Feature Request: Quick Unlock Code Toggle / Confirm Code

schmoelschmoel
edited December 2012 in iOS
SUMMARY

Can we put all "Quick Unlock Code" functionality behind a screen guarded by the code itself?

So, when you install you are forced to create a code, regardless of whether it's used or not. Subsequent visits to this new screen require you to re-enter the code - regardless of whether "Quick Unlock Code" is turned on.


DETAIL

When you toggle "Quick Unlock Code" from ON to OFF, it does so without asking you to confirm the current unlock code. Although you are moving from a less-secure to a more-secure state (i.e. code to master key), the fact that you are moving state would suggest you need to confirm identity. Would it be possible to ask for a confirmation of the current code before you allow this to happen?

When you toggle "Quick Unlock Code" from OFF to ON and you have previously set a code, I think you should ask the user to reconfirm the previous code that was set.

You can fix all this by forcing code entry BEFORE viewing/altering the "Quick Unlock Code" state.


RATIONALE

Suppose [total, idiot user edge case]: I leave my phone unlocked and in the settings screen and run to grab some water. Nasty Coworker picks up my phone, toggles Quick Unlock Code to OFF, toggles it back to ON and sets his own code.

If I am later tapping a text message and I am disturbed by a call, I put my phone down. Nasty Coworker picks it up and enters 1Password using the Quick Unlock Code he created.

This is a total edge case, I know the product cannot guard against moron users, but it's a real security red flag that's stopping wider adoption at my company...!

Thanks

Comments

  • thightowerthightower T-Dog Agile's Mascot Community Moderator
    edited December 2012
    Hey schmoel,

    If a user did forget to lock his/her phone and someone changed the code. 1 incorrect entry of the code throws 1Password back to asking for the master password. It was designed this way to prevent such things as you describe. It is also the reason that currently there is no need to confirm the code when you enter it.

    Enter it incorrectly it bounces back to the Master Password. This enables you to reset the code once you enter the Master Password. This should prevent much of the concerns you mention.

    I would like to note this was also brought up in the beta testing. It was mentioned to the developers. I am not sure if they plan on changing the behavior.

    The guys are always looking for idea's on improvement. I am just not sure myself if this will fit in with there feature set. But they are listening to me/you/us user's. They themselves do visit the forums we don't see them very often . But they are here. So please know they do keep up on requests etc. Plus most of the Admins log such requests etc and forward them to the guys (developers).
  • Awesome, I hadn't noticed it dropped back after 1 failed attempt. That may appease the ISO gods... Thank you so much!
  • khadkhad Social Choreographer

    Team Member
    On behalf of thightower, you are quite welcome. :-)

    If we can be of further assistance, please let us know. We are always here to help!
This discussion has been closed.