Locking again with numerical password

Hi guys!

After using the new version a little while I have to say that I hate typing my over 10 letter password every time I want to use 1password.

You should at least leave the option the choose between the original master password or the good old 4 number password.

I loved in the last version that I "only" had a 4 letter password and then an other password to view the actual password details.

Now with a 10 letters pw I make a mistake every time I try to get my password :S

thanksè :D

Comments

  • jhollingtonjhollington Junior Member
    edited November 2012
    If you go into your Security settings, you can set a "Quick Unlock Code" that will be used in place of the Master Password as long as the app remains resident in the background and you haven't locked it manually. Currently, the "Auto-Lock" timeout seems to re-enforce the master password, but I've been in another thread (http://forum.agilebi...ck-unlock-code/) that this is a bug that should be fixed in a future version. In the meantime, you can simply leave the "Auto-Lock" off and use "Lock on Exit" instead along with a Quick Unlock Code.

    Note that if iOS terminates 1Password in the background for whatever reason (usually because it needs more memory for something else), then it will go back to requesting the Master Password instead. In most cases, however, I've found this to be pretty rare if you use 1Password even a couple of times a day, at least on my iPhone 5. Your mileage may vary on older devices as they have less RAM.

    Oh, and for whatever it's worth, I have a 40-character alphanumeric Master Password, so I definitely understand where you're coming from. The Quick Unlock Code, however, seems to have been serving me well so far. I am entering the Master Password a bit more often than I'd like, but that's only because I'm installing new updates so often during the beta cycle :)
  • MikeTMikeT Agile Samurai

    Team Member
    Hi Bertrand,

    @Jhollington got it right, he has a lot of experience with this lately. :)

    The problem with the dual security levels (4-digit/Master Password) is that any items protected with 4-digit is just not secure enough for anybody who uses it.

    For that reason, we've gotten rid of the low security level completely, reduce the complexity with these (you don't have to decide security levels anymore) and ensuring only the master password is required to get into the data file first before you can start using the quick unlock code, so all of your items are protected by the same strong encryption technologies.

    Yes, 1Password 4 may ask for the master password more often but this is needed to make sure your data is protected at all times. Now, even with the quick unlock code, only one incorrect attempt is allowed before the app changes it to ask for the master password instead.

    One more thing, now with 1Password 4, if you change your master password, the encryption keys will sync with the rest of the devices, so they will also have the same master password as well.

    Please let me know if you have more questions.

    Thanks!
  • Question, is this master password the same as the desktop master password? If I change my master password on my iOS device, will this change be reflected on the Mac side?
  • jhollingtonjhollington Junior Member
    edited November 2012
    The short answer is yes.

    Instead of entering the "real" Master Password only when initially setting up sync (and then having it actually stored on the device -- see http://forum.agilebi...on-ios-devices/), 1Password 4 just has you use the "real" Master Password.

    Keep in mind that in many ways the "Master Password" used to get into 1Password 3.x for iOS was a misnomer. The actual Master Password (used in both the desktop app and in 1Password 4 now) is what is used to actually encrypt your data file (indirectly, but part of the key process nonetheless). The "Master Password" on iOS protected the data on your device after a fashion (combined with the low-security PIN), but was ultimately less secure of a solution for various reasons, not the least of which included the risk of lower-security passwords being used as well as the real Master Password being stored in a less-than-secure manner, obfuscated within the iOS Keychain but not really encrypted unless iOS Data Protection is being used.

    None of this was an issue for users who have properly-secured iOS devices, but the reality is that 1Password understandably needs to provide a secure solution for the lowest common denominator, which includes the user who has NO passcode on their iPhone or iPad and therefore is not taking advantage of Data Protection for the iOS keychain.

    Personally, I still have some concerns that the use of the Master Password on iOS devices may encourage users to choose shorter and therefore less secure options for their very critical Master Passwords, but I suppose one could make the argument that if a user is going to do that, they're just as likely to do so on the desktop. However, the Quick Unlock Code seems to be working quite well for me thus far and I haven't found the requirement for a Master Password to be onerous at all, even with my extremely long one.
  • MikeTMikeT Agile Samurai

    Team Member
    @Henry, yes, changing it on your iOS device will sync the encryption keys to your desktops and other iOS devices. It is actually exactly the same one as on the desktop, so you're actually using 1Password now.

    If you need an official answer from us, what Jhollington just wrote is pretty much accurate.

    Let us know if you have more questions.
  • What does Lock on Exit do, and why does it have an asterisk next to it in the settings?
  • MikeTMikeT Agile Samurai

    Team Member
    Hi Henry,

    In Settings > Security, you'll see an asterisk next to Auto-Lock, it just means that Lock on Exit is enabled.

    If it was disabled, the asterisk would not show up next to Auto-lock.

    Lock on Exit means to auto-lock the app each time you leave 1Password. So if you leave 1Password to the home screen or to another app, and come back, 1Password will be locked.
This discussion has been closed.