Security vs. Convenience

David2

Hi,

New 1password user here. Haven't bought it yet, but probably will.

I'm trying to sort out the best balance between security and convenience

for me.

Having to unlock 1password everytime I want to use it is not

convenient enough.

Obviously the most convenient thing would be to put the master password

in the login keychain, but that doesn't seem to add much security.



So I'm looking for something in between.



One option is to put the 1password master password in a keychain

other than the login keychain (create a new keychain just for 1password,

and give it a different password than the login password), then

use just that keychain to automatically unlock 1 password.



Another option might be to disable auto-lock of 1password.

I assume then I'd just have to unlock once each time I log in.



This is a home machine. I might use a different set up

on my office machine. Sometimes my home machine gets used by

others, but we all have our own accounts (I know some of them

know my login password, but, you have to trust your family

at least somewhat). I'm the only user of my office machine.



Any thoughts?

Thanks

David

[Deleted User]

Hi David,



Welcome to the family, we really hope you'll love 1Password as much as we do, and err, help yourself to the complimentary cakes in the lounge <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



We've tried to make 1Password as flexible as possible for both ends of the security and convenience 'scales'. I'd personally advise against every storing your master password in the OS X keychain, it's kind of like putting all your eggs in one basket.



I think you've hit the nail on the head though with regards to the auto-lock settings. We've created a bit of a guide on how these can be used here:



http://help.agile.ws/1Password3/preferences_security.html



My own personal setup is a auto-lock time of 30 minutes, which is computer inactivity rather than 1Password inactivity, so mouse and keyboard interaction and then I have the options unchecked for both 'Disable automatic unlock' preferences. I do have the 'Lock when sleeping' and 'Lock when screen saver is activated' options enabled, so when sleep my MacBook Pro, or I've been away long enough that the screen save is activated I know my data is secure.



That gives me a good balance of not having to always type my master password and knowing that my 1Password data is secure. Of course, that's my own preferences, yours may be different and that's why we've given all the options we do.



Hope that gives you some ideas,



[quote name='David2' timestamp='1304548748' post='26246']

Hi,

New 1password user here. Haven't bought it yet, but probably will.

I'm trying to sort out the best balance between security and convenience

for me.

Having to unlock 1password everytime I want to use it is not

convenient enough.

Obviously the most convenient thing would be to put the master password

in the login keychain, but that doesn't seem to add much security.



So I'm looking for something in between.



One option is to put the 1password master password in a keychain

other than the login keychain (create a new keychain just for 1password,

and give it a different password than the login password), then

use just that keychain to automatically unlock 1 password.



Another option might be to disable auto-lock of 1password.

I assume then I'd just have to unlock once each time I log in.



This is a home machine. I might use a different set up

on my office machine. Sometimes my home machine gets used by

others, but we all have our own accounts (I know some of them

know my login password, but, you have to trust your family

at least somewhat). I'm the only user of my office machine.



Any thoughts?

Thanks

David

[/quote]

David2

Thanks. I think I'll try unticking all the "unlocking" boxes in the security preference pane and see how that goes.



Once I'm comfortable with 1password I think I'll delete all passwords from my browsers, and tell them never to remember again. I didn't see this recommended anywhere (I havenot read everything yet, so, may not have come across it yet), but it seems like a good idea. Thoughts?

[Deleted User]

[quote name='David2' timestamp='1304553401' post='26251']

Thanks. I think I'll try unticking all the "unlocking" boxes in the security preference pane and see how that goes.[/quote]



You're welcome, and nothing is set in stone with these preferences, so you can always tweak them to get your perfect balance.



[quote]Once I'm comfortable with 1password I think I'll delete all passwords from my browsers, and tell them never to remember again. I didn't see this recommended anywhere (I havenot read everything yet, so, may not have come across it yet), but it seems like a good idea. Thoughts?[/quote]



This is something we'd recommend, but as you rightly point out, after you've got all your data imported. I thought we did recommend this in our documentation, but I couldn't find a mention of it, so that's something I'll add to the list of things to improve upon.