This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.
Automatic unlock for browsers only
Regarding automatic unlock, I would like to have the following setup.
1) When entering a password on a website, via the 1Password browser plugin, I do NOT want to be prompted for my master password.
2) When opening the 1Password application, I DO want to be prompted for the master password AND I do NOT want it automatically taken from KeyChain and filled in.
Is this possible to configure in the current versions of 1Password 3 or should this be a feature request for future versions?
1) When entering a password on a website, via the 1Password browser plugin, I do NOT want to be prompted for my master password.
2) When opening the 1Password application, I DO want to be prompted for the master password AND I do NOT want it automatically taken from KeyChain and filled in.
Is this possible to configure in the current versions of 1Password 3 or should this be a feature request for future versions?
Flag
0
Comments
-
Hiya, kasclark! Welcome to the forums! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />
It sounds like you do not want using 1password to log in to sites to require your Master Password, but you want to it be necessary to access your Vault. It is not currently possible to configure 1Password this way.
While I will not say "never," this kind of behaviour poses a problem: [b]A password is required to unlock your keychain.[/b] If you are accessing it via the 1Password extension in your browser, it requires the same authentication. In order for this to happen without your input, your Master Password would have to be stored in the Mac OS X Keychain; and if it is, you will not be prompted to enter it when you launch 1Password itself to access your Vault.
While we may revisit this sometime in the future, security is a top priority for us at Agile, and we don't want to make any moves that could have consequences -- unintended or otherwise -- that would make our customers' data less secure by default.
You sound like you are concerned about security as well, which is why you do not want the Mac OS X Keychain to store your Master Password for you. Unfortunately, this is what would have to happen to have your 1Password data available without you entering it.
With that in mind, perhaps consider disabling most of the security preferences and having 1Password launch at login (maybe excepting "Lock when sleeping" and "Lock when screensaver is activated," as you might not be present if those conditions are met), so that you are only required to enter your Master Password once per session, unless you lock it manually. (Keeping "Disable automatic unlock for 1Password" checked will ensure that the 1Password app requires your Master Password, even if browser extensions are already unlocked.)
While this would be less secure, you can make the best decision for yourself based on your computing environment. It's really kind of a personal thing. If I used this kind of a setup, I would only have to unlock 1Password once a month or so when I restarted my MacBook Pro to install an update...but my system would end up a bit of a mess with kittens climbing all over the keyboard with impunity -- deleting and editing documents haphazardly. So I have my screensaver set to 5 minutes with password protection.
Bad kitty. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/tongue.gif' class='bbc_emoticon' alt=':P' />
[quote name='kasclark' timestamp='1303308826' post='25234']
Regarding automatic unlock, I would like to have the following setup.
1) When entering a password on a website, via the 1Password browser plugin, I do NOT want to be prompted for my master password.
2) When opening the 1Password application, I DO want to be prompted for the master password AND I do NOT want it automatically taken from KeyChain and filled in.
Is this possible to configure in the current versions of 1Password 3 or should this be a feature request for future versions?
[/quote]Flag 0 -
[quote name='kasclark' timestamp='1303389014' post='25304']
Brenty, thanks for the advice. I'll try this setup as you suggest.
[/quote]
No problem! I'm glad to help. I just worry sometimes that I come off as bullying people into taking my advice. In my experience, though, I get just as much out of trying something that works for someone else...if only so that I can say definitively that it does not work for me! <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/wink.gif' class='bbc_emoticon' alt=';)' />
Security versus convenience is a tough balancing act, but I think it's worth it when it comes to our personal data. Hopefully you can find a balance that is a good fit for you. <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/smile.gif' class='bbc_emoticon' alt=':)' />Flag 0
