App (not system) inactivity timer [feature request]

Comments

  • numo68
    numo68
    Community Member
    edited September 2015

    Sorry to revive this thread, it is just the latest one I have found regarding this functionality that is still open. I just downloaded and am currently evaluating the 1Password. I find it a great tool, but this is something that immediately caught my attention and might even be a show-stopper. I fully understand that many users prefer to enter the master password once and then never again for the rest of the day and that it is a reasonable default setting. However, there are others who would want to limit the time the helper stays unlocked without interaction with the application itself.

    The use-case is simply that

    • I have the browser extension running. I don't open the main application at all.
    • I log into some sites in the morning
    • several hours pass
    • a colleague wants to try something on my machine (maybe even remotely) so I let him to and go get a cup of coffee

    I trust the person not to do any harm on the machine. However, I don't want him to be able to get my passwords or credit card information in cleartext (I know he does not get the direct UI, but the vault is unlocked and can be used to fill forms). I am in fact required not to allow it by the terms of service of just about every site/bank. Requiring me to explicitely lock the browser extension is unrealistic, nobody remembers to do this every single time.

    Would you eventually consider to add the possibility to re-arm the auto-lock timer with program interaction and not the computer interaction?

    Thanks

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited September 2015

    @numo68: I hope you don't mind, but I've split this off into a separate discussion, since it's essentially a feature request which is only peripherally related.

    Would you eventually consider to add the possibility to re-arm the auto-lock timer with program interaction and not the computer interaction?

    Absolutely! This is certainly something we can consider in the future, but keep in mind that ultimately 1Password cannot protect your data from you, regardless of the security measures we implement.

    If you unlock 1Password, set 1Password to lock only after a period of inactivity, continue actively using the computer, and then turn your computer over to someone else without locking 1Password they will have access to your vault — along with everything else on your computer.

    Requiring me to explicitely lock the browser extension is unrealistic, nobody remembers to do this every single time.

    I'm forgetful too, which is why I set the timer to 1 minute. Better safe than sorry! :sunglasses:

This discussion has been closed.