Lock Settings and Quick Unlock Code

jhollington

I do like the new consolidated Master Password design in 1Password 4 with the addition of the Quick Unlock Code for quick and easy access while on the go.



However, I have observed the following behaviour in regard to the various "Lock" options in Settings. I don't know if this is a bug or if it's an intentional design decision, but if it's the latter, it's very confusing since the word "Lock" is actually being used to mean two different things -- either a "full" lock which requires the Master Password to be re-entered or a "quick" lock which requires only the Quick Unlock Code.



Specifically, there are three options in Settings that affect 1Password locking:[list]

[*][b]Auto-Lock: [/b]When enabled, 1Password will perform a "full" lock after the specified interval, requiring the Master Password to be entered when returning to the app. This will be the case even if the user has done nothing more than sit at the home screen.

[*][b]Lock On Exit: [/b]When enabled, a "quick" lock is performed, requiring the Quick Unlock Code to be entered when returning to the app. When disabled, no code is required when returning to the app. In both cases this is provided any specified Auto-Lock interval has not expired, in which case the Master Password will be required instead.

[*][b]Lock Now[/b]: This is simply a button which always performs a "full" lock and exits 1Password, requiring the Master Password to be entered when returning to the app.

[/list]

There's also an asterisk beside the [i][b]Lock On Exit [/b][/i]option which doesn't seem to be clarified anywhere yet. Perhaps this is where an explanation of this behaviour will go, but I'd suggest that if this is indeed the way things are intended to work, the terminology should simply be changed entirely. Something like "Quick Lock on Exit" might at least offer some additional clarity on what the option does (I realize that sounds awkward -- perhaps somebody else can suggest a better name for the function).



Personally, I'd also prefer to see another option on the Auto-Lock screen that allows the user to choose either a "full" lock or a "quick" lock for the auto-lock interval. This would allow the option of turning the [b][i]Lock On Exit[/i][/b] option OFF while still allowing the app to be "quick" locked after a short time interval -- useful in those cases where a user is rapidly switching back and forth between 1Password and another app to look up or enter data (e.g. multiple clipboard copy/paste operations). I think this would be simpler than going with the style of the two completely separate lock intervals that 1Password 3 used.

MikeT

Hi there,



I can understand the confusion, let me explain it the best I can at the moment. We plan to explain how it works in details in an article later on.



First thing is that your master password is always required to unlock the app completely, that's why it's the first screen you see when you use the app for the first time on that day. All the settings starts working after that initial unlock:



1. The [b]Auto-Lock[/b] setting does not mean it'll be reverted to the master password, it means to lock the app with the lock settings it has. If quick unlock code is on, that's the primary unlock requirement and master password is secondary after the first incorrect code. If quick unlock code is turned off, only the master password as primary is required and there's no secondary in place.

2. [b]Lock on Exit[/b] just means to lock the app every time you leave 1Password and the app lock depends on what the primary/secondary system you configured. So, if you configured quick unlock code, it means to show you the quick unlock every time you switch back to 1Password, even if the auto-lock kicks in. If you didn't turn on quick unlock code, only the master password is used.

3. [b]Lock Now, [/b]means to lock the app as you're intentionally forcing it. So only MP is allowed to unlock it.



The asterisk you see on [i]Lock on Exit[/i] is to indicate if it is turned off or on when you go to Settings > Security. You'll see [b]Auto-Lock[/b] or [b]Auto-Lock*. * [/b]means [i]Lock on Exit [/i]is turned on, so you don't need to go into Auto-lock to see it.



Please let me know if this helps and if you have more questions.



Thanks!

jhollington

Thanks for the reply. That all basically makes perfect sense and is more or less how I would expect it to work. The confusion arose from the fact that point #1 -- the [b]Auto-Lock[/b] setting is not currently working in the way that you describe it...



[quote name='MikeT' timestamp='1353565591' post='63685']

1. The [b]Auto-Lock[/b] setting does not mean it'll be reverted to the master password, it means to lock the app with the lock settings it has. If quick unlock code is on, that's the primary unlock requirement and master password is secondary after the first incorrect code. If quick unlock code is turned off, only the master password as primary is required and there's no secondary in place.[/quote]



Currently the Auto-Lock setting requires the Master Password once the timeout expires, regardless of whether a Quick Unlock Code is set or not.



For example, if I have the following settings:[list]

[*]Quick Unlock Code: ON

[*]Auto-Lock: Never

[*]Lock on Exit: ON

[/list]

Then the app will require a Quick Unlock Code when returning to the app regardless of how long it has been dormant (unless it has been closed by iOS, of course).



However, if I have the following settings:[list]

[*]Quick Unlock Code: ON

[*]Auto-Lock: 2 minutes

[*]Lock on Exit: ON

[/list]

Then the app will require the Quick Unlock Code when returning to the app within two minutes. After two minutes expires, the Master Password will be required instead. The same applies regardless of the interval (I only tested it up to 5 minutes <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' /> I think it's a fair assumption that this would be the case for longer Auto Lock intervals as well).



So I guess this is indeed a bug rather than intentional behaviour.



Mind you, this scenario begs the question of whether the [b]Auto-Lock[/b] interval and the [b]Lock on Exit[/b] setting are actually redundant. If the [b]Auto-Lock[/b] interval is only supposed to require the Quick Unlock Code, then the [b]Lock on Exit[/b] setting is effectively just an auto-lock interval of zero. I suppose the Auto-Lock interval applies if you leave 1Password [i]open[/i] on the device, but that strikes me as an edge case that would generally only affect those who have set the iOS auto-lock to a longer interval (or none at all), since the iOS screen lock effectively triggers the "Lock on Exit" behaviour anyway, since apps now effectively go into the background when the screen is off (IIRC, a behaviour that changed in iOS 5).

Smithjw

One thing I'd like to see with the Master password is that if I choose to set a number sequence as my master password, when I need to enter it, only the number field should show just like for the Quick Lock code. Is this possible?

MikeT

[quote name='jhollington' timestamp='1353610296' post='63759']However, if I have the following settings:[list]

[*]Quick Unlock Code: ON

[*]Auto-Lock: 2 minutes

[*]Lock on Exit: ON

[/list]

Then the app will require the Quick Unlock Code when returning to the app within two minutes. After two minutes expires, the Master Password will be required instead.

So I guess this is indeed a bug rather than intentional behaviour. [/quote]



You guessed correctly, it should've asked for the quick unlock code after the auto-lock kicks in as well. Even if you turn off [i]Lock on Exit[/i], it should've ask for the quick code after the auto-lock time kicks in.



I'll confirm with the devs as I'm seeing what you're seeing now. It was working for me a week ago but now it appears to be a regression. I'll let you know as soon as I know more.



[quote name='jhollington' timestamp='1353610296' post='63759']

Mind you, this scenario begs the question of whether the [b]Auto-Lock[/b] interval and the [b]Lock on Exit[/b] setting are actually redundant. If the [b]Auto-Lock[/b] interval is only supposed to require the Quick Unlock Code, then the [b]Lock on Exit[/b] setting is effectively just an auto-lock interval of zero. I suppose the Auto-Lock interval applies if you leave 1Password [i]open[/i] on the device, but that strikes me as an edge case that would generally only affect those who have set the iOS auto-lock to a longer interval (or none at all), since the iOS screen lock effectively triggers the "Lock on Exit" behaviour anyway, since apps now effectively go into the background when the screen is off (IIRC, a behaviour that changed in iOS 5).

[/quote]



You're correct, the auto-lock applies when you're still using 1Password and not leaving it. It's not an edge case, a lot of people do this.



Even now with a more powerful integrated tabbed browser, people are going to use 1Password's browser for longer period of times, so people would want 1Password to lock itself if they left it open for a while with a longer or no iOS lock. A lot of people don't set up iOS lock, they prefer to leave that unlocked and use 1Password to isolate their date.



For an example, the iPad being shared between family members.



Given the security nature, it's best to be a bit more flexible with how often 1Password should lock.



[quote name='Smithjw' timestamp='1353614840' post='63774']

One thing I'd like to see with the Master password is that if I choose to set a number sequence as my master password, when I need to enter it, only the number field should show just like for the Quick Lock code. Is this possible?

[/quote]



No, this is a major security risk. You'd be exposing the fact to everybody who sees the number keyboard that your master password consists of only numbers and that is significantly easier to crack/guess than an alphanumeric+special characters password.

jhollington

[quote name='MikeT' timestamp='1353617727' post='63778']You're correct, the auto-lock applies when you're still using 1Password and not leaving it. It's not an edge case, a lot of people do this.[/quote]

Fair enough. To be honest, I had forgotten about the integrated browser aspect, as I've never used that very heavily. I suspect that will probably change with 1Password 4 <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



[quote]A lot of people don't set up iOS lock, they prefer to leave that unlocked and use 1Password to isolate their date.[/quote]

Granted, but I'm talking simply about the screen lock, regardless of whether user has set a device passcode or not. Once the screen turns off, 1Password has effectively "exited" as far as the [b]Lock on Exit[/b] setting is concerned.



That said, I can agree that some people would use longer timeouts, particularly on the iPad.



This brings up another question, however: Does the [b]Auto-Lock[/b] interval only apply when 1Password is open but idle, or will it lock after the specified time regardless of what you're doing? If somebody is surfing around using the integrated browser, for example, a longer idle timeout may never be reached.



[quote]Given the security nature, it's best to be a bit more flexible with how often 1Password should lock.[/quote]

I guess ideally I'd like to see a scenario where the Quick Unlock Code is only required after the auto-lock expires -- that is to say I could leave [b]Lock on Exit[/b] disabled entirely with a short [b]Auto-Lock[/b] interval to allow me to easily move in and out of 1Password when copying and pasting multiple pieces of information into other apps. The good news is that I think based on how you're saying 1Password [i]should[/i] be working, that's pretty much what we'll have once the bug is fixed.

MikeT

Correct, hopefully, everything makes more sense once the bug is fixed and/or we decide to change something to simplify it.