Why do I now need to enter my password every 2 weeks? My phone is as secure as it's going to get (and requires biometric for all use). Meanwhile typing the password once every 2 weeks is a royal pain in the backside (it's a complicated password). I've been using 1Password for nearly a decade now, and every time there's a new version of 1Password it takes 2 good steps forward and 1 big step backward (on something, for Android this seems to be the current thing, for Windows its lack of AutoType). 😔

Hi wraith: Generally speaking your password should be relatively easy to type. We saw many cases of people forgetting their account password, and adding the 2 week reminder per device has helped reduce the frequency of people forgetting their password and reaching out to us. We're still evaluating options here, and what my colleague has been advocating for (and what I'd like to see as well) is a synchronized two week timer across all of your devices, where an unlock with your account password on any device would reset it on all of your devices. Jack

It is easy to type, on a PC. I type it roughly 25 times per day as I use different business systems. But typing it on a phone is very difficult with uppercase and symbols off in different "parts" of the keyboard. A timer is fine, but make it optional so I can have no timer.

Also, FWIW I wouldn't want a synchronised timer. My devices have different use cases and risk profiles. I don't want them all treated the same.

Thanks for your additional input wraith. We're continuing to evaluate what will work best here, so thanks for sharing! Jack

Yes, if I have to be forced to type it, make me type it on my computer. I can type 120wpm on my PC, and my master password reflects that. I can type 20wpm on my phone at best. With 1P7, this wasn't an issue, but this is SUPER annoying on 1P8 for android. Also, if this is such a concern, why didn't you include a 2 week timeout on 1P8 for Windows? I have to use my password on Windows if my TPM invalids it's state, but that happens very rarely now (which is fantastic! now that it works properly) Anything more than once per month on my computer and never on my phone is too much IMHO. Maybe you can take an approach similar to what Signal does with the pincode. Once per week for the first few weeks. Then once every 2 weeks, then once every month, and then once every 6 weeks forever after. Do this based on the age of the account/master password. Edit: Apparently, the 2 week timeout does exist on Windows. I feel like I notice the prompt less often than that, and it was only when the TPM state was invalidated (I guess that's issue has been fixed completely). Either way, please remove the timeout on my phone!

Biometric time out | 1Password Community

22 Replies

1P_Timothy
Community Manager
4 years ago
Thanks again for everyone's feedback here! After some lengthy discussions internally, our first step in re-examining the lock options when Biometric lock is in use has been to add a 14 day, 30 day and never option for rechecking the account password. This has been included in version 8.9.3 which was released yesterday afternoon and should be available for everyone shortly as the update rolls out. The discussion is continuing internally and there may be some further changes coming in the future. For now, this is all we have to share. As always, your input has been greatly appreciated!

My colleague Ben shared some notes in a thread on the iOS side that I thought were particularly helpful, especially for those newer to 1Password. I really couldn't say it better myself, so quoting:

I'd likely to take the opportunity to highlight:

It is critically important that you memorize your account password and be able to type it. If not, the chances you eventually lose access to your data stored in 1Password skyrocket. Our support team will not be able to assist if this happens. Unlike authentication-based services, because 1Password is end-to-end encrypted; there is no "forgot password" function. If you lose your keys (Secret Key and/or account password) — that's it. Game over. I stress this because most services aren't end-to-end encrypted and as such people are accustom to being able to forget their passwords, plug in their email address, and get a new password. It does not work that way with 1Password.

The Emergency Kit can help. We recommend printing this document, and writing your account password on it. Then store the completed document in a safe place. The Emergency Kit will not help if you haven't written your account password on it and kept it up to date. The Secret Key alone is not enough to access your account. Both are required to access your account.

Implement a recovery plan for your family (or team). Account recovery can be performed by a Family Organizer or business administrator. We would strongly encourage you to have multiple people with these roles if you are part of a family/business membership. If you are the only Family Organizer for your family, and you forget your account password, not only does that put you in a tight spot, it puts your whole family in a tight spot.
Anonymous
4 years ago
Thank you 1Password team!
tmakaro
Frequent Contributor
4 years ago
You can update the app on iOS and Android now: https://www.reddit.com/r/1Password/comments/x1zdhj/thank_you_1password/
Anonymous
4 years ago
Registered here to +1 this.

Please remove/mitigate this requirement.
Anonymous
4 years ago
I am completely sympathetic to the problem of too many support calls/emails from people who have lost their password. But I don't even get that - if you lose your password, aren't you completely out of luck?
wraith
Occasional Contributor
4 years ago
Is it possible to roll back to the prior release somehow? For a while I had both on my phone (while the release was in beta) but now it has replaced the old version and I only have the newer version. I find the new version quicker, but in every other respect I find it worse and particularly this biometric issue drives me nuts. On windows I'm sticking with v7 because I need Auto-Type for my job, can I also stick with the old android version?
Ronso
Frequent Contributor
4 years ago
I see it the same way as @jfalkingham . Me as adult man and customer of a paid product don't want a "you have to do it".
I see this feature as an optional service which can be enabled by default, but you have to give us a way to disable this feature.
Anonymous
4 years ago
Thanks for the update, however turning this on without giving me a way to turn it off will only make me leave your platform. Please leave it up to your customers.
1P_Timothy
Community Manager
4 years ago
Hello tmakaro, Recent_Convert, @bugs, @Snpbond, @LatteCoffee, @d0x360, @etheberge, @jfalkingham, @spamminator, thanks for joining the conversation and sharing your feedback.

As you may have read in other threads, there are some ongoing conversations internally about how to find the best balance for everyone, and we are currently looking at some shorter and longer term options. We will be sure to share updates here on the forum as soon as we can.

Thank you all for taking the time to let us know why this is important to you. If there's any other feedback you'd like to share or there's anything else we can help with, please let us know!
Anonymous
4 years ago
+1 to making the biometric timeout configurable