This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Master password now required even to merely see the list of Logins

Used to be, with Safari, I'd know whether my 1Password keychain had a login for a given website. Today, I went to a website (this one), wanted to log in, clicked the 1P button, entered my password... and then found that I had no logins for the site. So, I wasted my time unlocking the keychain. I got it unlocked and there was nothing there for me.



With the old 1Password, I would have clicked on the 1P button, seen that I did not have a login for this site, and would not have had to go through entering my password just to find nothing waiting for me after I unlocked the keychain. That's only a problem with Safari, of course. In Firefox I can see, right at the top, I can see "No Logins Saved for this Website." That's the way I like it-- I can see in advance that I either do, or don't, have a login for a particular website.



Could the Safari Extension show whether I have a login or not, BEFORE I enter my password? Like it does in Firefox, and like it used to work before 1Password was a Safari Extension? Would make it a lot handier. The new way is more work.

Comments

  • Ben
    Ben AWS Team
    edited August 2011
    Hi christianboyse,



    Welcome to the forums <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />



    Unfortunately this will not be possible in the future. The reason this is possible in Firefox is because the titles and URLs of your 1Password login items are not encrypted. They are stored in clear text on your drive, so that Firefox can read them. With the new Safari extension, and hopefully soon the entire application, this will no longer be the case: everything will be encrypted. As such, your Master Password is required in order to read any of it.



    It is always a delicate balancing act between security and convenience and in this case our customers convinced us that security was more important.



    You can read more about this here: http://blog.agilebits.com/2011/04/looking-ahead-in-security/



    Thanks

    Ben
  • Thanks Ben.



    The link you provided is broken.



    FYI, yesterday I created my username and password for the 1Password forum. Today 1Password did not know about it. So, today I manually entered my username and password (which I suddenly had to remember, even though I thought 1Password was remembering it for me). I was then able to log in, and here I am. 1Password offered to save my login, and I accepted-- and then, when I looked at my 1Password application, the login info was not there.



    I know it's not easy making big changes to things and I also know you can't please everyone all of the time, but as long as you're going to make it harder for me to use 1Password, it would be nice if it were more reliable. I used to completely trust 1Password to keep track of things for me. Now I'm a little less sure.



    Would appreciate you posting a working link.



    c
  • UPDATE: with the 3.8.0 BETA-1 (build 31107) version, the login that I'd saved on two separate occasions, but which I was not able to locate in 1Password, magically appeared! This is exactly what I was hoping for-- progress by the developers, and patience by me.



    Thanks for that-- not sure how you did it, but 3.8.0 BETA-1 (build 31107) solved a problem for me. Safari 5.1, by the way.
  • khad
    khad Social Choreographer
    edited August 2011
    Thanks for the update, christianboyce. I'm glad that things are working well. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



    I edited Ben's post above to correct the link. This is the blog post which explains the situation fully:



    [url="http://blog.agilebits.com/2011/04/looking-ahead-in-security/"]http://blog.agilebit...ad-in-security/[/url]



    Essentially, the changes mean that nothing in 1Password (or the extensions) will be available to anyone unless they know your master password — not even a mere list of Logins. We think this is a net gain overall despite some of the adjustments that might be required for some of our workflows. Personally, I only ever use my computer with 1Password unlocked and then close the lid on my MacBook (locking 1Password) when I am done. Consider [url="http://help.agilebits.com/1Password3/preferences_security.html"]changing your security settings[/url] if you find yourself typing in your master password more frequently than you would prefer.



    Please let me know if you have any additional questions or concerns.



    We are always here to help!