Signing back into the Community for the first time? You'll need to reset your password to access your account. Find out more.
Forum Discussion
Safari Biometrics disabled? [SOLVED]
.
Why does the latest update disable biometrics in Safari?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided
1P_Ben1Password Team
@Customer1passCanada
Are your parents using the 1Password for Safari extension, or Apple's Password AutoFill feature with 1Password integration? The latter may be better for this use case at least until we can find a way to bring biometric unlock back to the 1Password for Safari extension. You can read more about using 1Password with Password AutoFill here:
Use 1Password to fill and save in apps and browsers on your iPhone and iPad
The change being discussed in this thread does not affect AutoFill. Personally I'm leaving both enabled and will use 1Password for Safari for filling credit cards and identities, and Password AutoFill for most everything else, for now.
@iSRS
Can you provide some details on what got less secure in Safari this week (because as others have said, it was working in the betas)?
1Password for Safari is built on Apple's relatively new Web Extension technology, where native Touch ID / Face ID APIs are not available. To work around that we built Touch ID / Face ID support for 1Password for Safari using WebAuthn. We recently discovered the changes made to WebAuthn in iOS 16 are incompatible with our security model. We have reached out to Apple to explain how we've been using WebAuthn and to engage with them on how we can bring these features back to the Safari extension.
Ben
I don't think it lets you fill credit cards, but personally I just use the system-level filling nearly all the time. Biometrics still work fine with that.
The biometric feature removal in Safari is a software regression.
My parents rely on 1Password biometric to use their passwords. Asking them to type their 1password every time they need a password filled is unacceptable.
How can the 1Password team not anticipate the security model apple proposed until the very day iOS 16 was released? Colour me unimpressed.
Thanks for the prompt responses, Jack_P_1P - and thanks for being willing to take a few arrows to keep us updated.
I’m curious why only Safari, especially as one would think that Safari would be more secure than Chrome (or other browsers) given the “marketing”
Can you provide some details on what got less secure in Safari this week (because as others have said, it was working in the betas)?
more_cowbell Indeed, but whilst 1P8 will get updated eventually, I doubt that 1P7 would see any update beyond version 7.9.9.
@einsteinbqat they pulled biometrics from both 7 and 8 so that move isn’t to push people to 8.
It looks like my concerns about 1Password are coming true. All the growth bringing more negative than positive.
Jack_P_1P Unfortunately I need to insist: this is really a major, critical feature to me. Can you please route this one up the chain and make sure somebody in management sees the complaint?
Having it working this way forces me to switch to a weaker master password as I can't keep typing my complex master password all the time on a cramped iPhone keyboard. So your security reasoning regarding WebAuthn actually brings the opposite result.
I would be happy with having a hidden setting like "Developer mode" or "Advanced mode, I promise I know what I'm doing and I assume all responsibility", where we can re-enable it at our own risk. It worked throughout all the betas, up to 1Password 8.9.3. I cannot wait for an unspecified amount of time until this feature is maybe brought back. We migrated our whole company to 1Password, but we will need to consider migrating elsewhere as that's really critical.
LOL This is like when they removed access to 1Password from the share sheet. Everything was working fine. Then they update the app, and remove the feature without any prior mention of it.
Now this is the same. iOS 16 has been in beta for months, and everything was working just fine. Then, oh, WebAuthn has changed. Bol. locks. This is just a boat load of rub. bish. Suddenly after all these months, WebAuthn has changed last minute? As if as a developer, and a big one at that, 1P did not know about changes in implementation or whatever changes Apple might want to make!
Give me a break!
And look at the version number 7.9.9! What? Are you suddenly going to use a fourth digit, when you never ever did before, and make a 7.9.9.1?! Please…
You guys must really think that users are just not very intelligent.
I am going to say it :
You are voluntarily crippling the app to make people upgrade to 1P8.
Spin the PR speech like you want, but this is what it is.
LOL This is like when they removed access to 1Password from the share sheet. Everything was working fine. Then they update the app, and remove the feature without any prior mention of it.
Now this is the same. iOS 16 has been in beta for months, and everything was working just fine. Then, oh, WebAuthn has changed. Bollocks. This is just a boat load of rubbish. Suddenly after all these months, WebAuthn has changed last minute? As if as a developer, and a big fat one at that, 1P did not know about changes in implementation or whatever changes Apple might want to make!
Give me a break!
And look at the version number 7.9.9! What? Are you suddenly going to use a fourth digit, when you never ever did before, and make a 7.9.9.1?! Please…
You guys must really think that users are just not very intelligent.
I am going to say it :
You are voluntarily crippling the app to make people upgrade to 1P8.
Spin the PR speech like you want, but this is what it is.
