Windows Hello keeps defaulting to fingerprint. Can I make it default to face recognition?

I've recently installed 1Password on my Windows laptop and enabled unlocking with Windows Hello.

This seems to work, except that I have both a compatible camera for face recognition and a fingerprint reader and when I unlock 1Password, it always seems to default to the fingerprint reader. I usually need to clock on "More choices", then scroll down (because the dialog is too short) and select "Face", then it detects my face and I click on OK.

Is there any way to make "Face" always the default?

Also, will it ever be possible to unlock for the first time (after a reboot or logout) using Windows Hello rather than having to type in the master password? I want to get my parents on a password manager, but to get them to use it while having a secure master password will require them not having to almost ever type it in. It's a dealbreaker.

Thanks


1Password Version: 7.6.776
Extension Version: 1.20.4
OS Version: Windows 10 Version 1909
Sync Type: Not Provided
Referrer: forum-search:windows hello face

Comments

  • bundtkatebundtkate

    Team Member

    That dialogue is handled by Windows itself, @DrRZ, so we don't have any control over its default. In theory, it should be the same default Windows uses to unlock your PC, though. What we do here is we ask Windows to authenticate you with Hello. At that point, the process is handed off to your operating system and Windows does its thing.
    Assuming you authenticate successfully, it will let us know all is well and 1Password will unlock. One thing I've wondered about, but sadly haven't been able to check since I don't have any device with more than one Hello-supported option, is whether there might be some Windows setting that allows you to default to one thing for your device and something else for apps/services. If you're seeing that Hello has a different default when brought up from 1Password, that might be something worth digging into. I know Windows allows setting one theme for Windows and a different theme for apps, so it stands to reason they may allow the same for your Hello default. I just don't know for sure as my hardware environment means I don't see any options for default since the only one available is the obvious choice.

    As for always using Hello, maybe. It's something we'd like to do, but security comes first. Hello works because we store a key to unlock your data locally on your machine. If we're going to allow Hello to work after a reboot, we need to store that key persistently and that comes with a lot more security concerns than only storing it while 1Password is running. We're certainly open to the idea, but want to make sure we're doing it right and in a manner that meets our security standards, which takes time and research. I won't make any promises, but it's certainly on the wishlist so it's not at all off the table.

  • Thanks for the info! On my surface pro 5 for logging in it always activates the camera (well, usually, it can be a bit flaky sometimes) and if that fails will then prompt for a PIN. However, if there's a fingerprint reader, you can use it at any time and it will get recognized even though it's not prompted for.

    With the dialog it puts up for 1Password it sometimes goes to the camera directly, but sometimes not. I do notice the camera LED briefly turns on. Maybe it's the flakiness of the camera drivers that causes it to switch to fingerprint if it can't activate the camera immediately... I'll see if I can get more info from Microsoft support.

    In the API to activate Hello, is there a way to specify the size of the dialog box? If you can make the box taller that would at least avoid having to scroll.

    Count my vote for bringing persistent Hello over different sessions. For me personally, I don't mind so much, but I'm trying to get my parents on a password manager to improve their abysmal security but I know it's not going to work if they have a secure master password (which will be difficult to type, let alone remember) that they need to enter frequently. I've been using Lastpass for years and generally have been okay with it but I think it's too complicated and finicky to teach, frankly. I'm actually liking the 1Password experience quite a bit so far, but I really need to be as friction free to use as possible.

    Does 1Password currently support any hardware token device like yubikey or fido devices, that could be used in lieu of actually typing the master password in? If so, that could be a workable solution for me.

    Thanks!

  • bundtkatebundtkate

    Team Member

    It's no trouble at all, @DrRZ! Unfortunate that the camera is being dodgy on that Surface. I have a Surface Pro myself and it doesn't give me any camera troubles, but I also didn't bother with the fingerprint reader on my type cover, so that's a variable I can't account for. As for sizing that box, I think that's decided by Windows based upon your screen size and resolution, but I'll ask and if I'm wrong, I'd be happy to pass along a feature request. We also don't support hardware keys for unlocking, but at one point YubiKey did have the ability to integrate with Hello. That, of course, won't help a ton now but it might if and when always-on Hello is possible if your folks don't have access to a fingerprint reader or compatible camera.

    I also wouldn't under-estimate your parents. Everyone's folks are different, of course, but mine have taken to 1Password surprisingly quickly. My dad has his stumbles, but he works through them and he's learning and my mom has been a huge help. Parents are troopers when we nagging children convince them something is important. :wink:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file