Best way to keep 1Password always open?
So I'm changing my security world so everything has long, complex passwords and I'm letting 1Password take care of everything :-). There are going to be two of those long, complex passwords that I'll need to commit to memory - the log in password for my Mac and also the one for 1Password. I'm very diligent about locking my Mac screen when I walk away from it, so obviously when I come back I have to deal with a long, complex password to regain access to the computer. I currently have 1Password setup to lock after a few minutes or when the computer sleeps or the screen saver kicks in. It's also getting to be a major pain typing in my 1Password password after typing in my password to regain access to my Mac.
I'm trying to see if there is a robust way to always leave 1Password open, figuring that if the Mac is locked while I'm gone that nobody can get at 1Password to access my passwords. Say I'm at home and remotely access my work Mac - the screen at work would light up and somebody still at the office could see/video my screen and maybe see passwords as I interact with 1Password or get access to stuff by using the local keyboard and mouse. I'll need to ponder that one...
Can anybody think of other scenarios that could undermine what I'm trying to do, or is this just a straight out dumb idea?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Safe way to keep 1Password always open?
Comments
-
@MickM: Since you mentioned your renewed focus on security, I really have to point out how terrible a security practice it would be to leave 1Password unlocked perpetually. You can go through and disable a lot of security preferences in the app, but there's a reason you can't disable 1Password's security completely. Well...two reasons: one, because the whole point of 1Password is to secure our most important data; and two, because 1Password is fundamentally designed to be secure: the data is encrypted using your Master Password, so it is needed to decrypt it as well. To leave it unlocked all the time, it would need to be stored on disk, and at the point where you're leaving 1Password unlocked at all times, relying solely on the OS lock screen to keep things safe, you might as well just be using a text document to store this stuff. After all, FileVault2 is full disk encryption, right? But if you use a long, strong, unique Master Password and allow 1Password to lock when you're not using it, your data is secure even if the system is compromised. Though I wouldn't recommend continuing to use it at that point, so long as you don't access it, you data is encrypted on disk, so that someone with access to the system (via Thunderbolt exploit, for example) won't be able to get into 1Password even if they can get everything else. Let me know if that helps at all, or if you have other questions or concerns. :)
0 -
I strongly disagree, Brenty. I get the point and you are completely right about everything you say, but you should still give me a choice. I hate it when a software vendor dictates me how to use the software. Give me an option to keep it unlocked. Display a warning, that's fine. But ultimately, I am my own boss. Not you.
0 -
@cryptochrome: I understand the point you're trying to make and agree with you in principle, but it's our responsibility as a company developing security software to give people options that don't make them insecure. And, ultimately, you are your own boss and you do already have the option to leave your data insecure, just not facilitated by 1Password. We're not going to offer an option that, when used correctly, negatively impacts our users' security. That's antithetical to the purpose for which 1Password exists, and why most people use it.
0 -
Brenty, then how come in 1Password X I can disable it? In 1PWX I can completely disable auto-lock and it works like a charm. The only time it locks is when the browser or computer is restarted:
Again, I get where you are coming from, but obviously, you don't follow your own preachings.
And yet again: You are restricting me. I can take responsibility for myself. You could implement it (just like you did in 1PW X), display a big fat warning and it would not be antithetical.
0 -
I'm not preaching anything. 1Password X doesn't allow system-wide access to data when its unlocked, and it the Master Password will need to be entered if you restart the browser because, again, we're not going to write people's Master Passwords to disk. But if you prefer the way that works, you're welcome to use that. Otherwise there are many other options out there for storing information insecurely.
0 -
Wow. The tone. That's one way to argument. "Don't like it? There is the door".
Really, Brenty? Is that how you learned to remove yourself from discussions you don't like?
What I meant by preaching: You make a speech of how you have a responsibility and how insecure it is to leave 1PW unlocked, and how you will never allow this. Yet, at the same time, you actually do allow it in one of your apps (1P X). That makes no sense at all.
0 -
And while we are at it, the other thing that makes no sense is this:
Both options disabled. Yet 1P keeps locking itself after 10 minutes or so. Why do this if you have these options in the preferences?
0 -
If 1Password’s lock options are not operating as you expect them to I'd like to ask you to create a diagnostics report from your Mac, preferably just after 1Password locks when you didn’t expect it to:
Sending Diagnostics Reports (Mac)
Attach the diagnostics to an email message addressed to
support+forum@agilebits.com.With your email please include:
- A link to this thread:
https://discussions.agilebits.com/discussion/86063/ - Your forum username:
cryptochrome - The time that 1Password locked (so we can attempt to line that up with log entries from that time)
That way I can "connect the dots" when I see your diagnostics in our inbox.
You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so I can track down the diagnostics and ensure that this issue is dealt with quickly. :)
Once I see the diagnostics I'll be able to better assist you. Thanks very much!
Ben
0 - A link to this thread:
-
Ben... wait... are you saying it shouldn't auto-lock with these options disabled?
0 -
Please send the report and we can take a look.
Ben
0 -
@cryptochrome: As I mentioned originally, you can go through and disable a lot of security preferences in the app. That will affect how often and under what circumstances 1Password auto-locks.
0 -
I am getting more and more confused, haha. Maybe I am hitting a language barrier here (English not being my native tongue). I am sending the report right after this.
Just one question:
If I disable these two options (screenshot above), 1P should not auto-lock when the computer is idle nor when the screensaver pops in, correct?
Sending report now.
0 -
@cryptochrome: That's correct. And I'm sorry if there's been a miscommunication on my part as well. Just to clarify, are you seeing 1Password lock when it shouldn't based on how you've configured 1Password Preferences > Security?
0 -
No worries and apologies for my aggressive tone.
Yes, that's what's happening. I use my computer, 1PW is open. I go grab a coffee and when I come back 1PW is locked. No screensaver, no sleep. Nothing but a few minutes of idle time.
Thanks. Report sent.
0 -
@cryptochrome: No problem. I see we've got your email, so we'll take a look and continue the conversation there. :+1:
ref: ITF-24512-498
0
