This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

After reboot 1Password shows my passwords

Gnarlodious
Gnarlodious Junior Member
I was horrified after I rebooted to see the 1Password application open automatically and show all my passwords visible to the world. This is like, the worst security imaginable. To add insult to injury, there is no option to reboot in a locked state.



Weird. I really don't know why I keep using this thing.

Comments

  • brenty
    edited September 2011
    Hey there, Gnarl! Thanks for reporting this. I am sorry for the trouble.



    Unfortunately since you didn't give many details I wasn't able to reproduce this. I was thinking it might be related to Lion's resume feature and having "Never prompt for Master Password" checked in 1Password ( 3.8 ) Preferences > Security...but after a restart 1Password was locked.



    Please let me know what your setup is and any additional information that could help us narrow down the problem and provide a solution for you. Thanks in advance! <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • Hello again! Upon closer inspection (this was [i]really[/i] bothering me), I was able to reproduce this. It turns out if you uncheck "Disable automatic unlock for 1Password" and check "Never prompt for master password", upon resuming 1Password will be unlocked:



    [img]http://cdn.agilebits.com/by/Screen_shot_2011-09-23_at_01.53.36-20110923-020219.jpg[/img]



    I think this is a great example of how customizable 1Password is: You can make it as secure -- or insecure -- as you like. While we want to empower people to make their own decisions about these things, we believe that it is also important for each of us to be aware of the risks:



    [img]http://cdn.agilebits.com/by/Screen_shot_2011-09-23_at_01.53.54-20110923-020424.jpg[/img]



    If you like, you can restore 1Password to the default settings, or lock it down even tighter if you are concerned about someone else getting access to your sensitive data. The choice is yours. And if you prefer to keep 1Password as you have it set up now, keep in mind that your Mac OS X user account password is yet another layer of security that you can take advantage of. After all, without authenticating your account, 1Password cannot even access your Master Password stored in the Mac OS X Keychain.



    I hope this helps. Let me know if you have any other questions. <img src='http://forum.agilebits.com/public/style_emoticons/<#EMO_DIR#>/smile.png' class='bbc_emoticon' alt=':)' />
  • Gnarlodious
    Gnarlodious Junior Member
    Thanks for the attention. Now with "Disable automatic" and "Never prompt" checked it seems to behaving how I want. Meaning that after a computer reboot 1Password stays locked while asking for a password. I remember deselecting that after I got tired of always typing in passwords.



    I propose a feature that totally disregards Restore. 1Password would always be locked after a reboot or relogin, and the setting is not even customizable. Well, maybe by editing the plist, if they are so desperate. Certainly Keychain would never be unlocked after a reboot, it should be likewise with 1Password.



    If that is not possible, maybe the "Disable automatic" checkbox could launch a modal dialog explaining what you are about to do with the default button being "cancel". At the very least, deselecting the box should be harder. As it is, clicking inadvertently anywhere on the text line toggles the checkbox. In these days of the (very sensitive) Trackpad, it is all too easy to accidentally click somewhere.
  • khad
    khad Social Choreographer
    Thanks for the suggestion. I'm glad that we were able to get things sorted out for you. I will pass this along to the developers!