Feature request: separate security levels for individual items
Comments
-
Along the same lines, I would prefer to have some logins and secure notes more 'locked down' than others. My computer is generally very safe so I remove many of the safeguards 1password makes available to minimize friction (i.e. frequency of password retyping), but....but...there are a few accounts (banking, and secure notes with sensitive information, ect) that I'd like to have require my password every time as well as to have all fields obfuscated to prevent someone rifling though my computer from seeing the information. It would be as simple as adding a radio button that says "require password every time to view secure note" (or fill login). I am a recent Lastpass convert and while I am generally happy with how you've set things up, there are a few little things (like this) that Lastpass got right. Thanks!
0 -
@spac3_m0nk3y: First of all, welcome! Thanks for your interest in 1Password! :chuffed:
I hope you don't mind, but I split you off into a separate discussion since you bring up something different.
Notably (as mentioned in the previous discussion), you can actually create as many custom fields as you like and set them to 'password' to conceal them...but of course if someone can look, they can probably touch too, and easily figure out how to copy and paste. ;)
Regarding your feature request that we add per-item password protection, perhaps you can offer a more concrete example of how you would use this feature. Now, I know you did illustrate this a bit in your post, but it doesn't address this central question: if your computer is left unattended, why is your 1Password vault unlocked in the first place?
This feature (at least how I envision it) would mean a lot of extra work (for you!) for a questionable security benefit. After all, you'd have to individually password protect specific items (and remember those passwords!) and then also unlock them individually when you want to access them even after unlocking your vault.
To me that sounds like a nuisance, and of course then someone with access to the computer — with 1Password unlocked, mind you — has the run of everything in my vault which I didn't take the time to protect with Yet Another Password. This is actually exactly the reason that 1Password exists, to avoid this kind of problem. And then would we really use a long, strong, unique password for each individual item? Probably not. The item itself (such as a login) should already have a crazy password that we don't want to have to remember...but then we're creating YAP to protect another YAP, and both are protected by the Master Password if we just have our vaults locked when not in use.
Anyway, the recursive nature of this chain of passwords kind of hurts my brain. We can certainly consider adding a feature like this, but only if there's a clear use for it and it doesn't make it even more difficult for people to be secure. We're trying to move in the opposite direction. I'd love to hear more about your perspective! :)
0 -
@brenty I think you misunderstand his point (and so have mistitled the thread).
The way I read it, which would be easier and makes sense, is that he wants to have 1PW in general set to remain unlocked while computer is awake (say) but some items require the master password every time they are accessed. It's a matter of different timings, not of actual different passwords. If you like, it would be a matter of different auto-lock settings for different vaults.
0 -
If you like, it would be a matter of different auto-lock settings for different vaults.
@danco: Ahh! That's an excellent point. Thanks for mentioning it! :)
@spac3_m0nk3y: I apologize if I misunderstood. If you can clarify, it would be greatly appreciated. Thanks in advance! :chuffed:
0 -
Hi Brenty and Danco. First, wow, not only did you get back to me quickly, it was a really thoughtful and involved response. That's incredible. Thanks! I think there was some confusion with my post (my fault).
The bottom line is that most people are trying to strike a balance between security and convenience. Also, most people don't use their computer in an environment where they are under constant threat from nefarious strangers with physical access to the computer. I understand the importance of a long Master Password to secure my vault, and I use a long one, which is most of the problem. If my vault is locked every x number of minutes, or every time the screen saver comes on, I will have to reenter my password a couple of dozen of times a day. This pushes the security:convenience ratio way to the wrong side because of my complex password. I do have a few logins (i.e. bank) and a few secure notes that I don't use that often but I would like to require a password prompt every time they are accessed (with my vault password..avoiding YAP). This way I can generally leave my vault unlocked (minimizing friction for most logins), while still maintaining extra security on those critical logins/notes.
Maybe the answer is creating a special vault for my most important data?
I understand that you might be concerned that this sends a mixed message to the user by suggesting that it's ok to leave your vault unlocked. I think the reality is that most people are like me in that password security is not binary. A vast majority of my passwords are not that important and I'll take convenience over security. There are a few exceptions where I am willing to jump through some extra hoops to ensure that my data is safe. It's all about striking a balance. Couple that with the fact that my vault is in dropbox with two-factor authentication, so the only real concern I have is with physical access...and even then they have to have my computer's password.
I hope this clears things up a bit.
Thanks,
Scott
0 -
Hi Brenty and Danco. First, wow, not only did you get back to me quickly, it was a really thoughtful and involved response. That's incredible. Thanks! I think there was some confusion with my post (my fault).
@spac3_m0nk3y: You're most welcome! And I can certainly accept some of the blame here...
Maybe the answer is creating a special vault for my most important data?
Wow. I think you may be right (though obviously that's your call). Clearly I was overthinking this!
I understand that you might be concerned that this sends a mixed message to the user by suggesting that it's ok to leave your vault unlocked. I think the reality is that most people are like me in that password security is not binary.
People leaving their vaults unlocked is definitely a concern. I'm not quite sure that you're right that most people want to have different security levels for their data, as it only comes up occasionally. Now, it may be that many people would like the idea, but again, in practice, this makes more work for the user to have to pick and choose, etc.
A vast majority of my passwords are not that important and I'll take convenience over security. There are a few exceptions where I am willing to jump through some extra hoops to ensure that my data is safe. It's all about striking a balance.
You make an excellent point! Theoretically, you're using a unique password for each site, so losing one — so long as it isn't your email or bank login — should't be a huge loss...but I'm not sure this thinking leads us toward better security, which of course is what 1Password is meant to do. But I can definitely see both sides.
I guess my primary objection is that it isn't just one throwaway login that will be exposed in your unlocked-vault-with-some-individually-locked-items scenario; it's every login that you don't designate for this additional security measure. And I think it's likely that any of us (okay, but most certainly me) in this situation could absentmindedly create a new login that really should be well-secured (credit card?), except — oops — I forgot to set that option just now when I saved it, and it's lunch time, and I'm in a hurry...
Couple that with the fact that my vault is in dropbox with two-factor authentication, so the only real concern I have is with physical access...and even then they have to have my computer's password.
I feel like that's crucial: your data, even on your physical device, is already locked behind a few different 'doors'; and 1Password is meant to be the final measure, so that even if someone can simply dump all of your data, they won't be able to decrypt your vault. So while a per-item security setting is certainly something we can explore, I'm not sure that your original suggestion is the right solution.
However, using a separate vault for your most sensitive data is a fantastic idea. Without managing to actually formulate this plan myself, I just happened to set things up that way, and it really works for me. The only caveat being that currently in 1Password for Mac, all vaults are unlocked together. This is definitely something we're looking at, since in 1Password for Windows vaults unlock on an individual basis. We have people on both sides of this debate, and we'd like to offer a solution that's more flexible for everyone.
I hope this clears things up a bit.
It does! I think. At least until danco (or you!) chimes in to tell me that I missed something again. :lol:
0 -
Brilliant response Brenty. Thank you! I found out today when I tried to implement the "multi-vault" theory that all my vaults were linked on my mac (as you said). If there is one "actionable" item from this it would be for me to ask you guys to add that feature to the mac. That would be brilliant.
I've taken up enough of your time (you've been very generous), but I'll leave you with one final thought since I have your ear. Don't feel the need to reply if you're too busy. When security becomes too inconvenient it doesn't matter how ingenious the crypto is because nobody will use it. Most people don't use any password manager because even something as easy to use as 1Password is too much of a hassle. Others will seek any tool that will maximize their security (regardless of the inconvenience). I, like many others, prefer the middle ground. And like many others the idea of entering a long and complex master password 10-20 times a day is just not something I'm willing to do; even if it compromises my security. Likewise, Yubi keys are too much of a hassle. At the end of the day I will stick with leaving my vault unlocked, even though I know that means I am not as safe as I can be. I believe that a there must be a solution to minimize friction while maximizing convenience. Maybe it's linking 1password to a proximity beacon (such as your phone) so no password needs to be use? Or may a bluetooth Yubi key bracelet? You guys are incredibly smart and I know you'll figure it out, I just don't think we're quite there yet.
Thanks again Brenty!
Scott
0 -
Brilliant response Brenty. Thank you!
@spac3_m0nk3y: Hey, you're welcome! Thanks for being patient with me. :lol:
I found out today when I tried to implement the "multi-vault" theory that all my vaults were linked on my mac (as you said). If there is one "actionable" item from this it would be for me to ask you guys to add that feature to the mac. That would be brilliant.
@spac3_m0nk3y: Indeed. Both multi-vault unlock on Windows and single-vault unlock on OS X are fairly popular requests, but what we really want is to offer a more consistent experience across all platforms. I can't say if or when we'll make changes in this area, but it's absolutely in our sights.
When security becomes too inconvenient it doesn't matter how ingenious the crypto is because nobody will use it. Most people don't use any password manager because even something as easy to use as 1Password is too much of a hassle.
So true! I'm afraid I don't have anything clever to add here... Thanks so much for your thoughtful feedback, Scott. The 'door' is always open! :chuffed:
0
