Disable Password Reauthentication After 2 Weeks in 1Password 8

Jack_P_1P

what would be ideal here is some sort of global sync timer, where entering your account password on your desktop means you won't be prompted on your phone.
I sincerely think it would be a great bridge between security and usability. Please add my vote for this.

I've also just upgraded to v8 on iOS and was surprised to see the 2 week expiry added with no option to disable this to match the old v7 behaviour.

To echo what @steven1 said, I really don't appreciate being babied and told that I can't be trusted to remember my master password without being prompted for it every 2 weeks. I also think other posters make a very good point that for those users that might forget their master password, this will just lead to them weakening them ala iOS 4 digit numeric lock codes.

To give a real world example where this is intensely frustrating - I have a bunch of cards with individual PINs. When I withdraw cash at an ATM, I really don't want to be surprised by having to enter my (long/strong) master password while people wait behind me. Being locked out like this totally breaks the "just quickly open and get the password for something"-utility that I expect of a mobile password manager.

Solving this really seems as simple as adding an reauth-timeout option (including "never"). I don't really understand the objection to doing this?

Unfortunately this is a symptom of our times. Instead of encouraging all people (customers) to act responsibly, we dumb down the process for the few at the expense of the majority. The company says they are acting responsibly when they are in fact acting irresponsibly by encouraging people to use weak passwords because they do not want to have to type a lengthy/strong password every two weeks.

One of the nice use cases that was made possible with "Never require Authentication" was exactly the kind of secure estate planning that people have been asking for:
-Use a 'spare' iPhone with 1pw configured on your account with 'Never'.
-Create a device passcode that you share with your digital estate executor
-update all passwords and put the phone in a safe or give to attorney. They have physical posession but not digital possession.
Upon propoer authorization, the attorney can give your phone as per your wishes, who unlocks the phone, and then has access to all your passwords since it was set to 'Never'.

If you keep your 1pw secret key and master password in this vault, that is all they need to access your account, You only ned to sync if you change your master password. Or, if you have a family subscription, you use one of the members' vaults to store your 1pw details, no need to change their pw and sync regularly.

Oh well...been a vocal propoent of 1pw for many years, but the "we know best" attitude sure is wearing thin.

Just upgraded to v8 on iOS and noticed the lack of “never”, so I came here to voice my wish add that back. I have lived with this misfeature on macOS for a while, but didn’t expect it to also be part of the v8 update on iOS/iPadOS. This will do nothing but force weaker password and/or complicate my family members usage of 1Password. Please bring back “never”.

1P_Ben Jack_P_1P

I’ve been using 1Password for many years and most of the time I have no problem remembering my 1Password password but sometimes my mind just blanks on me. I’ve had it happen multiple times when I couldn’t for the life of me remember my 1Password password when asked for it. Luckily I can usually grab another device with Touch ID and access 1Password to check my 1Password password (unless Touch ID fails three times, in which case I have to dig out my emergency kit, which is really annoying but has only happened once so far). The thought that the other device might then also require me to enter my 1Password password, just because it does so every two weeks, kind of scares me. This also defeats the main reason for me to use 1Password, which is that I can always access my passwords somewhat easily.

Also this would probably mean I have to type in my password almost every time I use 1Password on my phone as I don’t use it that often, which is annoying. One of the other reasons for using 1Password is to not type passwords as typing a password is always super annoying, especially on a phone.

So please reconsider adding a “never” option. Not having this makes 1Password really hard to use for me.

Side request: Currently you have to enter your password when Touch ID / Face ID fails three times, could you please increase the amount of retries allowed (iOS has five attempts before requiring your passcode, I think eight would be a good amount for 1Password). This limit has been the main cause requiring me to enter my 1Password password in the past which can be a major inconvenience as described.

I'm not a native speaker, but I think the way to put this is "we're tarred with the same brush"?

Already reported this during the Early Access: extremely disappointed that you punish all users for an issue some might encounter.

1P_Ben Jack_P_1P

It seems there is some pushback to this design decision in 1Password 8, not just here but in a couple other posts and on Reddit as well.

I understand the reasoning falls in the realm of helping users remember their password to ensure they are not locked out, though realistically there is only so much you can do to prevent people from shooting them selves in the foot.

The crowd of people that don’t plan ahead with saving their master password and secret key will always be at risk of locking themselves out, I hope those of us that do have a plan and may even practice our Master passwords by ourselves do not have to be forced to do so by the software.

Furthermore, bringing back the “Never” authentication option may be the simplest path forward rather than something a lot fancier like a global counter.

Please convey these dissatisfactions internally though any ticketing procedures you may have.

This leads to a very poor mobile experience- or a very week master password- like the new home screen, the choice is yours!

The thing is, it was hard enough to get the octogenarians and nonagenarians in the family to use 1password WITHOUT the mandatory reauthentication. With it? Not possible. Please bring back the “Never” option. Otherwise my parents will go back to reusing the same old password every time and I will be very sad.