Feature request: Unlock in Secure Desktop

In 1Password 4, I loved the feature of "unlock in secure desktop" because then I could be sure no other (medium-integrity) app could snoop on 1Password's keyboard input. Would this feature be added to 1Password 7 later on, or has it been phased out?


1Password Version: 7.0.532
Extension Version: 4.7.1.3
OS Version: Windows 10 Pro 1703 (Creators Update)
Sync Type: Dropbox

Comments

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Smileybarry,

    Thanks for requesting this.

    Yes, at the moment, this is on our list to add in a future update. I don't want to say for sure because we may find a better solution and more integrated than Secure Desktop.

    ref: OPW-1224

  • @MikeT Awesome! Thanks. :smile:

  • MikeTMikeT Agile Samurai

    Team Member

    👍

  • bkhbkh

    Yes, at the moment, this is on our list to add in a future update. I don't want to say for sure because we may find a better solution and more integrated than Secure Desktop.

    I'm delighted to hear this. With all the recent rhetoric about avoiding security theater, I was concerned that AgileBits would be moving away from defense-in-depth mitigation techniques such as Secure Desktop, under the rationale that if your local machine is compromised (the only reason to want Secure Desktop) then you theoretically have already lost all your secrets.

  • MikeTMikeT Agile Samurai

    Team Member
    edited April 2018

    Hi @bkh,

    if your local machine is compromised (the only reason to want Secure Desktop) then you theoretically have already lost all your secrets.

    That is true and no, Secure Desktop does not protect against a system compromise. All it takes is to hijack the original Windows file that handles Secure Desktop and you're compromised fully. There is nothing that can protect you in this case.

    All Secure Desktop does is protect you against keyloggers running in your user account that does not have admin privileges. It does not protect you against anything else.

  • bkhbkh

    Thanks for the clarification. By "compromised" I didn't mean they have admin, just that they had malware running. Someone could argue that if they have malware running then you're already in trouble, and in this case perhaps mitigations are giving a false sense of security. I think there is value to protecting against certain subsets of attacks, even in cases where the protection is neither absolute nor comprehensive. I recognize that reasonable people can argue both sides of that viewpoint.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @bkh,

    Someone could argue that if they have malware running then you're already in trouble, and in this case perhaps mitigations are giving a false sense of security.

    It is. Imagine a fake UAC prompt asking for your admin passwords or imagine a fake secure desktop view asking for your 1Password master password? All of which is entirely possible if you don't pay close attention all the time.

    It's just that at some point, you'll be spending more time on trying to defend against something already easily bypassed by a different attack point where you'd be better off protecting the system on a higher level. In this case, having a better security habit of updating the OS, running an AV, content blocker, network firewall, and so on.

  • I just upgraded from version 4 and was disappointed that this is missing.

    One other benefit that hasn't been mentioned is that the Secure Desktop gives a very clear visual cue to me and prevents me from accidentally typing my master password into some other (not necessarily malicious) window if focus ends up in that other window while I'm typing my master password. My master password is long and complex enough that I look down at my keyboard instead of at the screen while typing it, so this is not such a far-fetched scenario.

    I hope whatever solution you come up with for the future considers this. Thanks!

  • brentybrenty

    Team Member

    @eatcookies: That's a really good point! We don't want to give people the impression that Secure Desktop can protect them if their machine is compromised, but you're right that it could help prevent someone from entering their Master Password into the wrong place, say in the web browser. We'll continue to evaluate this as we work on future updates. Thank you!

  • Like others, after upgrading 1Password for Windows to version 7, I was disappointment secure desktop support was not included. I realize it's not perfect, and can be subverted in many ways. But, as a Pentester, I drop keyloggers and migrate into users processes all the time. Until 1Password adds Secure Desktop support I cringe every time I enter the master password.

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @Dingofest2,

    Thanks for letting us know and yes, we do understand that. It is still on our list to implement as soon as we can.

  • Hey @MikeT

    Wondering if there's any movement on the Secure Desktop feature request?
    Any idea when we can expect it. Is v7 realistic or is this a future v8 feature?

  • bundtkatebundtkate

    Team Member

    @Dingofest2: We try not to share ETAs until something is all but heading out the door. We may plan to have a given feature in the next update, but later find something super urgent comes up or that what we thought would work just doesn't. We've learned from attempting to make promises in the past that what we envision for the future rarely turns out to be wholly correct. What I can say is that we're not even thinking about 1Password 8 right now – 1Password 7 is only months old, after all – so anything we're considering now we're considering for a 1Password 7 update at some future date, but anything more precise than that would be a wild guess at best.

  • MikeTMikeT Agile Samurai

    Team Member
    edited December 2018

    Hi guys,

    1Password 7.3 Beta 2 is now available with Unlock using Secure Desktop feature.

    /cc @Dingofest2 @eatcookies @bkh

    We will continue to improve on this, we'd like to find a way to blend both Windows Hello and Secure Desktop as well if possible.

  • bkhbkh

    Thanks for the notification, Mike. I've upgraded to 7.3.612 and am looking forward to being able to launch 1Password after a PC reboot without all those other processes stealing focus right while I'm in the middle of typing my master password.

  • MikeTMikeT Agile Samurai

    Team Member

    Let us know how it turns out, it should definitely work better in that situation.

  • bkhbkh

    It is nicely effective in making sure the focus isn't stolen while I'm entering the master password.

    Are there plans to make it configurable as a default in preferences/settings? If not, I'd like to propose that for the list of requested features, as it's a minor nuisance to have to click the shield each time.

  • MikeTMikeT Agile Samurai

    Team Member
    edited December 2018

    Hi @bkh,

    Are there plans to make it configurable as a default in preferences/settings? If not, I'd like to propose that for the list of requested features, as it's a minor nuisance to have to click the shield each time.

    Yes and you don't need to click the shield, press Control + Enter in the master password field to bring it up.

    For now, we just need to make sure Secure Desktop is working as expected before we build more on top of it.

  • bkhbkh

    Thanks for the tip. I'm happy to have the secure desktop back; thanks to all those who made it happen.

  • MikeTMikeT Agile Samurai

    Team Member

    On behalf of the team, you're welcome. We still have a long way to go but 2019 is already starting off nicely. We can't wait to add more soon.

  • Is Unlock on Secure Desktop mode available (or will be available) for MacOS?
    Thanks

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @1pwuser31547,

    It's already built-in for 1Password for macOS as macOS has a feature called Secure Input that lets app ask the OS to secure the password fields against any other processes that could listen in. So, there is no separate thing that needs to be done on macOS, this is only needed on Windows.

  • Thanks!
    So that Secure Input in Mac is automatically enabled in Mac OS? It’s not something I have to manually enable on my Mac?

    Is it present in iOS? (I know that iOS by design/APP store filtering is much less susceptible to malware)

    Thanks again

  • warpspeedwarpspeed

    Curious why there's not an option in the Windows version to 'always use Secure Desktop' to unlock. i.e. so that when one goes to unlock 1P, it goes straight to the secure desktop without having to manually invoke it.

  • brentybrenty

    Team Member

    So that Secure Input in Mac is automatically enabled in Mac OS? It’s not something I have to manually enable on my Mac?

    @1pwuser31547: Great question! :) Secure Input is part of macOS and iOS, and it's something developers set for their apps, sometimes just for specific fields (like a password field in a login form), or for the whole app (which we do in 1Password for security, since pretty much everything in it can be sensitive).

  • brentybrenty

    Team Member
    edited July 17

    Curious why there's not an option in the Windows version to 'always use Secure Desktop' to unlock. i.e. so that when one goes to unlock 1P, it goes straight to the secure desktop without having to manually invoke it.

    @warpspeed: Also a great question! It's something we'll continue to evaluate, but when we first introduced the feature we found that it causes issues in some configurations, like freezing and crashing. So we're a bit cautious about it, since that could get someone into a situation where they are locked out of 1Password because Secure Desktop is being invoked automatically.

  • Thanks Brenty!

  • warpspeedwarpspeed

    Thanks @brenty sounds like a valid concern.

    Perhaps some sort of fall-back mechanism to go along with it if it's ever made an option. Like launching 1Password.exe with /no-secure-desktop-unlock or something, as a command line option. Perhaps add an option initially in the Advanced Settings/Options/Preferences section, so not everyone beyond those that'd go poking would notice (and then later on if it turns out okay, make it more obvious, and so on, until an option to turn it on permanently is front and centre). With a command line override, if someone does turn it on, and it causes a loop or consistent failure, they can get out of it by invoking 1Password in that manner. Pop that into a support article on your website. If someone is smart enough to go poking, they're likely smart enough to search for a solution. You could then somewhat infer how often its an issue based on how many times the article is hit up.

  • brentybrenty

    Team Member

    @1pwuser31547: You're very welcome! :chuffed: :+1:

  • brentybrenty

    Team Member

    @warpspeed: I like how you think, but I really don't think it would be good for most users to need to find and use a command line argument to get out of a situation like that; and if it's crashing things, 1Password won't be able to do anything to get them out of that itself. I'd say they shouldn't be put in that position in the first place. I do hope we'll be able to find a better solution in the future though. For now, you can click the "shield" icon or press Ctrl Enter to invoke Secure Desktop before typing anything. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file