope a solution is found ASAP. I would hope it is a high priority.