Question about Quick Unlock Code

luke1970

Ok, I brought now my database from Mac->iOS.

iTunes sync is [b]very[/b] circumstantial!

I missing WiFi sync.



Next:

I missing [b]low password login[/b] feature (quick unlock code) like in 1Password3 Pro (iOS).

High password is ok for iCloud and DropBox sync/backup.



But when I use iTunes sync/backup I do not need high password login.

jhollington

[quote name='luke1970' timestamp='1355385022' post='64970']I missing [b]low password login[/b] feature (quick unlock code) like in 1Password3 Pro (iOS).[/quote]

1Password 4 introduces a Quick Unlock Code that can be enabled under [i]Settings->Security[/i] which will be used to return to the app in place of the Master Password as long as the app remains open in the background. To use this effectively for avoiding the Master Password prompt as much as possible, you need to set [i]Auto-Lock[/i] to "Never" and [i]Lock on Exit[/i] to enabled. The [i]Auto-Lock[/i] timeout, if set, will return you back to requiring the Master Password, so it's best to leave this off if you want to use the Quick Unlock Code as much as possible.



Keep in mind that if iOS terminates the background app for whatever reason (usually low memory), you'll be prompted for the Master Password again, but in my own experience this happens pretty infrequently unless you're using a lot of apps with high memory demands (such as sophisticated games like Infinity Blade).



[quote]High password is ok for iCloud and DropBox sync/backup. But when I use iTunes sync/backup I do not need high password login.[/quote]

One isn't necessarily connected to the other. The Master Password isn't used for syncing at all any more -- it's simply to log into your data, which is important if your device is lost, stolen or otherwise compromised. It's essentially the encryption key for your data, and 1Password 4 no longer bothers using a separate set of keys in the iOS version -- it's essentially the same everywhere.

JDW

[quote name='jhollington' timestamp='1355413784' post='65026']

... if iOS terminates the background app for whatever reason (usually low memory), you'll be prompted for the Master Password again, but in my own experience this happens pretty infrequently unless you're using a lot of apps with high memory demands (such as sophisticated games like Infinity Blade).

[/quote]

Actually this occurs quite frequently for me on my iPad 3 and has since I purchased the iPad in March this year. And no, I do not run infinity blade either. I run a lot of different apps. And I prefer not to have to quit each one of those apps to keep a lot of memory free. So it never fails that after I switch between Facebook, Mail, Flipboard, Newstand, and mobile Safari several times that when I finally switch back to one password, it prompts me for the master password. I have Auto Lock set to NEVER. I've actually written to Agile about this in the past, and they simply replied that it's a memory issue outside their control. They say it shouldn't occur very often, but in my experience it occurs very often. Perhaps the ultimate blame lies with Apple for not putting enough memory in the iPad 3. But the fact remains I have to enter my master password in one password 3 a lot of the time.

jhollington

To be fair, I run 1Password more on my iPhone 5, which does have more RAM than my iPad 3. However, I also find it easier to deal with the Master Password on my iPad 3 as it has a larger keyboard, and the Quick Unlock Code doesn't get a special keypad on the iPad anyway <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />

JDW

What is Quick Unlock?



I still use one password 3. And I've always kept Auto Lock set to OFF. So whenever I'm prompted for my password, and like I said it is unfortunately quite frequent that I am asked for it, I always am forced to enter my master password. That's why I really don't understand all the griping and complaining over the new system in one password 4. Will it be different for me if I upgrade to version 4, or will the password experience be the same as what I'm seeing now?

jhollington

Quick Unlock is completely different from the PIN that was used in 1Password 3.x.



The short answer is that all data in 1Password 4 is protected with your actual Master Password, in the same way that it is on the desktop and in your files in Dropbox. The Quick Unlock Code is simply a way to get back into the app when it's already running -- 1Password 4 keeps the keys in RAM while the app is active, and simply uses the QUC as a barrier to [i]access[/i] -- it has nothing to do with encryption. If 1Password 4 is pushed out of RAM, or your reboot your device, you'll be prompted for the [i]actual[/i] Master Password (from the desktop). You also only get [u][i]one[/i][/u] attempt to enter the QUC before you're prompted for the Master Password instead.



The longer explanation:



In 1Password 3.x, a two-tiered system was used to actually [i]protect[/i] (i.e. encrypt) your data on your device, using a PIN (low security) and "master password" (high security). These were both different from the [i]actual[/i] Master Password used to encrypt your 1Password data file on your Mac/PC or on a service like Dropbox. Essentially, when syncing to your iOS device from Dropbox, you supplied your actual Master Password (which was stored in the iOS keychain, BTW) so the data could be decrypted and re-encrypted for the iOS version to use the two-tier password system.



In theory, if you protected every item with a high-security password that was equivalent to your desktop Master Password you'd have the same level of security on your iOS device as on your desktop database. Most users, however, chose significantly shorter and easier-to-type passwords even for their iOS "master" password, and of course many things were set to simply "low" security so that only the very insecure PIN was required. This was considered a reasonable tradeoff for a number of reasons, not the least of which (for me) was the fact that I considered my iOS device to be more secure (on my person, password protected, remote wipe enabled, etc) than my 1Password data file lying in my Dropbox.



In 1Password 4, there are no longer ANY separate passwords in the iOS app for encryption. 1Password 4 simply uses the [i]real[/i] Master Password, same as in the Mac and Windows version, and the same one that's used to actually encrypt the main 1Password data file. This is a much more secure solution since the iOS data is encrypted with the most secure password available and it no longer needs to be stored on the iOS device. This is also less confusing as you use the same password everywhere, not a different one on the desktop from the iOS side. Of course, the downside is that you will be required to use your full actual Master Password on the iOS side more often, which is where the Quick Unlock Code comes in -- as long as 1Password remains in memory, you will be prompted for the Quick Unlock Code instead of the full Master Password when returning back to 1Password.



Whether you'll see a different user experience in 1Password 4 based on your past experiences is hard to say, but it's likely you'll find yourself asked for the Master Password more often if 1Password is being pushed out of memory between uses.



The good news, however, is that you don't need to use an ultra-long and hard-to-type Master Password to be secure. Properly constructed human readable passwords of reasonable length (four to five random words strung together) are generally more than sufficient, and if you're using a completely random Master Password, you could probably get away with something even shorter. See http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/ and http://blog.agilebits.com/2012/07/31/1password-is-ready-for-john-the-ripper/

JDW

I appreciate the detailed explanation.



It looks as if I can safely update to 1 PSW 4 now. I've read through a lot of threads covering the complaints of others who don't like version 4, but I simply don't see how I will face any serious problems after updating from version 3. I say this because I use Dropbox, I never use WiFi sync, and I'm already forced to repeatedly reenter my master password on my iPad (thanks to Apple for not giving the iPad 3 sufficient RAM).



I'm especially intrigued by the new web browser that comes with 1PSW4, since such has the potential to make my iPad browsing experience more like that on my iMac. Meaning, I can finally have 1PSW integrated into the browser so it's easy for me to fill out forms and enter credit card data directly from the browser, and I'm no longer forced to switch to the 1PSW app to copy out data, then switch back to the browser, and then paste the data.



Thanks again.

jhollington

Just to make sure I was being clear, however, 1Password 4 will require you to enter the same Master Password as you use for 1Password on your Mac. The old, device-specific Master Password is gone.



This means that if you're using a significantly longer Master Password on your Mac, you'll probably find the experience to be slightly more difficult on the iPad, since you'll have to type a longer password in whenever it's required.

cpabster

Yep the integrated browser on 1P 4 is fantastic. It's not perfect, but it's night and day superior to the other solutions I've used in the past (LastPass "Browser" I'm looking at you!)