Protect what matters โ even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Use the TPM with windows hello greyed out? [1Password 8.6.1 is out with improved TPM support}
So i checked the update notes today (to clear that awful red badge that you guys totally need to make auto clear after a certain amount of time or something) and saw that awesome feature added. Decided to go digging for and enable it. Well i found it, problem is the option is greyed out. checked if TPM was present/enabled
what do I have to do to get that setting on? :P
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
46 Replies
ag_mike_d1Password Team
Thanks for including those details @"S.Malacarne"!
@thesun, we appreciate the feedback and update. We're happy to hear resetting Windows Hello and re-enrolling fixed things up for you.
Please let us know if you have any other questions and have a great day!
Thanks Jack_P_1P! I was able to verify using the link provided by @"S.Malacarne" that my Windows Hello key wasn't stored in the TPM. Resetting Windows Hello and re-enrolling fixed it, the 1PW nightly now gives me the option to use the TPM. Might be useful for users if 1PW can check for this condition. I'm pretty surprised that my Windows Hello key wasn't stored in the TPM as this is a recent laptop that to the best that I can remember shipped with the fTPM enabled.
i fix this with this command in a PS shell:
certutil -DeleteHelloContainer
logoff
after that i reboot and i have to reactivate windows hello again (pin + fingerprint)found this solution here (where you can find the instruction to check if your TPM is used or not):
https://helgeklein.com/blog/checking-windows-hello-for-business-whfb-key-storage-tpm-hardware-or-software/That's great info @"S.Malacarne" I'm installing a hardware TMP 2.0 chip hopefully this weekend and that's very handy to reset my Windows Hello.
Much appreciated.
he reason is that if you've enabled Windows Hello feature long before you enabled TPM in the BIOS or added a TPM chip to your system, Windows does not migrate the Hello key from the software to hardware side. To fix this, try to re-enroll your Windows Hello data by removing the current setup and re-enrolling it; that should be enough to create the new Windows Hello key in the hardware TPM. Which is when 1Password will enable its TPM settings for you.
Jack
i fix this with this command in a PS shell:
certutil -DeleteHelloContainer
logoff
after that i reboot and i have to reactivate windows hello again (pin + fingerprint)
found this solution here (where you can find the instruction to check if your TPM is used or not):
https://helgeklein.com/blog/checking-windows-hello-for-business-whfb-key-storage-tpm-hardware-or-software/thats likely what happened to me then perhaps. the reinstall from 10 to 11 inadvertently "migrated" it over as it effectively re-enrolled. either way, im good now and its a glorious feature but wider support and making it more robust are always a win.
Jack_P_1PHey @thesun / RealAct / klepp0906 / tmakaro / @orien:
The next beta update (available now in a nightly update [8.7.0-18]) will enable support for more TPM situations!
Note that if you're still seeing the option grayed out after this update, there may be a reason for this. Your current Windows Hello key may still be backed by software, not the TPM, even if you have the TPM enabled.
The reason is that if you've enabled Windows Hello feature long before you enabled TPM in the BIOS or added a TPM chip to your system, Windows does not migrate the Hello key from the software to hardware side. To fix this, try to re-enroll your Windows Hello data by removing the current setup and re-enrolling it; that should be enough to create the new Windows Hello key in the hardware TPM. Which is when 1Password will enable its TPM settings for you.
Jack
Thatโs a negative. Intel. Asus board.
