feature request: more intelligent locking

gveresgveres

I would like to ask for a better locking scheme, one that is just as secure but more user friendly.

I absolutely hate the fact that 1PW locks when I switch away from the app. Think of the main use case: I need to look up a password.

What happens with this main use case is the following:
I open an app - say my Aeroplan app and I have to log in. I don't really remember my user name or password. I have to get these from 1PW.
I switch to 1PW to get my user name first. I have to enter my master password - that's cool. I copy it to the clipboard - oh do i like the fact that copy pops up immediately and that I no longer have to click twice - kudos for that!. Anyway, I copy the user name to the clipboard
I switch back to Aeroplan and paste the user name into the app.
I switch back to 1PW and I have to enter my quick unlock code so that I can now get the password.

I would like 1PW to say unlocked. I have asked for this in the past and the answer I was given was that you wanted it to be more secure, but really, nobody is going to be able to get in and take my iPad out of my hands in the time it takes to switch back and forth.

I think I have a suggestion that can retain the security and improve the usability.
I would like to suggest that there is a setting that only locks 1PW when the iPad itself locks. And that there is a timer that fires (configurable value) that locks it to the quick unlock code.

So if I was switching back and forth between apps and 1PW it wouldn't lock. The premise being that my device is on my the entire time because I am constantly using the device.

When I click the "lock button" on the device, then 1PW would lock as well. If i don't visit 1PW for longer than the timer, then 1PW would lock.

Then if 1PW is entered again after the device was locked - I have to enter the master password.
If I haven't locked the device - I am still using it constantly - but the timer has fired and then I go into 1PW, I have to enter the quick unlock code.

I believe that this is just as secure as how it functions today but drastically improves the usability.

Thanks for listening.
Greg

Comments

  • eznoheznoh

    Just "upgraded" from 1Password for iPod touch and don't want the "Master Password", the "unlock Code" is enough.

    Mike

  • khadkhad Social Choreographer

    Team Member

    One of our goals with 1Password 4 was to make strong security the default. The old PIN code had the downside of being used to encrypt some items and with only 10,000 possibilities, this just wasn't good enough for us to continue with. We did away with that approach in the first iPad version as well. The PIN code was originally conceived as a convenience feature for frequently accessed items in the time before iPhone OS supported fast app switching and background tasks. It was a compromise we were never happy with, but it provided the best balance of security and user experience at the time. We do still have the unlock code available in settings, but it is only used to control access to the 1Password application, never for encryption of any of your data. This means that you need to authenticate with your master password at least once per session in order to be able to use the QUC.

    From the User Guide:

    You can configure 1Password to never prompt the password/code, but this only works after you:

    1. Initially unlock 1Password app already,
    2. Set both Request After and Request Code After to Never, and
    3. Also keep re-opening 1Password once in a while.

    Why the last one? When you stop using 1Password, the iOS app will keep track of how long it’s been in the background in order to ensure there’s enough memory for your current and most recently used apps. 1Password can remain unlocked in memory only until iOS is forced to fully close the app in the background to reclaim its memory block, so that your current apps can use it.

    If the termination has occurred, you’ll have to enter the master password to unlock it.

    Note that the more memory you have in your iOS devices, the longer 1Password can remain unlocked. Keep this in mind when switching to older iOS devices that might see 1Password locked more often.

    I hope that clarifies the situation and our decision a bit. If you have other thoughts or ideas, please let us know. :)

    Cheers!

  • eznoheznoh

    Thanks!

  • khadkhad Social Choreographer

    Team Member

    Happy to help, @eznoh! Enjoy the rest of your weekend. :D

This discussion has been closed.