It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Want to rely on Hello, avoid master password entry after reboot
While I appreciate others may have different security models (shared machines, etc.), in my situation Windows Hello (+tpm +bitlocker +secure boot) is the vetted gateway to everything. Via Windows Hello I have access to information more sensitive than even my 1Password vault, and I am satisfied with that.
Also, for unrelated reasons, I reboot my machine frequently.
If you combine these factors, you can see where I am going. I don't like the requirement to re-enter 1Password master password on every boot. It appears that this is by design. In the Settings view even when "Unlock using Windows Hello" is selected it says I will need to enter my 1Password password on every boot.
As a feature request, I vote for an option to defer to OS+HW security here in terms of unlocking my vault/app. Alternatively, if there is some sound cryptographic reason it needs to be separate (even in my use case) I am open to being convinced.
6 Replies
- 1P_Dave
Moderator
Hello StableInfusion​! 👋
Welcome to the community! As you mentioned, if you enable the TPM for 1Password then you'll no longer need to enter your account password after you restart your device: Manage your settings
What I meant is using Hello to sign in to Windows the first time. In other words, the experience I really want is that if I have signed in to Windows (especially using strong auth like properly set up Hello), my 1Password app and extensions are automatically unlocked.
We've recently introduced a new feature in the beta version of 1Password that I think will fit your needs: Unlock 1Password when you unlock your device (beta)
Let us know what you think if you do try the beta. Once testing is complete, we hope to release unlock with device to the production version of 1Password as well.
-Dave
Thanks Dave. Thanks to your post, I have been trying the Beta versions with the new "Unlock with Device" option selected. In my experience this only works the way I would expect about 20% of the time. The other 80% of the time I am still prompted for my master password in the app, after Windows logon. For reference, here are my current settings on one of the machines:
- 1P_Dave
Thank you for the reply. The next time that the 1Password desktop app prompts you for your password, and it hasn't been 14 days since the last time that you provided your password, I'd like to ask you to create and share a 1Password diagnostics report from your Windows PC:
Send a diagnostics report (Windows)
Attach the diagnostics to an email message addressed to support@1password.com
With your email please include:- A link to this thread: https://www.1password.community/discussions/1password/want-to-rely-on-hello-avoid-master-password-entry-after-reboot/161003
- Your forum username: StableInfusion
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!-Dave
UPDATE: I see that if I choose the TPM option I no longer must enter the password on reboot, but I do have to remember to open the app and go through a separate Hello flow. While I appreciate the attempt at platform integration, this isn't really what I meant by Hello. What I meant is using Hello to sign in to Windows the first time. In other words, the experience I really want is that if I have signed in to Windows (especially using strong auth like properly set up Hello), my 1Password app and extensions are automatically unlocked.
