Confused. 1. Changed behaviour of 1Password locking; and 2. Preferences editable when locked. *

Hi.
Maybe I've missed something, but 1Password used to lock automatically after a set period of not being used.

Now it locks after a set period of the computer not being used. As I am fairly constantly using the computer, this is not so useful. The App is displayed to anyone looking over my shoulder, unless I am in full screen mode, and even then it's just a quick twice to view the App and return.

  • As well, if the password extension (both BETA and 4.6.2) is unlocked to use, the main App (both BETA and 6.5.3) is unlocked - for all to see.

  • The same applies if 1Password Mini is unlocked.

I am sure that this never used to occur, prior to 6.5.3. There used to be an option in preferences to lock the App after a certain period of time, from memory.

Preferences in both versions of the App can be selected and many of them edited, regardless of whether the App is locked or not.

I feel that the preferences should not be able to be displayed (and certainly not edited) if the App is locked.

The issue that I have with both of these is that previously, I could be reasonably confident that my information was secure. Now I have to physically lock the App to secure data and lock the Computer to prevent the preferences being displayed / edited. An annoyance for me and I'm sure a potential security risk for others.

  • 1Password 6.6.BETA-4 & extension (beta) 4.6.3.b1 on Sierra (10.12.2) from Website.
  • 1Password 6.5.3 and extension 4.6.2 on El Capitan (10.11.6), from Apple Store.
  • Sync via Dropbox.
    Thanks...

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_kevinag_kevin Junior Member

    AgileBits Team Member

    Hi @kdcnz ,

    To clarify, when you unlock the extension, it is unlocking the 1Password app. It always had. The extension does not actually hold your passwords, it is merely a secure conduit to your 1Password app. There is no "unlocking" to be done of the extension itself.

    The same goes for the mini. 1Password mini is the process that holds the data. The main app is merely a viewer that displays the data that the mini holds. So if you unlock 1Password in the main app, you are really unlocking 1Password mini. There's no separate locking of the main app and mini, since there's nothing in the main app to lock. It's all done through the mini.

    We have not made any changes to the locking after idle time. It's always been to lock so many seconds after idle time. It's been that way since at least version 5, and likely further back than that. But I can certainly take your feedback on locking after a set amount of time (regardless of idle time or not) as a request for that feature.

    Regarding Preferences locking, any preference that deals with access to your 1Password data is locked when your data is locked. It can be seen but not changed. Anything to do with display settings like display settings or keyboard shortcuts are not locked, because it doesn't affect someone's ability to access the 1Password data. Is there a particular preference you are concerned about? If so, let us know the risk you feel it poses and we can certainly consider hiding it when locked, like we do with the All Vaults preferences.

    Though if you are concerned about someone accessing your computer, you should take steps to avoid that by locking your user account when away from your computer. If someone has access to your computer, there are other ways to compromise it (e.g. install malware, keyboard loggers, etc.) aside from accessing 1Password.

    Regards,
    Kevin

  • Thanks for the reply and the explanation. 8-)

    I must have changed the way I work lately, as the 1Password App remaining open is a 'feature' I have definitely (adversely) noticed... I have recently migrated from a mid-2009 MacBook Pro running OS X 10.11.6 (El Capitan) to a later model MacBook Pro running OS X 10.12.2 (Sierra) and it's way (way...) faster. As I have the App set to lock after 1 minute of idleness, I suspect that when before I was 'waiting, waiting, waiting...', the App quietly locked itself. Now I'm more productive and find the App is remaining open.

    I notice the 'feature' on the old MacBook now as well, as it has had a reformat, a clean build of El Capitan and currently is usually dedicated to one task, some of which includes visiting web sites, so 1Password is opened and when I'm on that Mac, the App appears to be open all the time (it also runs a lot faster with several years of detritus removed).

    Personally, I think that an option to lock after 'n' minutes (regardless of activity) is more useful and a lot more secure than locking after 'n' minutes of idleness. I often have people viewing my screen and I don't want them to view the contents of 1Password at all. Currently they can, as I tab through my open Apps. Of course, the passwords are concealed, but it's the contents that are private also. Bank Accounts and Credit Card information is readily viewable, depending on what was opened last in the App (as the displayed contents have nothing to do with Mini or the browser extension). I hope that makes sense. As an example, it has now been over 30 minutes since I used the browser extension to sign into this forum to respond and 1Password is still open, showing all my email accounts - I have looked at emails, network monitor, firewall, copied some data, browsed a couple of web sites and done other stuff in the meantime. Nothing to do with 1Password, which I'd prefer to be opened when I want it to, allow me enough time to extract information from it, then lock. As it does for me in the iOS version, where I'm confident that after 1 minute, I can hand the phone to someone else and they can't access 1Password data. As in real life, people do hand-off computers to others...

    Do I need to open a thread to request a new feature?

    The 'preferences' I accept gracefully - albeit with a very mild reservation. I've probably never looked at it as an issue before until I was trying to see why the App was remaining open. The very mild reservation is just that I think that if we have a 'secure' App, everything should be secure.

    FYI, I have been using 1Password on the Mac since at least version 3.8 in 2013 and the Beta version since version 5.something. Probably my most used (and certainly my most valued) App.

    Cheers,
    Kevin.

  • brentybrenty

    AgileBits Team Member

    Now I'm more productive and find the App is remaining open.

    @kdcnz: Me too. Definitely something to be aware of!

    Personally, I think that an option to lock after 'n' minutes (regardless of activity) is more useful and a lot more secure than locking after 'n' minutes of idleness.

    I think the idea is that if you're in front of your computer using it, it's helpful to have 1Password unlocked...or you can lock it whenever you wish. It's certainly something we'll consider though.

    I often have people viewing my screen and I don't want them to view the contents of 1Password at all. Currently they can, as I tab through my open Apps.

    Keep in mind that you don't have to leave the main 1Password window open at all times either. 1Password mini runs in the menu bar, so it can still be accessible to you without having to show it off constantly. Or you can quit it completely ( ⌃ ⌘ Q ), and that will close 1Password mini and the main window, and lock your vault(s) as well.

    Do I need to open a thread to request a new feature?

    Nope! You're talking to the AgileBits team here, and we're listening. :)

    FYI, I have been using 1Password on the Mac since at least version 3.8 in 2013 and the Beta version since version 5.something. Probably my most used (and certainly my most valued) App.

    Same here! Thanks for your support and feedback on this. We're here if you have any other comments, questions, or suggestions! :chuffed:

This discussion has been closed.