Feature Request: Windows Hello Timeout [Under consideration for future Hello improvements]

cpmcgrath
cpmcgrath
Community Member
edited December 2018 in 1Password 7 for Windows

At the moment, when I turn on my machine I have to enter my master password, and then anytime after when I need to unlock 1password I can enter my Windows pin. This is great!
However, I often leave my computer on for a week. It would be great if I could say, lock my vault after 5 minutes of activity, and after 2 hours of inactivity force me to use my Master Password to unlock the vault.

The main advantage of this is it forces me to enter my master password at regular intervals (but not too much to be annoying) so I won't forget it.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @cpmcgrath,

    That is an interesting idea, thank you for the suggestion! :+1:

    Right now, your Master Password is required every time you exit 1Password completely and start it again, and after your PC restart. I will make sure to pass your suggestion along to our team to see if it is possible. Moreover, we receive the opposite requests from time to time (make Windows Hello always on), so the current behaviour is the middle-ground we are comfortable at the moment.

    Let me know if you have any other questions, we are always here for you. Thank you!

    Cheers,
    Greg

  • sniem
    sniem
    Community Member

    I second this request.

  • Greg
    Greg
    1Password Alumni

    Hi @sniem,

    Thank you for participating! We are planning to improve 1Password 7 for Windows in the future and we will see what we can do about Windows Hello. Thanks again!

    ++
    Greg

  • MoBe
    MoBe
    Community Member

    Hi - revisiting this thread as it would be incredibly helpful and more secure/comforting to simply have the same timeout option that's already available for TouchID on the Mac available for Windows Hello:

    "Require Master Password: If you want 1Password to require your Master Password instead of Touch ID after a specific amount of time, change this setting."

    Thanks for all of the ongoing support and improvements.

  • MikeT
    edited December 2018

    Hi @Mobe,

    Thanks for your request.

    Keep in mind that the 1Password's biometric system works differently on both platforms.

    On Windows, we are not storing your encryption key anywhere on disk or the secure module like TPM, a temporary one-time key is in the memory until you reboot or terminate 1Password. On macOS, we are storing it in the macOS's keychain with Touch ID's secure enclave protection. What this means is that you can unlock 1Password on macOS with Touch ID the first time you open 1Password but you cannot do this on Windows, you're always required to enter the master password first.

    Once we add the ability to unlock 1Password with Windows Hello from the start (which would require us to store a unique key on the secure TPM module), we'll absolutely add a time-out option but for now, we have no plans to add it in the current implementation. The timeout would not increase or decrease the security of 1Password because if your system is compromised to the point they can read your Hello key, they can do the same for your master password.

    If you don't feel confident in Windows Hello because you may be traveling or something like that, which we will recommend that you disable Windows Hello globally, not just 1Password.

This discussion has been closed.