Auto Locking when Locking Windows

Can you guys provide an option in OnePassword X to DO NOT lock it automatically when we lock Windows? I am locking roughly 15-20 times a day my computer at work and need every time to enter the password again. Honestly this is a pain in the neck. I understand that it could be for security reasons but please allow me to do it in some advanced options.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Would be great to have 1password having his own DB of nice logos for websites to avoid to edit them

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @thatann44: Thanks for getting in touch! It's something we'll consider, but we don't want to lower the bar for security unnecessarily. For example, if you're locking the machine, arguably it's for good reason. Can you tell me more about what you're trying to do? Maybe there's something else that can help. :)

  • thatann44
    thatann44
    Community Member

    Yes, so to be honest I reverted to OnePassword 6 on Windows, just because of that. When I lock my computer (windows) I don't want OnePassword to be locked as well. Otherwise I need to unlock windows and unlock OnePassword everytime which is painful. You already provided the option to disable this in OnePassword6 but not in X. Can you please add it?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @thatann44: Indeed, 1Password 6 already has a year of development behind it. We've got a lot of other features we still want to add to 1Password X since its release a few weeks ago. Like I said, it's something we'll consider. Thanks for letting us know you'd like that option. :)

  • thatann44
    thatann44
    Community Member

    Cool thanks @brenty !

  • AGAlumB
    AGAlumB
    1Password Alumni

    Likewise, thank you for your feedback on how you'd like 1Password X improved! It's always good to know what people are looking for. :chuffed:

  • Cartman
    Cartman
    Community Member

    Please move this up on the wish list. Having to unlock the computer and then 1Password X is getting mildly annoying but will soon move into the extremely irritating category... ;)

    Starting to get complaints from some of our test users before we deploy it company wide.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Cartman: Thanks for getting in touch! I'd love to hear more about your setup and use case. We don't have the same system access with 1Password X running solely in the browser, but perhaps we can make it work in conjunction with our native apps in the future to allow more granular security options. :)

  • marcelogrsp
    marcelogrsp
    Community Member

    Hi guys, I have been using another vault, BitWarden and I liked its option to never lock the app after windows restarting.
    Is it possible to do the same in 1Password now?

    I have my password written down in a sticky notes, this is not safe.
    I though about a security key, like google has with its lock key in a encrypted key dongle.
    https://support.google.com/accounts/answer/6103523?hl=en-GB

  • kaitlyn
    kaitlyn
    1Password Alumni

    @marcelogrsp – As far as I know, there isn't a way to keep 1Password unlocked after it's quit completely. The same will go for 1Password X. Since it's operates inside the browser, if the browser is fully quit then 1Password X will be quit, and therefore locked, as well.

  • marcelogrsp
    marcelogrsp
    Community Member

    Hi,
    I have a huge drawback when using 1Password on windows.
    I set up Windows Hello unlocking and the 1Password still locks itself after reboot the PC.

    This is so so so so so annoying and unsafe since I have my master password saved in a txt file, because it is huge! And of course it is huge, it is my MASTER PASSWORD, it should be stored with encryption! How can you ask me my master password to unlock the app when my fingerprint is thousand times safer than it.

    I use 1Password on iPad and iPhone, and on these devices I am able to unlock with Face ID after restart the mobile devices, why not having the same on Windows, please!

    Another safe idea is using a encrypted usb stick with a key to unlock the app, much better than type my master password right? Asking for type the password makes us creating a easy and memorable MASTER PASSWORD! Dear God, who wants to remember the master password easily? Sorry for me it doesn’t make sense in 2020.

    Is it possible to unlock with Touch ID on Mac after restart the machine?

  • ag_ana
    ag_ana
    1Password Alumni

    @marcelogrsp:

    This is so so so so so annoying and unsafe since I have my master password saved in a txt file, because it is huge! And of course it is huge, it is my MASTER PASSWORD, it should be stored with encryption!

    Please do not store your Master Password in a text file, it's very unsafe. You should not have your Master Password stored anywhere that way.

  • marcelogrsp
    marcelogrsp
    Community Member

    So what is 1Password doing to avoid that, or, what suggestion do you give me?

    Thank you,

  • DanielP
    DanielP
    1Password Alumni
    edited February 2020

    @marcelogrsp:

    So what is 1Password doing to avoid that

    If you are suggesting that 1Password should prevent insecure behavior from happening outside of 1Password at the level you are describing, the answer is that it cannot do that. You are the owner of your computer, and therefore you are free to do whatever you want with your machine, including performing insecure actions if you so wish. 1Password cannot control what you do on your computer this way (and even if it could, an app should not dictate what you are and are not allowed to do with the device you own). I believe only you should be able to do that.

    If you want to store your Master Password in a cleartext file, no app on your device can stop you from doing that. This is a human decision, and therefore needs to be prevented with a human decision as well. It should be noted that you already have a secure alternative to this (i.e. type your Master Password instead of storing it in a text file): you chose to do this in an alternative way though, so the problem exists at a different level of your security posture.

    what suggestion do you give me?

    What we can do is indeed offer you suggestions on how to approach this in a more secure way, at the same time while trying to offer you an increase in the usability of your system, which I believe is the current pain point in your environment.

    The issue is likely not that you have to type your Master Password too often: in my experience, when I read this sort of complaint, it's rather because the complexity of your Master Password weighs much more than the security benefit that you perceive your password manager is offering you. If you lean too much towards the security end of the spectrum, you risk avoiding security altogether, because the impact on your day to day usage is just too much to bear for you. Storing your Master Password in a text file and copy/pasting it regularly instead of typing it is a clear symptom of this.

    To avoid this, I can suggest something that I found useful for me: I recommend using a random Master Password, but which is also memorable. And the best way to do this is to use the word-based password generator instead of a string of random characters. I will use the 1Password password generator to show you two examples of what I mean:

    eD4qiUhJDRZgpfMnxkU,wVj4
    

    Something like this is a nightmare to type regularly. And since the idea behind 1Password is to remember only one password (indeed, that's the reason for its name), your Master Password will often be the only one you will have to type on a regular basis. It makes sense, therefore, to make sure it is also easier to type. Something like this is longer than the one in the previous example, but it is way more memorable and easier to type too:

    python eminent multiply cannot
    

    So if you are struggling with having to type your Master Password, my first recommendation would be to switch to a word-based password.

    How you are going to configure the password generator will be up to you, based on your preference, but no matter how you do this, it will be infinitely better than storing your Master Password insecurely on your device, unencrypted. Something like this can undermine the security of your whole system, so already switching to a Master Password that you are going to type instead of copy-paste will already offer you a big benefit.

    ===
    Daniel
    1Password Security Team

  • marcelogrsp
    marcelogrsp
    Community Member

    Thanks Daniel,
    Does 1Password also lock on MacOs after reboot?

  • DanielP
    DanielP
    1Password Alumni

    @marcelogrsp:

    Yes: since we don't store your Master Password anywhere for your privacy and security, 1Password cannot retrieve the Master Password for you and unlock automatically, since it's not stored anywhere on your system. If 1Password were able to do this, it would mean that your Master Password was stored unencrypted on disk, which is exactly what we are trying to avoid here.

    From this point of view, 1Password doesn't behave any different than macOS itself: while you can login to macOS using TouchID, macOS requires you to enter your user password after a reboot. It does not allow you to authenticate with your fingerprint in that scenario; if it did, it would mean that your user password was stored somewhere unencrypted.

    ===
    Daniel
    1Password Security Team

  • Stevoisiak
    Stevoisiak
    Community Member
    edited July 2020

    Seconding the request for an option to not lock 1Password X when locking Windows.

    When I lock my PC, I already need to enter a password to regain access. Locking 1password just adds an extra step of entering another password when I come back.

    So far, the only "solutions" I can think of are to stop locking my PC when I leave, or use a shorter, easier to type password for 1Password, which obviously isn't what I want to do.

  • ag_ana
    ag_ana
    1Password Alumni

    @Stevoisiak:

    So far, the only "solutions" I can think of are to stop locking my PC when I leave, or use a shorter, easier to type password for 1Password, which obviously isn't what I want to do.

    You should always lock your PC when you leave it unattended. As for the Master Password part, if your password is too complicated to type, you can choose one that is easier to type without necessarily making it shorter, if you choose a word-based password:

    How to choose a good Master Password

  • Stevoisiak
    Stevoisiak
    Community Member
    edited July 2020

    @ag_ana

    You should always lock your PC when you leave it unattended.

    I currently lock my PC when I leave. I would like to avoid having to enter a second password to unlock both my PC and 1Password X, similar to the option to not lock when going to sleep.

    As for the Master Password part, if your password is too complicated to type, you can choose one that is easier to type without necessarily making it shorter, if you choose a word-based password:

    I already use a word based password. I would prefer to not change it.

  • ag_ana
    ag_ana
    1Password Alumni
    edited July 2020

    @Stevoisiak:

    I would like to avoid having to enter a second password to unlock both my PC and 1Password X, similar to the option to not lock when going to sleep.

    My understanding is that not locking is different than unlocking automatically: there is no connection to your PC password and your 1Password Master Password, they are entirely separate. While we can prevent 1Password from locking, we cannot unlock it without entering the Master Password.

    Because of this, I am not sure how we would even do this without security tradeoffs (as Daniel mentioned above).

    I already use a word based password. I would prefer to not change it.

    Fantastic! There is no need to change it then :)

  • Stevoisiak
    Stevoisiak
    Community Member
    edited July 2020

    @ag_ana

    Ah, I think I may have made a mistake on my end. For some reason, 1Password X appeared to be auto-locking itself every time I locked Windows. However, I can't seem to reproduce the issue. My apologies 😓

  • ag_ana
    ag_ana
    1Password Alumni

    No worries at all @Stevoisiak! Let us know if there is anything we can do to help :+1:

This discussion has been closed.