Any way to stay logged into 1 Password?

En1
En1
Community Member
edited April 2019 in 1Password 7 for Windows

Is there any definite way to stay logged into 1 Password for say 30 days?

I want to move the team from Lastpass to 1Password, but the constant nagging for my (long!) master password is disheartening. I checked Security Settings but it still didn't keep me logged in after a reboot.

If I am to add normal users they will never accept having to retype a long password every day/up to several times a day.

1PasswordX was the best Chrome-addon but even that needed excessive master password logins, so I swapped to the extention, which is even worse as it does not autofill.

In Lastpass, one can be logged in for 30 days no questions asked. The machines have pre-bios passwords, are encrypted and protected by Duo MFA so it's not a security question.


1Password Version: newest
Extension Version: newest
OS Version: W10
Sync Type: Cloud

Comments

  • Hi @En1,

    Thanks for writing in.

    We don't know or store a copy of your master password anywhere and that means once 1Password is terminated, you have to unlock it with the master password; this is for security too. The only way you can stay logged in that long is to turn off all auto-lock options and not reboot for 30 days.

    We do support Windows Hello on Windows 10; which you can enable with the four-digit PIN if your computers don't have any biometric systems. This would allow you to unlock with 4 or more digits only but it has the same restriction, once 1Password is terminated, it resets back to master password.

    1PasswordX was the best Chrome-addon but even that needed excessive master password logins, so I swapped to the extention, which is even worse as it does not autofill.

    1Password X doesn't auto-fill either, it's a security issue. You have to invoke 1Password to fill and 1Password X is better at this because it has a built-in UI within the site to speed this up. For the regular 1Password extension, there is no UI, it connects to the desktop app to bring up its native UI, which means you have to press "Control + \" or click 1Password icon to select an item to fill.

    As for master password prompts, it's the same as the desktop app and the only difference is that it is running within Chrome; any time you close Chrome, 1Password X is reset and you have to unlock with the master password.

    We are working to add integration support between 1Password for Windows and 1Password X extension, so you could get Windows Hello support for 1Password X and get the best of both worlds; the smooth filling experience and use of desktop app for everything else.

  • En1
    En1
    Community Member

    Thanks. I'll shorten the master password then as typing 30 characters gets tedious on a repeated daily basis. The DUO integration saves the product!

  • Hi @En1,

    You may want to consider a passpharse/wordlist type of password, not 30-random character ones. Here's our suggestion on how to choose a master password: https://support.1password.com/strong-master-password/

    It's easier to memorize and type: pungent-impudent-muddy-dam than LdCMDXf5AT3cThRtmrnm.

    Also, you do have that option of using Windows Hello to avoid typing in the master password more than once per user session.

  • En1
    En1
    Community Member

    Thanks for your thorough replies. Windows Hello is not an option for our clients but I will make sure to mention a lighter master password. The fact that it's protected by MFA helps a lot.

  • I'm glad to hear you've found something that will work for you and your clients, @En1. And on Mike's behalf, you are most welcome. I hope y'all are enjoying 1Password thus far and if we can do anything else to help, you know where to find us. :chuffed:

  • tvisconti
    tvisconti
    Community Member

    Can you explain why auto-fill is a security issue?

  • DanielP
    DanielP
    1Password Alumni

    @tvisconti:

    In summary, it's not auto-filling in itself that is a security issue, it's rather a combination of that feature together with invisible forms and the possibility of avoiding anti-phishing mechanisms in your password manager. Or in other words: if an attack somehow managed to avoid the anti-phishing mechanisms in your password manager, auto-filling would become a big security problem. As part of our defense-in-depth approach, we cannot assume that every layer of defense will always hold (that is a dangerous assumption to have in security), and we therefore make sure we have fallback mechanisms to keep your data secure.

    Our Chief Defender Against the Dark Arts wrote a blog post about this some time ago, which goes into the technical details of the decision and the risk of auto-filling:

    1Password keeps you safe by keeping you in the loop

    If you have any questions about the post, please feel free to ask :+1:

    ===
    Daniel
    1Password Security Team

This discussion has been closed.