This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Security question with 'Lock after [X] minutes of inactivity'
<div class="IPBDescription">Idle time must relate to the last time 1P has been accessed!</div>I've been using 3S PasswordWallet on my Mac for years, but am considering to switch to 1P due to the slicker GUI and additional features. However, I came across, what in my opinion is a serious security flaw.
'Lock after [X] minutes of inactivity' relates to the time the COMPUTER AS SUCH hasn't been idle. This is bad! It rather should relate to the time 1P hasn't been accessed, whether it's through the app or the browser plug-in. Just think of the following situations:
1P has been unlocked hours ago and you've been working on your computer since then non-stop. You forgot that 1P is still open and
[list]
[*]go to the toilet. In your absence a colleague can sniff around and spy on your passwords.
[*]a 'friend' or a visitor asks you if he/she may look up something on the web. You leave him/her alone to get a cup of coffee, meanwhile that person can steal your passwords.
[/list]
The solution really is to relate the idle time to the last 1P access NOT the last time the mouse has been moved! It makes absolutely no sense that the 1P app is sitting unattended in the back for hours, even if you've set 'Lock after [X] minutes of inactivity' to 1 minute.
It is also extremely disturbing that if you close the main window in the 1P app that the app doesn't quit or at least locks the database.
'Lock after [X] minutes of inactivity' relates to the time the COMPUTER AS SUCH hasn't been idle. This is bad! It rather should relate to the time 1P hasn't been accessed, whether it's through the app or the browser plug-in. Just think of the following situations:
1P has been unlocked hours ago and you've been working on your computer since then non-stop. You forgot that 1P is still open and
[list]
[*]go to the toilet. In your absence a colleague can sniff around and spy on your passwords.
[*]a 'friend' or a visitor asks you if he/she may look up something on the web. You leave him/her alone to get a cup of coffee, meanwhile that person can steal your passwords.
[/list]
The solution really is to relate the idle time to the last 1P access NOT the last time the mouse has been moved! It makes absolutely no sense that the 1P app is sitting unattended in the back for hours, even if you've set 'Lock after [X] minutes of inactivity' to 1 minute.
It is also extremely disturbing that if you close the main window in the 1P app that the app doesn't quit or at least locks the database.
Flag
0
Comments
-
Hey Dr. Woo,
Welcome to the forums! You raise a very interesting point. Thank you! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />
As you can see from our [url="http://help.agile.ws/1Password3/keychain_comparison.html"]keychain comparison documentation[/url], this is by design. As a security conscious user, you are certainly aware of the constant balance between security and convenience. This is one area that we have chosen to focus on convenience. Back in the days of 1Password 2, users would wonder why they kept having to unlock their keychain when they were not "inactive." By using computer activity as a metric, rather than simply keychain activity, 1Password's behavior aligned better with users' expectations.
This is in no way a flaw, as you are free to use myriad methods to lock the keychain: system sleep, user logout, screensaver activation (which can be easily activated with Active Screen Corners in System Preferences > Exposé & Spaces > Exposé). I always put my Mac to sleep when I walk away which prompts for my login password upon wake. My account and 1Password are both locked in that case. Certainly a manual lock can be performed at any time as well (1Password > Lock 1Password).
If you check the boxes to "Disable automatic unlock for 1Password" and "Disable automatic unlock for all applications" you will be prompted for your master password in every application that has access to your data. When you close applications with those settings, keychain access is locked for each application you close.
By way of example, if the only application I have open is 1Password, when I close it, my data is locked. Attempting to use logins in Safari, Firefox, and opening 1Password again will all prompt for my master password. If I have already unlocked my keychain in Safari and then close 1Password, I would need to close Safari as well in that case (or select "Lock 1Password" from the 1P toolbar button).
I would also like to state that at no point is all of your data [b]unencrypted[/b] even when the keychain is unlocked. 1Password only decrypts a single item at a time as needed even when unlocked. This can be confusing to some users so we try to simply use the terms "locked" and "unlocked."
I hope I was clear enough and that what I wrote helps a little bit. Please let me know if you have any other questions or concerns.
Cheers!Flag 0 -
Dr. Woo,
When I work on the computer for hours, I expect to unlock 1Password once and have 1Password unlocked while I am working.
If we change it to lock based on the last access time then you will have to unlock 1Password almost every time you login to a new website.
Currently, you can set the auto-lock time out to just a few minutes and 1Password will lock after you walked away.Flag 0 -
[quote name='roustem' timestamp='1285451687' post='12025']
When I work on the computer for hours, I expect to unlock 1Password once and have 1Password unlocked while I am working.
[/quote]
But if you really work non-stop!?
[quote name='roustem' timestamp='1285451687' post='12025']
If we change it to lock based on the last access time then you will have to unlock 1Password almost every time you login to a new website.
[/quote]
So? My master password has become a part of me, it sits right on my fingertips and takes fractions of a second to type, despite its complexity. I prefer to type my master pwd several times a day rather than living with the slightest risk of someone sniffing around my passwords.
A workable solution might be to do as proposed (time the last 1P access instead of general computer use), but handle the idle time for browser extension and stand-alone app separately. So in worst case someone can log in using your account to a specific website, but he won't be able to look up your entire password library (and take photos of it using his/her iPhone).
[quote name='roustem' timestamp='1285451687' post='12025']
Currently, you can set the auto-lock time out to just a few minutes and 1Password will lock after you walked away.
[/quote]
Seriously, even 1 minute is enough for someone who shares the room with you to gain access. And manually locking 1P is no workable option for these cases.
Relying on the screensaver option which you over is no proper option either: You leave the room, I change your screen saver settings and it might take you days until you've noticed, perhaps even giving me enough time to revert it. Again: I rather prefer to be asked for my master pwd more often and in return can feel safe.Flag 0 -
[quote]Seriously, even 1 minute is enough for someone who shares the room with you to gain access. And manually locking 1P is no workable option for these cases.
[/quote]
Why is manually locking 1Password not a workable option?
I think in your case, you may need to logout of your OS X account if you distrust your roommate that much. Even if you lock 1Password, your roommate will still have access to the filesystem. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/blink.gif' class='bbc_emoticon' alt=':blink:' />
I suggest [url="http://support.apple.com/kb/HT1352"]setting up firmware password protection[/url] in Mac OS X and turning off your computer when you walk away. Better yet, if it is a laptop, take it with you. This is will lock 1Password and protect against other local attacks.
[quote]Relying on the screensaver option which you over is no proper option either: You leave the room, I change your screen saver settings and it might take you days until you've noticed, perhaps even giving me enough time to revert it. Again: I rather prefer to be asked for my master pwd more often and in return can feel safe. [/quote]
What I mentioned earlier was the Active Screen Corners feature of OS X. Just toss the mouse cursor to a corner you specify — you can specify all four corners if you like — and the screen saver is immediately invoked. You will know if this setting has been altered because your screen saver will not activate. I am [i]not[/i] referring to the Desktop & Screen Saver settings in System Preferences which is time-based.Flag 0 -
[quote name='khad' timestamp='1285612687' post='12138']
What I mentioned earlier was the Active Screen Corners feature of OS X. Just toss the mouse cursor to a corner you specify
[/quote]
I use lower right and it works like a charm traveling a lot its second nature as well.
You can also use [url="http://blog.boastr.net/"]a better touch tool[/url] and set up specific touch pad gesture to trigger [url="http://ourapples.com/downloads/macloc"]Macloc[/url] for example
Also there is [url="http://ialertu.sourceforge.net/"]iAlertU[/url], which is kinda cool.
iAlertU [url="http://www.youtube.com/watch?v=hQyFbsw-p5Q"]video[/url] youtube link.
I have iAlertU setup to only trigger when the AC adapter is unplugged, can you tell that on a few occasions my Mac didn't wake me for work. I have it set up to auto arm at night. I can also change it very easily when I need more protection. I even went so far as to write a script that will disable iAlertU in the AM just prior to my morning Alarm. Which I trigger via Awaken. Basically the script just enters the password in case you dont have the remote. I know the script idea is not really that secure but hey I am only using it to monitor the AC adapter after all.Flag 0 -
[quote name='khad' timestamp='1285612687' post='12138']
Why is manually locking 1Password not a workable option?
I think in your case, you may need to logout of your OS X account if you distrust your roommate that much. Even if you lock 1Password, your roommate will still have access to the filesystem. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/blink.gif' class='bbc_emoticon' alt=':blink:' />
[/quote]
Sorry, I'm gonna have to agree with the original poster on this point. I appreciate the convenience vs. security balance that 1P is trying to strike, but I have always found this to be one of the only major flaws with 1P. In my case, I sync my 1Password keychain on my personal laptop to my Mac Pro at work via Dropbox. It's a vital part of my daily work and personal computing workflow. But I REALLY wish there was an option for an "absolute auto-lock" timeout, where you can set the amount of time that the entire 1Password keychain will lock, regardless of whether the computer is technically "idle" or not.
This is a security issue for 1Password itself, not for your computer, per se. I really disagree with the notion that "if you distrust your roommate that much" then you're screwed to begin with, because it totally misses the point. This is a black/white view of information security that isn't relevant to many situations. The truth is, I don't care if my co-workers or clients have access to my computer per se when I'm away from it. I don't distrust them, nor are they savvy enough to install nefarious keyloggers or whatnot. However, there have been MANY occasions when I've had a client or coworker looking over my shoulder for a work-related task, and I've Command-Tab'ed into an open 1Password window, where my logins, passwords, etc. were visible, even though I had unlocked it many hours prior.
This is a clear security/privacy issue that could easily be avoided if there was an advanced option to auto-lock (or even auto-quit) after an absolute period of time. At home, when I don't need to be as paranoid with my 1P data, I can have that option unchecked, so it doesn't annoy me. But when I'm in a situation where I don't have control over my surroundings and the people within it, I wouldn't mind the minor "annoyance" of having to enter my passphrase multiple times a day. It makes sense for it to work that way, much like it makes sense for any of the restricted rooms in your office to automatically lock themselves to the outside when the door closes behind you.
And while it is certainly true that there are many "manual" options to instantly securing your 1P/Workstation, it's a rather weak justification for not wanting to implement absolute auto-locking, because it depends on the user to *remember* that they have to lock 1P or their desktop. But if I'm busy working in the foreground for 4 hours straight, then am called away from the keyboard for whatever reason, there is a high probability that I will not remember to do this, hence the need for a way to automatically enforce the security of the 1Password app. You could debate the point that users shouldn't be so cavalier with their security, and "should" learn to remember to lock their computer manually, but you know as well as I do that they just wont. Computers, on the other hand, are smart enough to never forget to perform tasks that have been assigned to them, so there's no reason I can think of why automatically locking the 1Password keychain couldn't be one of them.
Please reconsider this much needed option to 1Password. It seems like a simple solution to a very real issue.
Thanks for a great product, otherwise!Flag 0 -
Thanks for your feedback, melorama!
If "Disable automatic unlock for 1Password" is enabled you will always be prompted to enter your master password when opening 1Password. This includes quitting the app and relaunching it.
Likewise, if "Disable automatic unlock for all applications" is enabled you will always be prompted to enter your master password when using one of the browser extensions after a fresh launch of your browser(s).
So any easy way to keep praying eyes at bay is to leave both of the above settings enabled and [b]quit 1Password and your browsers when you are done using them[/b]. [i]Your data will be locked.[/i]
Otherwise, you are relying on the auto-lock settings to secure your data which will either lock your data after X minutes of inactivity, when your Mac begins to sleep, or when the screen saver is activated whichever of the selected options comes first.
To speed up the auto-lock process you might consider the following.
1. Set an Active Screen Corner for you screen saver and activate the screen saver when stepping away from your Mac (System Preferences > Exposé and Spaces > Exposé > Active Screen Corners).
2. Close the lid of your Mac laptop to put your Mac to sleep.
3. Activate the login window when stepping away from your Mac (System Preferences > Accounts > Login Options > "Show fast user switching menu as…")
The above three options will also secure your entire OS X login if you have enabled "Require password … after sleep or screen saver begins" (System Preferences > Security > General). You are using a good, unique password for your OS X login, aren't you? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />Flag 0 -
Obviously there's no magic answer to the "convenience" vs. "security" question, as we all undoubtedly feel differently about this balance point. I'd like to put my $.02 worth in the direction of "it has to be convenient enough to use on a continuing basis." Personally, having to type the master password into 1P each time I wanted to use it would be more hassle than I'm willing to put up with.Flag 0
-
Thanks for the feedback, camner. We think most users feel this way and have designed 1Password to be as secure [b]and[/b] convenient as possible for the largest number of users. There are always tradeoffs that we have to make, but we are always working to improve this.Flag 0
-
[quote name='khad' timestamp='1291791998' post='17144']
Thanks for the feedback, camner. We think most users feel this way and have designed 1Password to be as secure [b]and[/b] convenient as possible for the largest number of users. There are always tradeoffs that we have to make, but we are always working to improve this.
[/quote]
Thanks for the responses, it's definitely appreciated.
However, I am going to have to stand by my original underlying premise, which is (unless I'm assuming too much of Agile's intentions) that one of the goals of 1Password is to make it as hassle-free as possible to ensure a user's security without sacrificing overall usability and convenience. The absence of an "absolute timeout" option to me does not fit within that goal.
I'm following up on this post because a real-world example from this morning prompted me to remember this thread.
I am a video editor and visual effects artist, and I frequently leave my workstation for extended periods of time (and often, overnight) while waiting for a lengthy After Effects or Final Cut Pro render to finish. I use 1Password every moment of the day, because I store the login/password combos for FTP accounts that I email to my various clients throughout the day (i.e. for approval Quicktime files, etc). So I need to have 1Password.app running all day, but not necessarily open and unlocked all day.
My Mac Pro is configured to NOT go to sleep or go "idle", because I don't want any energy-saving or sleep options to interfere with any of the creative apps I use which require rendering. And to ensure that this doesn't happen, I use the "Caffeine" menubar applet (http://lightheadsw.com/caffeine/) to force the issue. Caffiene is used by many people in my profession, so I wouldnt consider my use-case to be oddball in any way.
Because my system never goes idle, 1Password obviously never auto-locks or auto-closes, even though I have that option set in the Preferences. When I came back to work this morning to check on the results of an overnight render, I was annoyed to realize that I had left 1Password.app running, open and unlocked.
Yes, I *could* have just quit 1Password.app when I left or was done using it...Yes, I *could* have invoked a "hot corner" to lock the Mac screen...etc etc. But by that same logic, you don't really have to pay for a 1Password license, and could just store all your passwords in a plaintext file and encrypt/decrypt it from a password-protected zip-file, for FREE!
Needless to say, that's a ridiculous notion which misses the point of the very need for an app like 1Password.
Yes, workarounds do exist. But the fact remains that, despite having set all my 1Password security options to this...
[img]http://dl.dropbox.com/u/149705/forum_posts/1passwordsecurityoptions.jpg[/img]
...when I returned to my workstation this morning, my 1Password app was still open, with all my passwords and creditcard info free for the taking.
What made 1Password a no-brainer purchase for me was the way it simplified the need to be constantly mindful of my personal password security. Much like backup regimens, if you have to think too much about the PROCESS of ensuring you data is backed up, the more likely you'll start finding it to be an annoying chore, and eventually you'll forget to backup altogether. The concept of "one password to rule them all" is brilliant, and has fundamentally changed the way I use passwords and store secure information.
But if the user has to be the one in charge of remembering to invoke a "hot-corner" or close the app every time they use it, then you've compromised the entire security model, because youre depending on the default action of the user to ensure the security of their keychain. People who are crazy multitaskers such as myself just wont remember to do such things, because it upsets their mental workflow when in front of the computer. I have 16 GB of RAM in my system, so the concept of closing apps when they aren't needed is as sensible to me as using floppydisks to back up my personal data.
Again, I'm not suggesting that you make an absolute-timeout option enabled by default, so I dont really understand why people in this thread keep using the "annoyance" factor of having to constantly enter their master password as a legitimate reason for not implementing the feature. Granted, it's more of a power-user feature, but still a glaringly necessary one.
So long as it's possible for apps/applets to override the System sleep/idle options, there is a very real necessity for an absolute-timeout option. That's all I'm saying.
Please let me reiterate an important point that I mentioned in my original followup:
[quote]This is a clear security/privacy issue that could easily be avoided if there was an advanced option to auto-lock (or even auto-quit) after an absolute period of time. [b]At home, when I don't need to be as paranoid with my 1P data, I can have that option unchecked, so it doesn't annoy me. But when I'm in a situation where I don't have control over my surroundings and the people within it, I wouldn't mind the minor "annoyance" of having to enter my passphrase multiple times a day[/b]. It makes sense for it to work that way, much like it makes sense for any of the restricted rooms in your office to automatically lock themselves to the outside when the door closes behind you.[/quote]Flag 0 -
Thanks so much for that detailed post, melorama! I can see your point, although I don't believe the majority of users will ever have the problem. However, I will mention this post to the team because I do agree that there should be some way to do what your asking. The problem is that our Security preferences already confuse many users. Maybe we could add an option for "Super high security" that auto-locks everything 30-60 seconds. I don't know. We'll see what the team says.
Thanks again for the passionate feedback!Flag 0 -
I really like the "Lock after <n> minutes of inactivity" timer to influence if the app was (un)locked when launched. It's a hassle retyping the master password if I'm relaunching the app multiple times within the <n> minute window (which I do relatively often); would be convenient if it remained unlocked during that time period.Flag 0
-
[quote name='sjk' timestamp='1294352747' post='18578']
I really like the "Lock after <n> minutes of inactivity" timer to influence if the app was (un)locked when launched. It's a hassle retyping the master password if I'm relaunching the app multiple times within the <n> minute window (which I do relatively often); would be convenient if it remained unlocked during that time period.
[/quote]
I would suggest in that case that you just close the window instead of quitting the app. Command-W is right next to Command-Q after all. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' /> Another idea would be to uncheck the option to "Disable automatic unlock of 1Password" in the Security preferences. Then, when you quit and relaunch the app, it should remain unlocked.
Hope that helps.Flag 0 -
[quote name='RobYoder' timestamp='1294373575' post='18590']
I would suggest in that case that you just close the window instead of quitting the app. Command-W is right next to Command-Q after all. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />[/quote]
Knew I should have added "for reasons I won't go into now" to why I repeatedly quit/relaunch. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
[quote]Another idea would be to uncheck the option to "Disable automatic unlock of 1Password" in the Security preferences. Then, when you quit and relaunch the app, it should remain unlocked.[/quote]
Yeah, I might end up doing that… at least temporarily.
But I still would like to submit my suggestion that 1P stay unlocked, regardless of whether its running or not, for a selectable length of time. If its quit and that time period has passed then it should again be locked when relaunched. That's why I though "Lock after <n> minutes of inactivity" might be applicable to the time it's not running.Flag 0 -
[quote name='sjk' timestamp='1294417905' post='18604']
Yeah, I might end up doing that… at least temporarily.
But I still would like to submit my suggestion that 1P stay unlocked, regardless of whether its running or not, for a selectable length of time. If its quit and that time period has passed then it should again be locked when relaunched. That's why I though "Lock after <n> minutes of inactivity" might be applicable to the time it's not running.
[/quote]
That is how to *do* what you're asking. By disabling automatic unlock, you're disabling the ability of 1Password to unlock on launch even if it's been relaunched within the timeframe specified for auto-lock. Yes, you're also disabling the ability to unlock the main 1Password app by unlocking the browser extension, but those two go hand in hand.
In short, that is the preference you are requesting. If you leave it unchecked, you'll be set.Flag 0 -
[quote name='RobYoder' timestamp='1294422571' post='18606']
That is how to *do* what you're asking.[/quote]
Perhaps…
[quote]By disabling automatic unlock, you're disabling the ability of 1Password to unlock on launch even if it's been relaunched within the timeframe specified for auto-lock.[/quote]
Ah ha! I'd mistakenly thought it was unconditionally disabling auto-unlock and ignoring the "Lock after <n> minutes of inactivity" value.
[quote]In short, that is the preference you are requesting. If you leave it unchecked, you'll be set.[/quote]
Yup, unchecking "Disable automatic unlock of 1Password" is what I want if indeed that [i]enables[/i] auto-unlock and (supposedly?) then honors the specific Auto-Lock preferences which (supposedly?) would otherwise be ignored. And "Lock after <n> minutes of inactivity" might usually superseded by "Lock when screen saver is activated" and/or "Lock when sleeping" taking effect first (if both are enabled).
I'll do a test with screen saver temporarily set to start after a longer length of time than "Lock after <n> …" to see if 1P will lock, when launched, after <n> minutes if there's no other system activity. And I'd expect the same results during playback of EyeTV recordings or other activities that temporarily inhibit ss startup. It's okay if auto-lock doesn't happen in those contexts because a normal, shorter ss start value would trigger 1P "Lock when screen saver is activated" with the former and I'll be physically near the system with the latter. So, auto-lock should function only under conditions that matter.
Thanks for your help and patience with this. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0 -
[size="2"][quote name='sjk' timestamp='1294437008' post='18613']
Yup, unchecking "Disable automatic unlock of 1Password" is what I want if indeed that [i]enables[/i] auto-unlock and (supposedly?) then honors the specific Auto-Lock preferences which (supposedly?) would otherwise be ignored. And "Lock after <n> minutes of inactivity" might usually superseded by "Lock when screen saver is activated" and/or "Lock when sleeping" taking effect first (if both are enabled).
I'll do a test with screen saver temporarily set to start after a longer length of time than "Lock after <n> …" to see if 1P will lock, when launched, after <n> minutes if there's no other system activity. And I'd expect the same results during playback of EyeTV recordings or other activities that temporarily inhibit ss startup. It's okay if auto-lock doesn't happen in those contexts because a normal, shorter ss start value would trigger 1P "Lock when screen saver is activated" with the former and I'll be physically near the system with the latter. So, auto-lock should function only under conditions that matter.
Thanks for your help and patience with this.
[/quote]
I wasn't completely sure myself before, but I tested my theory before I posted it, and it worked for me. I tested with the option to "Disable automatic unlock of 1Password" *unchecked* and all browsers quit and[/size]
[size="2"]1) Quitting 1Password unlocked and relaunching within the auto-lock time launches 1Password unlocked[/size]
[size="2"]2) Quitting 1Password unlocked and relaunching after the auto-lock time has elapsed (before screensaver or other auto-lock options kick in) launches 1Password locked.[/size]
[size="2"]Hope you find the same thing to be true for you.[/size]Flag 0 -
I'd just like to add my support to melorama's argument. 1password does a great job of purging info from the clipboard and demanding password re-entry for websites given a time you specify; why couldn't you add the OPTION of locking the 1password interface along with it?
I also don't buy Rob's argument that because some users are confused by the present security settings, the programme should therefore lack a vital (and easily implemented) security OPTION. The answer to "user confusion" is to improve your documentation and tutorials, and [i]the way you encourage and motivate users to access them[/i].
I'm not saying the docs are not good already (in fact, as a technical communicator by profession, I'd say they're above average), but you know you've got a problem when you're admitting that you can't implement a feature on the grounds that some users are having difficulty using the software.Flag 0 -
Dr Woo - if you have an iPhone you might like this interesting hands-free solution: locks your mac when you move away from it using the bluetooth signal, and unlocks it when you return. You can configure it to lock individual apps (like 1pwd) as you walk away but require a physical type-in when you return (thus preventing anyone who nicks your phone accessing 1pwd).
[url="http://www.softpedia.com/reviews/mac/Airlock-Review-130203.shtml"]lock/unlock your mac without touching the keyboard[/url]Flag 0 -
[quote name='RobYoder' timestamp='1294456960' post='18617']
I wasn't completely sure myself before, but I tested my theory before I posted it, and it worked for me.
[…]
Hope you find the same thing to be true for you.[/quote]
So far it's working that way for me, too. I'm satisfied; earlier request retracted. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0 -
[quote name='alto' timestamp='1294470040' post='18625']
I'd just like to add my support to melorama's argument. 1password does a great job of purging info from the clipboard and demanding password re-entry for websites given a time you specify; why couldn't you add the OPTION of locking the 1password interface along with it?
I also don't buy Rob's argument that because some users are confused by the present security settings, the programme should therefore lack a vital (and easily implemented) security OPTION. The answer to "user confusion" is to improve your documentation and tutorials, and [i]the way you encourage and motivate users to access them[/i].
I'm not saying the docs are not good already (in fact, as a technical communicator by profession, I'd say they're above average), but you know you've got a problem when you're admitting that you can't implement a feature on the grounds that some users are having difficulty using the software.
[/quote]
Hi, Alto. I'm not sure if you've been welcomed to the forums yet, but if not, welcome!
I'm sorry if I implied that we would reject the idea just to prevent confusion. What I meant was that that is a problem we need to consider before just tacking on another feature. If it's possible, it'd be better to reduce the number of options rather than add to them. I do agree with melorama as well that 1Password could use some way to have an absolute timeout. We'll see if the devs agree too.
I think we've taken a good step as far as documentation by linking the question mark icon in the corner of each preference pane to a detailed explanation of that pane. We'll continue to update those explanations as the preferences change.
Thanks for the feedback!Flag 0 -
[quote name='sjk' timestamp='1294503873' post='18634']
So far it's working that way for me, too. I'm satisfied; earlier request retracted. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
[/quote]
Hehe, no problem. I learned something new too! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />Flag 0 -
As a new user of 1Password, I would just like to give a bit of support to the views of Woo and Melorama, in the sense that I simply took for granted that "idle time" referred to idle in 1Password. So I got very confused when I saw that 1Password didn't lock automatically despite I hadn't touched it for about half an hour. I suspected that somehow there were active processes somewhere not letting 1Password be reported as idle. Only until I saw this thread I realized that idle referred to computer time!
I can live with either option simply because I have always full control over my computer, but I would certainly think otherwise if I sat in a room where other people could come in or pass by.
I just wanted to mention my experience as a feedback on how newcomers to the program may expect it to work.Flag 0 -
[quote name='Harald' timestamp='1294654985' post='18699']
…, in the sense that I simply took for granted that "idle time" referred to idle in 1Password.[/quote]
Might be clearer if the preference was "Lock after [X] minutes of [i]system[/i] inactivity", similar to the help for it starting with "If your computer is inactive for a period of time …".Flag 0 -
Thanks for the post, Harald. I can understand how it's confusing.
[quote name='sjk' timestamp='1294677268' post='18706']
Might be clearer if the preference was "Lock after [X] minutes of [i]system[/i] inactivity", similar to the help for it starting with "If your computer is inactive for a period of time …".
[/quote]
That's a good point, sjk. I'll make a note of that.Flag 0