Why 3 steps in Windows vs 1 step in Mac for biometric authentication?
I have been using 1Password on Mac for many years, and just moved to a Surface Pro with Windows Hello. I am confused as to why there are 3 times as many steps for bioauthentication in Windows vs Mac after initial unlock after reboot.
On Mac:
1. Open 1Password and simultaneiously prompts for Master Password and Touch ID
2. Put finger on Touch ID and 1Password Opens
On Windows:
1. Open 1Password and prompts for Master Password and offers a choice of unlocking with Windows Hello or Secure Desktop
2. Click on WIndows Hello
3. Brings up screen confirms identify
4. Waits for me to click on OK
1Password Version: 7.3.661
Extension Version: Not Provided
OS Version: 10 Pro 1903
Sync Type: 1Password Account
Referrer: forum-search:Why additional steps in Windows version?
Comments
-
I agree. I also love to use Windows Hello to login to my computer its very fast. With 1Password not so much. The step "Hit okay to login" should be elminated. If I boot up and entered my Master Password (once) it should simply unlock with Hello and not ask for any more confirmation.
0 -
For the moment, we don't have the option to automatically authenticate with Hello, @TexBuck and @rosenkrieger. We ask Windows to authenticate you with Hello when you invoke it (which can be done just by pressing
Enterwith an empty Master Password field focused), then Windows handles the rest of that process – the authentication and the confirmation step. I think we'd be open to eliminating the confirmation step, but that's outside our control at the moment. AnEnterpress can also confirm, for what it's worth, so your workflow can beEnter> touch sensor (or look at camera) >Enter, which is pretty quick in my experience.Something to consider with Hello as well is that fingerprint isn't the only supported authentication method available – you can unlock with your camera as well, in a vein similar to Face ID. With Touch ID, you're able to control when 1Password unlocks by touching the fingerprint sensor (or not) – something you can't do when unlocking with facial recognition. We don't want 1Password unlocking unexpectedly and the best way to do this with the current tools available to us is to ask y'all to invoke Hello when you're ready to unlock.
On a purely personal note, I actually prefer this and even set my Windows login screen to require I invoke Hello specifically. When I first got my Surface, my PC would unlock at times because I glanced at the screen to check the time forcing me to lock it again before walking away. For this reason, I don't think we'll likely eliminate the requirement to affirmatively invoke Hello to unlock, but we certainly will keep your feedback in mind and, as the methods by which we can access Hello to unlock change and expand, we'll continue to reevaluate how this process can be improved. :+1:
0 -
While I understand why YOU prefer the current method, my use case is another. I am alone in my Home-Office. There is nobody around and I would love an option to eliminate all steps that I do not need.
So for me. Once my Surface Book 2 has gotten its Master Password in 1Password the app should simply unlock without any click or enter or whatever. Simply unlock an be available.
You could default the current method and simply offer an OPTION to do as we suggested. Fast and clean login for users that want this comfort or for others that want even more security the "standard" way.
0 -
Absolutely, @rosenkrieger – that's why I mentioned that was merely a personal note. It's relevant only to the extent that there are reasons this was the initial implementation. I'm sorry if it read otherwise. That doesn't mean this won't ever change. As it stands, our role is limited to asking Windows to authenticate – everything past that is handled by the OS – so anything else would involve building a more customized method of doing this beyond simply calling the Hello API, which would take time. The best I can do you right away is suggest options like
enterto invoke and confirm that can make this a bit more smooth for now, but as we polish off other projects and have the opportunity to explore additional features we've had on the backburner for a time, Hello definitely has room for some improvements and we're certainly open to changes. :+1:0 -
I allow Windows to do all my authentication using Windows Hello. It even has the option to auto lock when it detects that you are no longer at your computer. Because of this I setup 1Password to not lock itself ever unless I do so manually. I understand that this could be debated as an insecure procedure but it eliminates the hassle of having to unlock both Windows and 1Password every time I use my computer and I am fine with that.
We also use 1Password for business and have observed the hassle of unlocking both Windows and 1Password separately is challenging and exasperating for employees.
0 -
@Cartman: Honestly, while it's not something we'd recommend, it's your call if you want to leave 1Password unlocked for extended periods of time. We just can't have 1Password unlock Windows for you, or not have 1Password require the Master Password the first time, as that's needed to decrypt the data. I don't know about you, but I am not using 1Password most of the time I am using my computer, so I do find it useful to have that locked much of the time. Food for thought. :)
0
