1Password X on Chrome not locking, if "Let Google Chrome run in the background" is enabled.
I noticed that the 1Password X extension for Google Chrome does not lock immediately after all browser windows are closed when the option "Let Google Chrome run in the background" is enabled. Some of my family members have this enabled to allow apps like Google Hangouts to run in the background. It's deceiving as closing all browser windows normally should lock 1Password, but the timeout leaves a window of vulnerability for someone to open your vault. Can this be changed to detect browser window instances as opposed to the Google Chrome process being ended?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:not locking chrome background
Comments
-
Welcome to the forum, @ahu01! Have you adjusted the timeout settings in 1Password X? If you aren't familiar with these, you can reach them by clicking the 1Password X icon, then "Settings." You'll see a menu that looks like this:
Make sure "Automatically lock 1Password" is activated, and from there, you can change the behavior of how quickly 1Password will lock when the system is idle, and if you want to activate Lock on Sleep.I suspect we could change the behavior to lock whenever there are no open browser windows, but that would mean anyone who closes a window when done reading a webpage would need to re-unlock as soon as they type ⌘N (or ^N) for a new window. That happens far more frequently than the scenario you laid out, so I expect this won't be changing, especially since if you are still either physically in front of your computer this wouldn't be an issue, and if you step away in an environment you don't fully trust (like home alone or other fully-trusted space), you should at the very least log out of your user account, if not shut down your computer. You can also set the timeout minutes as restrictively as you like to help avoid such situations.
0 -
@Lars, I failed to mention that I am on Windows 10, so I can't speak for macOS. I have the settings you suggested and can confirm the behavior only occurs when I let Chrome run in the background.
I don't agree with your reasoning for not wanting to change the behavior to detect open browser windows. Under the circumstance that Google Chrome doesn't run in the background, a user who closes the browser after reading a webpage would need to re-unlock anyways. This is the same for Firefox. If anything, the behavior I'm describing is inconsistent with "normal" behavior on Windows 10.
Adjusting the idle timeout to 1 minute to prevent the scenario I described would be more intrusive to the end user as it would require them to re-unlock more frequently when they need to briefly divert their attention from their computer.
0 -
I failed to mention that I am on Windows 10, so I can't speak for macOS.
That's why we ask for that information when you create a thread here -- so we have a better idea what we're dealing with and how to help. No worries, however; glad we're on the same page now. :)
In macOS, it is indeed possible to close all browser windows and still leave the browser itself running; in fact, this is the default behavior and it works the same for Safari, Chrome and Firefox (and Chrome provides no way to alter this in terms of being able to set it to close when the last open window is closed; you must choose Chrome > Quit Google Chrome or type ⌘Q).
I don't agree with your reasoning for not wanting to change the behavior to detect open browser windows. Under the circumstance that Google Chrome doesn't run in the background, a user who closes the browser after reading a webpage would need to re-unlock anyways.
OK. :) It's fine to disagree with us. And I've verified that yes, we can indeed detect the presence/absence of open windows in Chrome. I'll also admit up front that I don't see every single customer communication that comes into us via email or these forums. However, to my knowledge, you are the first person (out of over well over 400,000 Windows/Chrome/1Password X users) to write in wanting this. All of our other apps do not base their locked/unlocked state on the open-windows state of Chrome or any other browser. Why does 1Password X even lock when Chrome closes? Only because we have to. In the absence of any native application, we close when Chrome closes.
I'd be happy to pass your feedback along to the developers (in fact, I already have), but I don't see this changing in the absence of a swell of requests along the same lines. If you want 1Password (X or otherwise) to be locked and not relying on either putting your device to sleep, the auto-lock timeout, or switching to a new user account, etc. then I think your solution is to just manually lock 1Password.
0 -
You're right. A simple solution for me would be to manually lock my password vault; however, this software isn't for me. I'm evaluating this for my elderly father who is not computer saavy. I cannot be sure he won't forget to lock his password vault, or whether peeping family members will use the computer right after he closes his browser windows.
I appreciate you forwarding my feedback to the devs. I do not expect you guys to care to change your software just for me. If 1password does not work for me, I can always look for alternatives.
0 -
Context helps. Thanks for the additional info! It's certainly something we'll need to consider along with the feedback from everyone else. Have a great weekend! :)
0