Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Forum Discussion
Security with "Use the Trusted Platform Module with Windows Hello"
When using "Use the Trusted Platform Module with Windows Hello", 1Password prompts with a security warning.
- How can another app gain access to 1Password with this setting?
- Is there a way ...
ag_mike_d
1Password Team
1Password TeamHello again kapsiR, thanks for getting back to us.
With regard to this warning when you enable TPM support, 1Password loses control over what can prompt you to access the key 1Password creates on the TPM. As noted in the article I provided, "1Password delegates the responsibility of authentication to Windows Hello."
Without the TPM option enabled, Windows Hello stays within our process so any phishing attempts by a malicious process wouldn’t work. However with Enhanced Windows Hello, a malicious process can potentially trick you into accepting a context-less prompt in order to decrypt your data. We've included the above prompt to have the user confirm that they know the risks and that you trust other apps on your system which generate their own Windows Hello prompts. The key itself is safe in the actual TPM, its just a concern when logged into Windows.
As far as I understand, we'll have some additional resources about this in the future, but it’s not ready just yet.
