I've been talking to someone who uses 1Password on Android, and unlocks it using the fingerprint reader. This person's GMail and PayPal accounts have been used to try to make purchases (but he managed to cancel those). It seems that the culprit used this person's phone to make all that possible, and I believe the fingerprint reader might be the weakness here.
But the fingerprint reader is also very interesting to use. If I were to fill my master password each time I switch between 1Password and another app, it would be very tiresome.
Thus, it would be great to know what happened, for example on a monthly basis:
In case an access wasn't legitimate, it would be possible to retrieve the picture. Otherwise all pictures would be deleted after a period. And the user should not be able to delete those access logs and pictures without filling the master password.
If a user finds out his or her vault has been compromised, that would help investigate what happened.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided