TouchID too finicky, would be nice to have another "shortcut" password available

Options
ionos
ionos
Community Member
in iOS

Hi,

I would like to suggest a the addition to additional ways to authenticate against 1Password, both on iOS and macOS.

Background:

  • TouchID only works sporadically for me, esp. in the Canadian winter when the dry air seems to be altering my fingerprints.
  • My passwords are fairly long (and thus secure, I hope), and a bit of a pain to enter, esp. on iOS (ca 35 characters)
  • I regularly mistype my password, esp. on iOS, if often takes me 3 attempts to get it right (the price of being secure)

Ideas:

  • Take location into account (when at home/work, less secure access mechanisms could be sufficient)
  • Allow a timed, pin-based access even with TouchID enabled (e.g. when TouchID fails, I can authenticate using a n-digit PIN for x minutes after the last succesful TouchID- or Master-password-based authentication). or some scheme where the authentication requirements are increased as time progresses or location varies.
  • Allow more attempts with TouchID
  • allow for additional feedback when entering master password, e.g. display last entered character in clear text for a second.

obviously, I don't want to weaken my main password, and appreciate the security of having to enter it when touchID failed too many times and time and/or location have progressed/changed, so I wouldn't want to have to resort to using a weaker password.

Currently, I often find myself thinking "argh, to access this and that, I'd have to use 1password, and I want to do that because it's gonna take me 5 minutes again to log in". that can't be in anybody's interest ...

Thank you for listening,
ionos

1Password Version: 6.5.1
Extension Version: Not Provided
OS Version: 10.2
Sync Type: 1password for family
Referrer: forum-search:touch id

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni
    Options

    @ionos: Anecdotally, usually when I run into an issue like that with Touch ID, I take that as a sign that I need to clean something -- either my fingers or my iPhone. Or both. I'll be in Hokkaido again this winter, so I'll see if the cold causes me more trouble this time. I've found the improved Touch ID sensor on recent devices to be a big help too.

    Take location into account (when at home/work, less secure access mechanisms could be sufficient)

    That's an interesting idea, but there may be ways to spoof this. Also, Wi-Fi hotspots are used to help determine location in most cases, and I've had some pretty weird results with this at times.

    Allow a timed, pin-based access even with TouchID enabled (e.g. when TouchID fails, I can authenticate using a n-digit PIN for x minutes after the last succesful TouchID- or Master-password-based authentication). or some scheme where the authentication requirements are increased as time progresses or location varies.

    It's certainly something we can consider, but that would also be of benefit to someone malicious as well as you.

    Allow more attempts with TouchID

    Definitely a possibility.

    allow for additional feedback when entering master password, e.g. display last entered character in clear text for a second.

    iOS does this already, so I wonder if you're referring to something different. Can you elaborate?

    obviously, I don't want to weaken my main password, and appreciate the security of having to enter it when touchID failed too many times and time and/or location have progressed/changed, so I wouldn't want to have to resort to using a weaker password. Currently, I often find myself thinking "argh, to access this and that, I'd have to use 1password, and I want to do that because it's gonna take me 5 minutes again to log in". that can't be in anybody's interest ...

    It really is a delicate balance, so I appreciate you taking the time to share your feedback and suggestions for how we might improve it in that regard. Thank you! :)

  • ionos
    ionos
    Community Member
    Options

    Hi @brenty , thank you for your reply.

    I might just have to update my fleet of iOS devices ...

    With respect to the security of various features, I often feel it should be up to the user to make an informed decision about what level of security she/he needs for his/her data.

    And the "display the last character entered" was referring to macOS, I should have been more precise.

    Thanks again,
    Clemens

  • MrRooni
    MrRooni
    Options

    Good morning Clemens (@ionos). Thanks so much for the extremely well thought out feedback. As Brenty mentioned, improvements around our security settings really require a delicate balance. To be frank, our security settings are already far more complex than I'd like and a feature like this would only increase that complexity.

    All that being said, I really do appreciate the feedback. It's dialogs like this get us thinking in new directions and ultimately improving 1Password.

This discussion has been closed.