Password Request for Important Logins
Hi all,
Is there a way for you to set up 1password so that you can make important logins (e.g bank accounts etc) to request the master password/touch ID when accessing those particular sites?
Thanks
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @siphco
Unlocking 1Password requires either your Master Password or Touch ID (if configured), but once unlocked there aren't varying levels of access to different logins. I'd be interested to hear more about the use case you have that makes this desirable functionality. Would you mind sharing?
Please let me know.
Ben
0 -
Hi Ben,
Sure thing. On other password managers you have the ability to add a second level of security to more sensitive logins for example bank accounts as I said. I guess it would just be nice to have the ability to have to enter the master password or touch id to fill the login details for these sensitive logins.
0 -
Thanks @siphco. I'm just trying to imagine an attack vector where this would help. What is the threat that you're trying to prevent here?
In the past, with 1Password v3 for iOS, we too did something like this. You'd unlock your device using your device PIN, then unlock 1Password using a separate PIN, and then any items marked as "high security" required your Master Password. This made sense at the time because there was no biometric support, and typing a long Master Password every time you wanted to retrieve a password was quite cumbersome for some folks. Now the landscape has shifted and most devices support biometrics, making relatively high security much more convenient. The old model wouldn't really make much sense in the modern context.
There may be other reasons that make sense now, but I'm having a hard time coming up with any. It seems if someone gets to the point where they're sitting at your computer and you've left 1Password unlocked you're already in a very compromising position. Maybe I'm missing something though. I'd be interested to hear what your thoughts are.
Ben
0 -
Well I will be travelling soon, and i guess if i were to be using a laptop, say at a cafe and someone came past and grabbed it, my 1password is unlocked and they would be able to access all my passwords with no further request for the master password. Am I correct in saying that? I could just be overlooking something, I am new to the program. What you were saying about the old program makes sense to me as if the above example were to happen, the thief would only be able to access the less important passwords.
Thanks
0 -
Hi @siphco!
I see where you are coming from, but I think a change like this would add a lot of complexity to the app. As a suggestion, perhaps the best way to do this is to change your auto-lock settings in the 1Password app:
In here, you can set the app to lock aggressively whenever you find yourself in a situation such as being in a public place. Also, in case you have a 1Password Membership, you can also deauthorize a device from the 1Password website on a different device.
I hope this helps! And have a nice trip!
0 -
@siphco - I'd just add one more thing to ag_ana's excellent advice, and it's this: we've had a sort of unofficial saying around here for a long time: "security is a process, not a product." If there were a product - ANY product - that could keep you 100% secure under all conditions, everyone would already own it and hackers/thieves would have found other lines of work. But of course there isn't; no product including 1Password can keep you safe under any and all conditions. The best defense you have in virtually every situation is your own judicious use of best practices for security. 1Password is among the best tools you can use, but it's far from the only one. A VPN or Tor would be another example; using FileVault or BitLocker for whole-disk encryption would be still another. Each of these tools can help you secure one aspect of your digital life, but what ties them together is your consistent attention to security best practices.
But even with the best security, there are indeed going to be situations that can't be planned for or reasonably prevented within the context of software, and you've just described one of them. Sitting at an outdoor cafe and imagining someone coming by and literally grabbing your laptop off your table and making off with it while you had 1Password unlocked is simply something that we can't prevent. Fortunately, it's also not exactly a likely scenario, and one that can be minimized in several ways: don't open your laptop in such conditions. Or, if you must (or simply want to) use the laptop, sit inside, away from where someone could potentially speed away with it easily. These aren't perfect security measures, but again, there's no such thing as perfect security -- and trying to design for such things within 1Password that are better addressed with real-world measures like I just described would only, as Ana mentioned, add needless complexity to 1Password, without adding much real security.
0 -
No problem, I was just trying to find out if it was a feature that was available on 1password that I hadn't been able to find. Thanks for the suggestions I will take them all onboard.
0
