I submitted this feedback via the Play Store, but maybe that goes to /dev/null: I'm begging you, please don't really ship 1P8 with that I appreciate that there are people who enjoy that, but I am exclusively in possession of my phone, and the fingerprint auth matches my threat model and convenience level. Having an option for how often to require the full password allows those who value such oppressive security settings to opt into it, and allows the rest of us to not be filled with rage when using 1P Being forced to type my master password at times of the app's choosing is super inconvenient 1Password Version: 8.8.0 Extension Version: Not Provided OS Version: Android 12 Browser:_ Not Provided

Please drop the 'Your password is required every 2 weeks' requirement or make it an option. As I'm already using the biometric, this is a security overkill annoyance and meanwhile, the rest of the world is moving to passwordless authentication. 1Password Version: 8.8.0-210.BETA Extension Version: Not Provided OS Version: Android 12 Browser:_ Not Provided

@mdaniel, markbyrn thanks for sharing your thoughts with us. The intent with the two week period is to help ensure users do not lock themselves out of 1Password. With Biometric unlock set to never in 1Password 7 for Android, it's quite possible to go for extended periods without using your account password. While there is a convenience factor, the other side of this means that if a phone is damaged or replaced a user might find themselves forgetting their password and locked out of their data. I can definitely understand that for some, convenience might outweigh the scenario I described above. While I can't make any promises about the development of 1Password, I would be happy to share your feedback with the team. I know there is ongoing conversation on these topics and additional input is always appreciated! markbyrn, you might be interested to read about some of our steps towards passwordless options and our work with the FIDO Alliance in this blog post: * We’ve joined the FIDO Alliance to build a better future for authentication ref: IDEA-I-1144

Thank you for responding, and I would definitely appreciate the feedback going to the team For consideration, I would guess the number of folks who buy 1Password and then exclusively use the Android app to be a vanishingly small percentage. Thankfully, I'm sure you have the metrics to prove or disprove my hypothesis. If we just assume for a second that hypothesis is true, the users will for sure have to enter their password on other platforms (Linux, macOS, Windows, and any users who use the "appless" browser extensions). Let those vehicles serve as memory jogs, without punishing your very loyal Android users by forcing this security option upon them The app already has configurable expiry timeouts, so making this configurable would harmonize the experience

As mcdaniel suggested, many of us including myself use a multitude of devices and don't want the aggravation of entering the master password on multiple devices every two weeks. The feature needs to be re-thought and definitely made optional. And yes, I read the blog on future passwordless authentication. That's superb for the future and I'm already passwordless with Microsoft. But this feature needs to be made optional.

Glad I'm not alone on this. There should at the very least be a setting to disable this 2-week timeout. I'll more likely forget my own birthday then forget my master password :)

Please don't really require typing the password every 2 weeks

14 Replies

markbyrn
Occasional Contributor
4 years ago
As mcdaniel suggested, many of us including myself use a multitude of devices and don't want the aggravation of entering the master password on multiple devices every two weeks. The feature needs to be re-thought and definitely made optional. And yes, I read the blog on future passwordless authentication. That's superb for the future and I'm already passwordless with Microsoft. But this feature needs to be made optional.
Former Member
4 years ago
Thank you for responding, and I would definitely appreciate the feedback going to the team

For consideration, I would guess the number of folks who buy 1Password and then exclusively use the Android app to be a vanishingly small percentage. Thankfully, I'm sure you have the metrics to prove or disprove my hypothesis.

If we just assume for a second that hypothesis is true, the users will for sure have to enter their password on other platforms (Linux, macOS, Windows, and any users who use the "appless" browser extensions). Let those vehicles serve as memory jogs, without punishing your very loyal Android users by forcing this security option upon them

The app already has configurable expiry timeouts, so making this configurable would harmonize the experience
1P_Timothy
Community Manager
4 years ago
@mdaniel, markbyrn thanks for sharing your thoughts with us.

The intent with the two week period is to help ensure users do not lock themselves out of 1Password. With Biometric unlock set to never in 1Password 7 for Android, it's quite possible to go for extended periods without using your account password. While there is a convenience factor, the other side of this means that if a phone is damaged or replaced a user might find themselves forgetting their password and locked out of their data.

I can definitely understand that for some, convenience might outweigh the scenario I described above. While I can't make any promises about the development of 1Password, I would be happy to share your feedback with the team. I know there is ongoing conversation on these topics and additional input is always appreciated!

markbyrn, you might be interested to read about some of our steps towards passwordless options and our work with the FIDO Alliance in this blog post:
* We’ve joined the FIDO Alliance to build a better future for authentication

ref: IDEA-I-1144
markbyrn
Occasional Contributor
4 years ago
Please drop the 'Your password is required every 2 weeks' requirement or make it an option. As I'm already using the biometric, this is a security overkill annoyance and meanwhile, the rest of the world is moving to passwordless authentication.

1Password Version: 8.8.0-210.BETA
Extension Version: Not Provided
OS Version: Android 12
Browser:_ Not Provided

Forum Discussion

Please don't really require typing the password every 2 weeks

14 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

How to Reveal Entire Credit Card Number

enable auto-fill for localhost (local IP network device) websites

I didn't reset nightly version

MacOS 26.1 w/ 8 1P Sync Error

Revisiting minor details of Passkeys