Disabling prompt for master password every 14 days?

You're not alone, @matze787. Delegated unlock (e.g. using the computer or phone's lock mechanism to protect an unlocked vault) has its risks, but these risks can be mitigated, and the benefits are substantial.

For example, if you use Windows Hello with Windows login, then here's the Windows unlock flow:
1. PC boots
2. Windows activates the IR camera and starts looking for you
3. Windows automatically unlocks once it sees you. Nice!

That's what I call a good user experience.

On the contrary, even if you use Windows Hello & the TPM with 1Password, then here's the 1Password unlock flow:
1. Steps 1-3 above (because you need to get into Windows to start)
2. Launch 1P
3. 1P calls the Hello API
4. The Hello prompt appears and asks for your biometrics, at which point it might randomly decide to use a different biometric, like a registered fingerprint instead of the expected face unlock
5. Once it's prompting for the correct biometric, THEN you can complete the Hello prompt
6. Once it's confirmed the expected biometrics, then you have to click 'OK' to confirm
7. THEN 1Password finally unlocks.

And that's presuming that 1P successfully completed the TPM read and didn't randomly decide that "Windows Hello was reset".

This is all security theatre, anyway--if you set the vault to not auto-lock, then you can sleep or hibernate the PC and when it wakes, 1P will still be unlocked. That's good, and no complaints there--but it just goes to show that the unlock-on-start requirement that 1Password imposes amounts to a penalty for shutting down my PC when I'm not using it. That's just absurd.

Does the 1Password team believe that Windows Hello is secure or not?
* If it's secure, then if I'm using it to unlock my PC, let the Windows unlock be the only unlock required.
* If it's not secure, then why go through all the effort of supporting it and supporting TPM modules?

To be frank, the conscious choice to require unlock upon every launch is nonsense security theatre and very user-hostile. Power users should have the option to delegate the unlock to avoid this bizarre rigmarole. There is NO BENEFIT to requiring a duplicate Windows Hello unlock!

Now, if you want to offer enterprise customers the ability to set certain policies on how enterprise-owned vaults can be unlocked, that's a different story, but not relevant to consumer users who should have the control over their own vaults.

It's so incredibly frustrating to try to have serious conversations about these types of things, and you get flip brush-offs like the following:

stay safe out there with whatever password manager you do decide to go with!
This isn't a helpful response, but it is patronizing.

Unfortunately, this isn't the only place where 1P imposes deaths by prompt. Along the same lines, there are certain browser prompts that you simply cannot bypass, like the one to autofill addresses. ADDRESSES! Things like ZIP codes! Why do I need to 'confirm' an autofill on a ZIP code? A ZIP code is 5 numbers! 1Password, please. Please!