Remember master password across Chrome restarts?

Hello,

Every time I open my Chrome I have to re-enter my master password.

Is it possible for the extension to remember my master password across browser restarts?

Thank you! :-)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member
    edited November 2017

    @orschiro: Thanks for getting in touch! That would certainly be convenient, but I'm not sure it is something that can be done securely — and if it can't it isn't something we will do I'm afraid. :(

    The problem is that for it to be persistent, it would need to be stored somewhere, and that's potentially a huge security hole. We probably can't encrypt it, since then you'd need some other password to decrypt it, which sort of defeats the purpose of saving it in the first place — and after all, this is 1 Password!

    That said, as browser technologies improve, perhaps we can have 1Password X integrate better with the OS itself. Using something like Touch ID on a Mac may be feasible in the future, for example, since your fingerprint could be used to "unlock" the Master Password stored in the Secure Enclave. This isn't possible even on all Macs, and as far as I know Chrome cannot access it even when it's available, but if there are ways we can make it more convenient without sacrificing security we will. Thanks for the suggestion! :)

  • Dear @brenty,

    I appreciate your reply!

    I understand your concerns. So, let me ask you:

    How do LastPass and Bitwarden do it? These two Chrome extensions don't ask me to re-enter my password on every start of the browser.

    Yours,

    Robert

  • brentybrenty

    Team Member

    @orschiro: I couldn't tell you. You'd have to ask them. As far as I can tell, neither has a security white paper that covers this. 1Password never stores the Master Password in RAM or on disk.

  • @brenty, that's enough information for me for now. Thank you!

  • beyerbeyer

    Team Member
    edited November 2017

    @orchiro: I don't review every password manager, but I can say one of the companies you mentioned doesn't require the Master Password to be entered because they merely store it locally. In their Technical Whitepaper, they state that using their "remember master password" feature for browser extensions is not recommended, reduces the security of the master password, and make it more likely that a user will forget it.

    I hope that helps! Please let us know if you have any additional questions.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Dear @beyer, you're referring to LastPass or Bitwarden?

  • beyerbeyer

    Team Member

    @orshiro: I wasn't trying to say, but I was referring to LastPass. I have yet to read a whitepaper regarding Bitwarden.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • @beyer, that's insightful to know. Thank you!

  • brentybrenty

    Team Member

    Likewise, thanks for asking the tough questions! Perhaps someday as Chrome continues to advance it could take advantage of native security features and that's something we could use to make 1Password more convenient without sacrificing. Cheers! :)

  • @brenty, awesome! Looking forward. :-)

  • Some tools have native apps running in the background, so Chrome just connects to the native app(most of the time via sockets or a (secure) stream on localhost)
    This way, if you already unlocked your native app, you don't need to do this again in Chrome.

    If you would store your Master password in Chrome it would be equal to storing all your passwords in your browser, because of all auto-fill hacks happening nowadays it's something I'll never use. Separating these is a good security measure.

    Therefore I would always vote against saving the master password somewhere, except in my safe, separate from the secret key.

  • brentybrenty

    Team Member

    Some tools have native apps running in the background, so Chrome just connects to the native app(most of the time via sockets or a (secure) stream on localhost) This way, if you already unlocked your native app, you don't need to do this again in Chrome.

    @srcoder: Thanks for chiming in! It's something we can explore, but we do want to prioritize things that will help the most users. :)

    If you would store your Master password in Chrome it would be equal to storing all your passwords in your browser, because of all auto-fill hacks happening nowadays it's something I'll never use. Separating these is a good security measure.

    Indeed, we don't want to store the Master Password in the browser. A lot of us are using 1Password to get away from storing sensitive data there! :scream:

    Therefore I would always vote against saving the master password somewhere, except in my safe, separate from the secret key.

    If we find a secure option for "remembering" the Master Password securely, it will be optional (just like with Touch ID and Face ID). We definitely want to stay in control of our Master Passwords too. Cheers! :sunglasses:

  • brentybrenty

    Team Member

    :chuffed: :+1:

  • beyerbeyer

    Team Member

    Great news, @orschiro! 1Password X now has Desktop App Integration on Mac! 🎉

    Check out our recent beta announcement for details on how to set things up so you can use Touch ID on your Mac. Support for Windows and Windows Hello will be coming in a future release.

    If you're feeling adventurous, please give the beta a try and let us know how it goes. ❤️

  • @beyer still on Linux. Thanks though! 👍🙃

  • beyerbeyer

    Team Member

    🐧❤️👍🏻

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file