Secured Desktop by Default

Hi. From what I have read with Secured Desktop a little more secured than the insecured(?) way of unlocking 1Password, why haven't we made Secured Desktop the default way of entering our master passwords by now? Why must I click on that shield icon each and every time? Can we at least have this as an option so we can set it up as a default for those of us who are a little more paranoid?

With that said, can someone point me to the white paper describing why Secured Desktop might be more secured than the standard way of unlocking 1Password?

With thanks.


1Password Version: 7.4.767
Extension Version: Not Provided
OS Version: Windows 10 Professional
Sync Type: Not Provided

Comments

  • GregGreg

    Team Member

    Hi @laugher,

    Thank you for reaching out!

    The "Unlock on Secure Desktop" feature is about creating an isolated desktop where only the specific list of processes are allowed to run on that desktop, in our case, only 1Password-authorized processes. It helps protect against key loggers. The "Enter Master password" dialog appears on another desktop (that we temporarily create ourselves), and Windows messages do not travel across desktops. Key loggers are thus precluded from spying on the (keyboard) messages.

    If you always want to use "Unlock on Secure Desktop, try pressing CTRL + ENTER on the lock screen before you enter your Master Password. This will activate this feature without an additional click from you. Let me know how it works. Thanks!

    ++
    Greg

  • @Greg - Ctrl + Enter helps but it would be great to not having to do this each time. Also, why isn't it a default mode if it protects against software key loggers? :|

  • bundtkatebundtkate

    Team Member

    To be clear, @laugher, Secure Desktop isn't guaranteed to always protect from all keyloggers. It's a very good counter-measure that makes it far less likely that an installed keylogger will succeed in capturing your Master Password, but nothing in this world is completely foolproof and using a compromised device is never totally safe no matter the precautions you take. This blog post takes a bit of deeper dive into the world of keyloggers and how Secure Desktop does (and doesn't) protect you than some may want, but it's a great example of how even very good counter-measures can and have been fooled and why it's important to always use security best practices even when you do have effective counter-measures like Secure Desktop at your disposal.

    With that said, why not Secure Desktop all the time? Well, the exact things that allow it to be a good counter-measure against keyloggers also limit things some of our customers depend on. Screen readers can't announce what's on the screen for the visually impaired on a Secure Desktop since their process can't run, just to give one example. We do think how to unlock should be your choice, but in order to provide that choice, the default must be something where all methods of unlocking can work and are accessible to everyone. So, we show the standard lock screen with all options available and allow you to choose.

    Now that doesn't mean we'll never provide a setting to choose a different default. We've already kind of done that for Windows Hello by allowing for it to show automatically when enabled and available. But, it does mean Secure Desktop can't be the default out of the box. I'm glad that Ctrl + Enter is easing things for now and I will certain pass along a request to change your own default to the team. :chuffed:

  • @bundtkate - thank you for the explanation and love the blog by @jpgoldberg as usual. It might be time to look at something other than the master password to secure vaults.

    I'll use Ctrl + Enter in the meantime.

  • GregGreg

    Team Member

    Hi @laugher,

    On behalf of Kate you are very welcome!

    Feel free to contact us anytime, we are always ready to answer your questions about 1Password.

    ++
    Greg

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file