Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
‘Never’ option removed from Require Master Password?
Has the option to select ‘never’ for requiring a master password (if Face ID is active) been removed on iOS for iPhones? Three weeks ago it was there, and now the option is missing. Oddly and fortunately, the option is still present on my iPad (see screenshots).
Is this a bug or has the feature been removed on iPhones? If it’s been removed, please bring that back. The ability to unlock with Face ID even after a restart is critical and arguably even more secure than typing in a master password over and over again.
1Password Version: 7.9.5
Extension Version: Not Provided
OS Version: iOS 15.3.1
19 Replies
Hey guys/gals: MY iPhone (11) is at iOS 15.3.1. MY VER of 1PW IS at 7.9.5!!
It STILL HAS the "Never" option in the panel "Require Master Password" (Which I just today set to 'Never').......
Why/how did this Thread get going? Are'nt ALL iPhone11 with 1PW 7.9.5 the same??? And especially if o iOS 15.3.1,,,, Is there a later iOS update that I have overlooked?
This is REALLY weird !!
Comments?Hi Folks!
This is all helpful, and thanks for the great dialogue. Allow me to register my dissent and advocate for returning this setting.
First, thanks Jack_P_1P for your thoughtful and candid response on 1Password's thinking here. Your explanation was illuminating and very helpful in understanding how the revised functionality works.
What concerns me is that 1Password prides itself (I think rightfully) on its security, but this change makes users less secure. It's well researched and common knowledge at this point that the more times a user has to input a password, the less secure it is. Forcing users to enter/retype their master password on completely arbitrary time intervals so that they 'don't forget their password' is seemly antithetical to the mission of keeping users secure.
Understanding that there's often a balance for software makers to decide between security and supporting users, some 'compromises' (to use our good friend 1P_Ben 's terminology) may be made. But even if we accept that premise (which in this instance, it doesn't seem to apply because there are 7 other options), the decision to remove 'never' seems particularly unsound:
- "Never" was never (haha) the default set for any user. In order for a user to actually set it as such, they must have affirmatively sought out a hidden advanced setting and affirmatively changed it.
- As far as one can tell, there was no clamoring by users for this setting to be removed. In fact, it's quite the opposite. A cursory search of these forums alone yielded not one instance of requesting 'never' be removed as an option. On the other hand, there are countless threads and posts about 1Password incessantly asking to users to enter their master passwords. (Heck there are three threads on just the first page of the iOS subsection saying as much). Taking an action that is so inconsistent with user sentiment, particularly when it is unnecessary and no demand for it is a bit odd.
- Finally, keeping the setting enabled on some devices (those where it already exists) suggests the change isn't all that critical and certainly not about keeping users more secure, otherwise you all would have disabled it immediately and informed users the option had been removed.
Making a change to seemingly protect users from themselves is admirable and, one assumes, very helpful to you fine folks who deliver great support to users. I want to acknowledge the great work that you all in support do. It's tough, so I certainly want to name the balance that 1Password is trying to strike here. And as admirable as the motivations for the change are, doing so at the expense of security of others, especially when the change ensures other users like myself cannot be as secure as possible is less than ideal.
Because we know passwords, even very good ones, are less secure than biometrics, particularly Apple's implementation of Face/Touch ID, having 'never' as the option was the most secure way to keep users' vaults out of the wrong hands. I hope 1Password reconsiders and brings back the option to 'never' type in the master password after first time when biometrics are enabled.
Thanks again for the great work you all do in supporting users.
Hey Jack_P_1P !
Thanks for explaining.
My problem is, that my wife also uses my vault on her device because she only needs 2 or 3 passwords. So she rarely opens 1Password. And if she requires these passwords now, she has to type in the master password that she always forgets... Hopefully it will work in the future. Let's see...
Maybe it could be possible to add a longer time like 90 or 180 days? ;)
Jack_P_1P1Password Team
Hey DenalB / @keinanesq:
There's two improvements / changes that we've made here that are related to one another:
- Biometry is now available after a reboot immediately, without needing your password (assuming the "Require Master Password" timer has not been reached), no matter what option has been selected. In this case, your setting of "After device restart" from your iPhone screenshot would disallow biometry on boot.
- The short version is we wanted to help people from locking themselves out of the 1Password app. With the lockout timer set to "Never", it's completely possible to use biometry for months or even longer, then run into a situation where biometry is no longer available for one reason or another (iOS update, upgrade to a new phone, similar), and because they haven't typed the password in months and don't remember it, can no longer unlock it with their password. The "Never" option is no longer available as an option for "Require Master Password". If it's currently configured as the option in 1Password for iOS, it will remain selected and function as it did before, but on any new installs of 1Password, or after changing the setting from "Never", "Never" will no longer be available as a selectable option.
Let me know if that explains it! :smile:
Jack
@keinanesq , DenalB I am running 1Password iOS version 7.9.5 and I still have the "Never" option.
Hey @keinanesq !
I also stumbled about this missing setting. I thought I was wrong, but good to know that the setting was there before the update. I can remember that after restarting my device I had to type in my master password, or I could use Face ID.
I think this was introduced in 7.9.4 as you can read in the changelog:
https://app-updates.agilebits.com/product_history/OPI4#v709040021Password no longer requires you to type your master password every reboot in order to re-enable Touch ID or Face ID unlock. {#5533}
Now, it is not possible to switch to Face ID after restarting the device. I have to type in my master password every time I restart my device.Maybe this is a bug? Please bring back the Never-setting to the iOS version.
