Clicking cancel on 1Password touch id dialog forces to always enter password

Options
sashk
sashk
Community Member
edited May 2015 in iOS

Sometimes I accidentally launch 1Password, or it opens up after phone locks up. I can't exit it, until I press cancel on touch id prompt window. Every time I press cancel, it forces me to enter master password. You need to make your logic in this case slightly better:

  1. User was authorized first time, but clicked cancel on touch id promtp
  2. Next time user launches app - ask him for touch id, not for master password.

Comments

  • hawkmoth
    hawkmoth
    Community Member
    Options

    I've noticed the same thing since the change was made so that Cancel no longer shuts down 1Password. Now cancel seem to mean, "cancel TouchID and require the master password." There were lots officers who thought 1Password was crashing when it shut down after a Cancel selection, which I suppose is why the change was made.

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @sashk,

    There has been a change in the latest beta.

    From the changelog:

    [IMPROVED] Canceling Touch ID no longer quits the app or the extension. It reverts to the Master Password instead. {OPI-2551, OPI-2604}

    As Hawkmoth mentions, this change was made because we had too many reports of the 'Cancel' button crashing the app. It wasn't so much a 'crash' as it was an unceremonious closing, but it frustrated enough users that we're looking into alternatives here. We don't have many options (because the Touch ID prompt is presented by iOS and not 1Password directly) so, it looks like reverting to the Master Password pane is the lesser of two evils.

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @sashk,

    I appreciate the suggestion, but as I mentioned above, we really don't have a lot of options with respect to this prompt. The iOS puts the prompt up there, buttons and all, and all we can do is determine what that 'Cancel' button does.

    Using 'Cancel' to close the app

    Using the 'Cancel' button to simply close the app allowed us to save the Touch ID state. The next time the app was opened, the Touch ID prompt would appear again. However, because we had no control over how the app was closed, it was very quick, and rather unceremonious, and was perceived by users as a crash.

    Using 'Cancel' to cancel Touch ID

    The obvious behaviour of the 'Cancel' button is to cancel the thing that is happening, in this case - Touch ID. When a user cancels Touch ID, the Master Password is removed from the iOS keychain, and the Master Password prompt will appear the next time 1Password is opened. This is done for your security. The tricky thing is that we can't differentiate between 'Cancel, because I really didn't mean to open 1Password this time' and 'Cancel, because I do not want to be prompted for Touch ID the next time I open 1Password' (for example, when travelling, or any time when you might not want your fingerprint to be used to unlock your 1Password data.)

    I know, I've run into this a few times myself, and I've gotten into the habit of just authenticating with Touch ID and then switching to the app I meant to open in the first place instead of hitting that 'Cancel' button. We are looking into ways to improve this in the future, but as I said, our options are a bit limited within the current iOS Touch ID framework.

    I wish I had a better answer for you, but I hope this helps to explain things. :)

  • Megan
    Megan
    1Password Alumni
    Options

    Hi @sashk,

    Our knowledgebase has a ton of useful information on how we use Touch ID in 1Password. In particular, you might find this article useful:

    How we securely store the Master Password in the iOS Keychain

This discussion has been closed.