This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Have many of you have auto-lock on?

No one else uses my iPad and I have a pass code to unlock it.



Is the auto-lock feature there for users that share devices with others? Or are there other potential risks I'm not aware of when not choosing to auto-lock after a certain time.

Comments

  • For me, it's just one extra layer of protection. But yes, one could argue that it's overkill.
  • khad
    khad Social Choreographer
    You may be interested to read a bit more about device passcodes:



    http://blog.agilebits.com/2012/03/30/the-abcs-of-xry-not-so-simple-passcodes/
  • jhollington
    jhollington Junior Member
    edited December 2012
    I have a Quick Unlock Code enabled along with the [i]Lock on Exit[/i] setting, but I have not enabled [i]Auto-Lock[/i]. In the current version of 1Password 4, the [i]Auto-Lock[/i] setting actually requires the full, Master Password after the time interval expires. My Master Password is too long and complex for me to want to type that often, so I prefer to use the Quick Unlock Code as much as possible when returning to 1Password.



    Note that regardless of these settings, the app will only remain unlocked (or "quick-locked") as long as it remains resident in memory. If you run other memory-intensive apps, iOS will push 1Password 4 out of background RAM and it will need to be reloaded the next time you run it, once again requiring you to enter your Master Password.



    To the original question regarding it being overkill, this generally depends on how security-conscious you are regarding your device. If you're using a secure device password (not a simple passcode, but a full, alphanumeric password), and have the [i]device[/i] auto-lock set to a low value with "Require Password" set to "immediate", then you're probably pretty safe regardless of your 1Password settings, as long as you've chosen a sufficiently complex Master Password to [i]encrypt[/i] your data. On the other side of the coin, extremely long auto-lock and require password settings combined with a four-digit PIN is going to present a slightly higher risk. The Quick Unlock Code for 1Password provides a nice compromise here, since it protects against casual access while still providing convenience for the user.



    Regardless, as I noted above, however, 1Password only remains "unlocked" when it's in RAM. Rebooting your device (which would generally be required to perform a brute-force hack/jailbreak) will basically lock everything up again with your Master Password.



    The most important security factor for 1Password is that you choose a sufficiently secure Master Password (see http://blog.agilebits.com/2011/06/21/toward-better-master-passwords/). This is the value used to actually [i]encrypt[/i] your data (indirectly, at least), and should be as strong as possible. Even with a device passcode, somebody could still find other ways to retrieve your raw, 1Password data from your device and try to crack it offline. A better Master Password makes that process significantly more difficult.