With Windows 11 there will be even more Windows machines with TPM on by default. Thanks to the TPM other password managers allow you to use Windows Hello even after restarting the app or the machine itself. Would this be possible for 1Password as well? It would be very similar to how the mobile apps work, there I also don't need my masterpassword after a restart and can use Face ID right away. Thanks to the TPM it should be as safe as with the mobile platforms where you allow this feature. 1Password Version: 8.1.2-22.NIGHTLY Extension Version: 2.0.5 OS Version: Windows 10 Sync Type: Not Provided

Hey there the_john19! That's a great question! Currently we aren't able to support Hello after reboot because there's no secure manner to store encryption keys on the device and store them securely through a reboot of the device. While I can't speak to future plans for 1Password, having a way to securely store these keys on the system persistently through a reboot is a requirement for providing this feature, and our Development team is always on the lookout for secure means to make this happen. We're all excited to see what we can build with 1Password and Windows 11. :smile: ref: /dev/core/core/8769

Dayton_ag Thanks for your reply, but that’s exactly what the TPM is for. It’s basically what the security chip on an iPhone or Android does, it provides a secure way to store the encryption keys on the device. Other password managers just check if a devices got one and if so, provides this feature. There are also plenty of well documented APIs by Microsoft to implement this in a very secure manner :) With Windows 11 basically all devices need a TPM chip (if they don’t change their mind), so with Win 11 this feature will be used by much more people with different password managers and so it would probably become a feature they expect 1Password to provide as well.

Thanks for your reply, but that’s exactly what the TPM is for. It’s basically what the security chip on an iPhone or Android does, it provides a secure way to store the encryption keys on the device. Understood! We are quite interested in TPM, and especially in what the combination of Windows 11 and TPM could bring. As Dayton_ag mentioned, we're not in a position to speak to what will be included in future versions of 1Password, but I can say that all of us want to provide something that's convenient, useful to lots of people, and really, really secure. TPM is certainly on our radar, for the reasons you've mentioned. But, "always in motion is the future," to quote a famous philosopher. 😀

Windows Hello basically provides this functionality, but it's important to note that you probably don't want to store raw keys in the TPM without either using a PIN, or using Windows Hello's biometric unlock of the NGC Container that underpins it.

Thanks for your feedback! :smile:

TPM For Windows Hello After Restart

39 Replies

Former Member
3 years ago
MikeT - As an AMD user I can confirm that upgrading from 8.6 to the newest Nightly update solved the issue with Windows Hello appearing after entering my password manually. I can now log in with Windows Hello as intended. Nice!
Former Member
3 years ago
As I wrote in the other thread, for me 1Password started to recognize the TPM after I re-enrolled my Windows Hello data.

So the feature development of TPMs in the last years was not that significant as I thought earlier.
MikeT
1Password Team
3 years ago
Hi folks,

The next beta update (available now in a nightly update (8.7.0-18)) will now enable support for AMD CPUs as well as virtual TPM.

Note that if you're still seeing the option being greyed out after this update, there may be a reason for this. Your current Windows Hello key may still be backed by software, not TPM even if you have TPM enabled.

The reason is that if you've enabled Windows Hello feature long before you enabled TPM in the BIOS or added a TPM chip to your system, Windows does not migrate the Hello key from the software to hardware side. To fix this, try to re-enroll your Windows Hello data by removing the current setup and re-enrolling it; that should be enough to create the new Windows Hello key in the hardware TPM. Which is when 1Password will enable its TPM settings for you.
ag_mike_d
1Password Team
3 years ago
Thanks gussic!

ref: ALL-72966-442
gussic
Super Contributor
3 years ago
1P_PeterG

Thanks for responding Peter, i've reached out with the information quested and replied with the terminal information that was asked of me. My ticket number is 72966-442 (just in case you want to track it).
1P_PeterG
Community Manager
4 years ago
Hi folks! Sorry for the delay in response here.

We've been working on a couple different things related to this, and we could indeed use specifics of your setups if you're willing to share. This can help us round out our knowledge of where the TPM support is working, where it isn't, and why.

Here's what you can do to get us the relevant information:

Send us a brief email at support+windows@1Password.com, with a link to this discussion and your username (so that we can match up the relevant info)

Include the name of your CPU, and any TPM details you know about your system offhand

Once you've gotten in touch with us over there, we'll reply and likely ask you to run a few specific diagnostic commands on your device and share the output of those commands with us. That will give us the specific technical context we need to understand why TPM integration might be working with CPU X, but not CPU Y, and what we can do about it.

As always, your involvement here is very much appreciated. And while the Enhanced Hello is already off to a ground-breaking start, we're looking forward to improving it with your help too. I'll hope to see you over there! 👋

Former Member gussic @FelixSe jpalo

Lastly, I'm sorry to say that we're aware of existing incompatibilities with AMD's fTPM, @i5918591, but as Mike noted we're working with Microsoft on this to see what can be done about it.
Former Member
4 years ago
It seems TPM is just a label and a generic term for a large variety of hardware security modules of different manufacturing dates with different specifications, most being obsolete and not considered secure enough for anything else than storing Bitlocker drive encryption keys.
I assume this is one cause for Microsoft requiring only the most recent CPUs for Windows 11, thus the most recent TPMs only. This enables a unified security function set over all Windows 11 machines, like securely storing more than just Bitlocker keys.

Given the fact that TPMs are being deployed for more than 10 years, this is quite disappointing. The main issue causing this is probably that it is resisted by the people. TPMs are seen as privacy and control being taken away from the computer owner by the media industry (DRM) instead of the TPM being a safe vault for items they want to be stored securely and not being taken away by some attacker.

My personal view of a TPM in the past was also that it is only a control device for the industry and against my free computer use - this proved wrong and changed only a few years ago after I looked deeper what functionality is actually provided by a TPM.
Former Member
4 years ago
I have enabled fTPM on my AMD Ryzen 7 3700x ,but I can't check TPM with hello feature...

version 8.6.0
gussic
Super Contributor
4 years ago
Still getting this issue, lack of engagement/comment from 1P staff/devs is a little disappointing :|
Former Member
4 years ago
Same here, Windows Hello always pops up after I had to type my password

Forum Discussion

TPM For Windows Hello After Restart

39 Replies

Featured discussions

December 2025 at 1Password: More browser options, easier sign-in, and safer saving and filling

Recent discussions

What justifies the huge subscription price increase?

1Password Browser Extension doesn't fill when clicking on the drop down choices

Print (or print-to file) list of Items in a vault?

1Password for Windows - TPM Unlock Broken

Deselect "trust this computer" and "keep me signed in"