Lock options

dancodanco Senior Member Community Moderator

Having just changed computers, I am thinking again about what lock options are best for me. Thinking aloud (or silent but posting) helps, as would others' experiences.

I live alone and am not worried about others seeing my passwords normally. But I am concerned about a thief being able to see my unlocked passwords. I did have a couple of Macs stolen some years ago.

My main Mac used to be an iMac. Here I kept everything unlocked, as if it was stolen it would be off, and a thief would need to get past both my login password and my 1PW master password.

But I have now changed to a newer MacBook Pro with an external display. If this were stolen, it would still be running on battery, so it's not safe to have all the lock options off. But with a fair number of them on, I need to enter the password more often than I find convenient. Maybe it is just a matter of getting used to a new practice.

It did make me wonder about the possibility of having different locations with different settings would be useful. That way one could have one lot of lock settings when on mains power and different ones when on battery (or on mains outside the home).

I'm also wondering about changing my master password. Again the muscle memory i have reached with the current password is useful, and it does not take huge amounts of typing if I have to type it often. But it is only nineteen characters. I have just switched to Diceware for Dropbox and AppleID.

Comments

  • From my point of view, the strength of my 1Password master password is more important that the one for either iCloud or Dropbox. If you have a weaker master password than on those services, I would be inclined to advise changing your master password and use Diceware.

    Do remember that in the current version, just changing the master password does not result in re-encrypting the database. This means that if someone gains access, they would be able to use your old password to break in. When I've done this, I've exported my data, used the directions for starting over, and then imported the data afresh. This encrypts the data anew. There have been several requests of the developers to automatically re-encrypt when the master password is changed. I'm hopeful that they will be able to do that in a future release.

  • dancodanco Senior Member Community Moderator

    Yes, that makes sense. Do you have a feeling for the length of a Diceware password for the 1PW master password? My AppleID password (which is limited to 32 characters) is actually 30 characters, five dice words and some numbers (numbers are required), while Dropbox is six dice words plus some extra stuff. But neither of these need more than occasional manual entry.

    For 1PW master password it needs to be secure, but also not too long as it will be typed frequently now I have the MacBook. My computer login password is under twenty characters, but I reckon that is harder to crack even if the machine were stolen as there aren't simple ways of forcing a login password (Yes, it can be done, but the operative word is 'simple").

    Yes, I'm aware of the need to re-encrypt. But setting up a new password comes first.

  • Do remember that in the current version, just changing the master password does not result in re-encrypting the database. This means that if someone gains access, they would be able to use your old password to break in.

    Only if they manage to obtain a copy of the keychain from before you changed it.

  • Personally I have most of the auto-lock options off. The exception is lock when the terminal is locked. I always lock the terminal when I leave it unattended.

  • khadkhad Social Choreographer

    Team Member

    I'll add my two cents.

    If you disable 1Password's auto-lock settings (Preferences > Security) 1Password will stay unlocked all day long. You will only need to type your master password after a fresh login to your OS X account.

    I myself enable only "Lock on sleep" and disable all the other auto-lock settings. 1Password stays unlocked until I (or a thief grabbing my MacBook and running out the door with it) closes the lid. It's not foolproof I suppose, but I pretty much always close the lid on my MacBook when I am done working with it.

    Do remember that in the current version, just changing the master password does not result in re-encrypting the database. This means that if someone gains access, they would be able to use your old password to break in.

    It would be possible to access the current data if someone obtained an old copy of your data and cracked it. It is the same as if they obtain a current copy of your data and crack that. The difference is that your current data presumably has a stronger Master Password in this scenario.

    There have been several requests of the developers to automatically re-encrypt when the master password is changed. I'm hopeful that they will be able to do that in a future release.

    If you haven't read it yet, I would suggest reading the Security: Changing Master Passwords thread. (I've taken the liberty of linking directly to my own post #5 which is as good a starting point as any.) :)

This discussion has been closed.