‘Never’ option removed from Require Master Password?

Hi Folks!

This is all helpful, and thanks for the great dialogue. Allow me to register my dissent and advocate for returning this setting.

First, thanks Jack_P_1P for your thoughtful and candid response on 1Password's thinking here. Your explanation was illuminating and very helpful in understanding how the revised functionality works.

What concerns me is that 1Password prides itself (I think rightfully) on its security, but this change makes users less secure. It's well researched and common knowledge at this point that the more times a user has to input a password, the less secure it is. Forcing users to enter/retype their master password on completely arbitrary time intervals so that they 'don't forget their password' is seemly antithetical to the mission of keeping users secure.

Understanding that there's often a balance for software makers to decide between security and supporting users, some 'compromises' (to use our good friend 1P_Ben 's terminology) may be made. But even if we accept that premise (which in this instance, it doesn't seem to apply because there are 7 other options), the decision to remove 'never' seems particularly unsound:

1. "Never" was never (haha) the default set for any user. In order for a user to actually set it as such, they must have affirmatively sought out a hidden advanced setting and affirmatively changed it.
2. As far as one can tell, there was no clamoring by users for this setting to be removed. In fact, it's quite the opposite. A cursory search of these forums alone yielded not one instance of requesting 'never' be removed as an option. On the other hand, there are countless threads and posts about 1Password incessantly asking to users to enter their master passwords. (Heck there are three threads on just the first page of the iOS subsection saying as much). Taking an action that is so inconsistent with user sentiment, particularly when it is unnecessary and no demand for it is a bit odd.
3. Finally, keeping the setting enabled on some devices (those where it already exists) suggests the change isn't all that critical and certainly not about keeping users more secure, otherwise you all would have disabled it immediately and informed users the option had been removed.

Making a change to seemingly protect users from themselves is admirable and, one assumes, very helpful to you fine folks who deliver great support to users. I want to acknowledge the great work that you all in support do. It's tough, so I certainly want to name the balance that 1Password is trying to strike here. And as admirable as the motivations for the change are, doing so at the expense of security of others, especially when the change ensures other users like myself cannot be as secure as possible is less than ideal.

Because we know passwords, even very good ones, are less secure than biometrics, particularly Apple's implementation of Face/Touch ID, having 'never' as the option was the most secure way to keep users' vaults out of the wrong hands. I hope 1Password reconsiders and brings back the option to 'never' type in the master password after first time when biometrics are enabled.

Thanks again for the great work you all do in supporting users.