Go & Fill without 1Password running.

Chops420

I am using 1Password v. 3.5.1 on Mac 10.6.4.



I just became a user through a friend but I have an issue with the Go & Fill option. My computer is in use for multiple people and there is no security around the Safari toolbar for Go & Fill. The 1password application is currently NOT running and my son was able to open Safari click the 1P button and then Go & Fill to my bank and it logged him right in. There was no password challenge and he was able to get full access to my bank. Definitely not cool.



Is this a bug or feature? I'm positive I read that you NEED to have 1Password running to have Go & Fill available so this seems like a bug. I'm using Safari 5.0.2.



I just spent the last hour setting up all my logins only to delete them after running into the lack of security around this feature. Here's a screenshot to illustrate the issue



[img]http://i.imgur.com/a10N2.jpg[/img]



(mind the hack n slash photoshop job but I assure you, 1Password was CLOSED before Safari was launched)



The application looked really promising but it's not useful for multi-user situations. Can I re-gift my serial number to another user - I hate to think that my friend wasted his 'gift' on me.



Thanks.

[Deleted User]

Hi Chops420,



I'm sorry for the confusion here, one of the key features of 1Password is that you *don't* need to have the main application running in order for our browser extensions to work, however your data file does need to be unlocked, which from the screenshot seems to be the case.



1Password has an auto-lock features based on a certain number of minutes computer inactivity, that means you not using the system at all, not just 1Password and you can set this, as well as other auto-lock conditions by going to 1Password > Preferences > Security.



Many of our users are in multi-user environments, and 1Password works well for them, but here's a few tips we've picked up along the way:



* If you know you're leaving the computer and letting someone else use it, click the 'Lock 1password' option from the '1P' menu. That locks your data file immediately and no entries will show under the 'Go & Fill' menu and logins can't be filled without your master password.



* Use separate OS X user accounts for you and your family members, they're incredibly easy to setup and it keeps your data out of the reach of others. Our family iMac has accounts for my parents, my sister and me, fast-user switching makes it eacy to hand over to another user when they need the system, though my main machine is this MacBook Pro, the iMac was my old system before the old family PC really gave up the ghost.



Hope that helps clear things up, 1Password is designed to be as secure as you need it, but some users prefer the convenience of not having to constantly enter their master password, and we've tried to cater for both ends of the scale and users, like myself, who are somewhere in the middle of the two extremes.

khad

I just want to clarify that the auto-lock timeout is measured by computer activity and not 1Password activity. I think there may have been some confusion in that regard for some users. In order for 1Password to automatically lock after X minutes, there must be no mouse or keyboard activity for the entire duration.



If "Disable automatic unlock for 1Password" is enabled you will always be prompted to enter your master password when opening 1Password. This includes quitting the app and relaunching it.



Likewise, if "Disable automatic unlock for all applications" is enabled you will always be prompted to enter your master password when using one of the browser extensions after a fresh launch of your browser(s).



So any easy way to keep praying eyes at bay is to leave both of the above settings enabled and quit 1Password and your browsers when you are done using them. Your data will be locked.



Otherwise, you are relying on the auto-lock settings to secure your data which will either lock your data after X minutes of inactivity, when your Mac begins to sleep, or when the screen saver is activated whichever of the selected options comes first.



To speed up the auto-lock process you might consider the following.



1. Set an Active Screen Corner for you screen saver and activate the screen saver when stepping away from your Mac (System Preferences > Exposé and Spaces > Exposé > Active Screen Corners).



2. Close the lid of your Mac laptop to put your Mac to sleep.



3. Activate the login window when stepping away from your Mac (System Preferences > Accounts > Login Options > "Show fast user switching menu as…")



The above three options will also secure your entire OS X login if you have enabled "Require password … after sleep or screen saver begins" (System Preferences > Security > General). You are using a good, unique password for your OS X login, aren't you? <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />