KISS as applied to 1Password Family Setup for Oldsters

williakz
williakz
Community Member
edited October 2019 in Families

I'm the FO for my elderly and barely computer-literate family members. 1Password Family will be used more to "remember" (and correctly type in) their passwords than to provide security—I'm getting tired of having to come up with new Apple and Google IDs all the time as they forget/mistype/lockout their current ones. I can tell right away that having to enter 1Password's Master Password will become a major issue hampering their acceptance of the new password storage/retrieval regime. Since my oldsters don't require security on their home machines, how can I 1) totally disable 1Password's requirement for periodic logins or, failing that, 2) store the Master Password locally for instant and automatic recall to feed the 1Password logon as needed?

(The initial installation of 1Password on their machines as well as storage of their main login sites/passwords should be fairly straightforward as I'll use remote screen-sharing to prevent the myriad "Oops!" expected if they did the setup themselves.)

Thanks for any and all suggestions. I'm sure I'll have additional questions/problems as we proceed with the 1Password Family setup.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • XIII
    XIII
    Community Member

    Technically you can store the password on a YubiKey.

    Then it’s just pressing that key to type the password.

    Not recommending that, but it is a possible “solution” to your problem.

  • williakz
    williakz
    Community Member

    Thanks for the suggestion. An inconspicuous dongle plugged into an inconspicuous USB port might do nicely. I'll look into it.

    Whoa! $50 for each one of those gizmos? That cost seems excessive to meet the simple needs of my family members. Can't their choice of browser (Firefox/Chrome) simply store the 1Password Master for regurgitation as/when needed?

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @williakz!

    I can tell right away that having to enter 1Password's Master Password will become a major issue hampering their acceptance of the new password storage/retrieval regime.

    If this is ultimately the issue, you can also configure the auto lock settings in 1Password (on macOS, under 1Password Preferences > Security tab) so they will have to enter the Master Password less often.

    We do not recommend storing the Master Password locally, and especially not in a browser. Other than the security implications of this, the built-in password manager in browsers will interfere with 1Password, so we recommend disabling the feature in every browser that is going to be used with 1Password.

  • williakz
    williakz
    Community Member
    edited October 2019

    Hi @ag_ana

    Thanks for your response. Two points:

    1) I agree storing the Master Password via a second browser-based password manager is both insecure and a source of potential conflict between the PMs.

    2) Unfortunately, your "less often" is still TOO often in my situation. Two of my charges routinely power down their computers whenever they leave the house (as well as during storms likely to cause power disruptions).

    It seems that the expense of the YubiKey (or similar) might be the best way to go achieve my main objective: quick and complete acceptance by my (infirm) family members of 1Password due to its ease of operation, stability, and security. There is a legitimate need for SOME users to be able to run 1Password "hot" at all times without its requiring any user intervention (other than routine approvals of login storage and autofill operations). You folks should address this need.

  • Thanks for the feedback @williakz. I'm not sure there is a secure way to store the Master Password in such a way that it survives a shutdown and reboot of the computer (which is what would be required to achieve this), but I'll pass the suggestion along to the development team. :+1:

    Ben

  • williakz
    williakz
    Community Member

    Thanks @Ben. I'm guessing tucking it away somewhere inside autoexec.bat is out...

  • hah! Yes, I think the security team might object to that. ;)

    Ben

  • williakz
    williakz
    Community Member

    On further research and consideration, I understand that (though not necessarily why) 1Password REQUIRES manual (re-)entry of the Master Password. The hardware USB/NFC keys (only) ease use of a second layer of security (2FA/TOTP) associated with accessing the user-stored encrypted passwords on your servers. Looks like my only "solution" for my password-phobic oldsters is to use 'cat' for the Master Password (I know, I know—I mean the minimum necessary for the longest no-nag period).

    You guys should have a procedure to opt out of Master Password entry entirely. It could consist of, say, multiple entries of both the Master Password AND Secret Key (possibly including some sort of 2FA dance). It would be effective ONLY for the specific device used for the opt-out, so one's home computer could be password-free while one's smartphone could retain full Master Password entry requirements.

  • AGAlumB
    AGAlumB
    1Password Alumni

    When you say "requires", I don't think you're thinking of that literally, but rather as a decision that was made. 1Password requires -- in the most literal sense possible -- the Master Password as that was used to encrypt the data and is therefore necessary to decrypt it. We have no plans to have a no-Master-Password option in 1Password, as it would not only be a terrible idea, but it's incompatible with the security model, and then people may as well just store their passwords in a spreadsheet: the only way to not require a password is to not encrypt the data in the first place.

  • williakz
    williakz
    Community Member

    The requirement I mentioned (as a problem for my oldsters) relates to the forced re-entry of the the MP, not to its existence or centrality to the 1Password encryption/decryption architecture. Do I misunderstand the distinction?

    Consider the case where the user (me and my oldsters) wishes to operate 1Password in the unprotected spreadsheet mode you mention but ONLY on the physically secure computers in their home offices (where the Emergency Kit printout is laying on the desk...). What's the problem?

  • ag_ana
    ag_ana
    1Password Alumni

    @williakz:

    The requirement I mentioned (as a problem for my oldsters) relates to the forced re-entry of the the MP, not to its existence or centrality to the 1Password encryption/decryption architecture. Do I misunderstand the distinction?

    The Master Password is required to decrypt the data. In this sense it is central to the 1Password security architecture.

    Consider the case where the user (me and my oldsters) wishes to operate 1Password in the unprotected spreadsheet mode you mention but ONLY on the physically secure computers in their home offices (where the Emergency Kit printout is laying on the desk...). What's the problem?

    Malware could access your decrypted data on your computer, even if it is in a safe place like your home, next to your Emergency Kit. So while your location might be secure, if your computer is connected to the internet, your data needs to be protected independently from your physical location.

  • williakz
    williakz
    Community Member
    edited October 2019

    There are any number of risks undertaken when connecting to the internet. 1Password, in its existing structure, appears extremely vulnerable to malware agents sniffing for "snatchable" in-the-clear displays of decrypted passwords or the mother lode, a PDF/printout of all sites/usernames/passwords.

    It seems to me you folks are arguing security above all else even when security is NOT the main consideration in SOME applications (like mine) of 1Password across your large user base. What say I develop a small app that detects the prompt for 1Password's Master Password, goes to a file where that MP is (insecurely) stored, and feeds it to the entry screen? You guys interested? My oldsters are...

  • XIII
    XIII
    Community Member
    edited October 2019

    The hardware USB/NFC keys (only) ease use of a second layer of security (2FA/TOTP) associated with accessing the user-stored encrypted passwords on your servers.

    The YubiKey Static Password feature does allow you to store a password, instead of being a 2FA device:

    https://support.yubico.com/support/solutions/articles/15000006480-understanding-core-static-password-features

    Then you would only have to push the button on this USB key, whenever 1Password prompts for a password (if you ignore the security tip in the linked article) and the YubiKey will "type" the password for you.

    I know you mentioned that the keys are too expensive, but I thinks it's still a shorter road to success than convincing AgleBits to make their product less secure.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @williakz: 1Password is a security product, so yes, we do need to put security first. :)

  • williakz
    williakz
    Community Member

    @XIII Thanks for the clarification. I read into the YubiKey site material, including reviews and forum discussions, but somehow entirely missed the Static Password feature among the plethora of 2FA material. That feature looks like it will fit the needs of my charges just fine. Perhaps one of the lower-priced alternatives to the YubiKey may provide equivalent functionality at a better price. If not, my oldsters' new keys will being doing double duty as their Christmas presents this year. Thanks again.

  • There are any number of risks undertaken when connecting to the internet.

    Yes, of course, everything else being equal, not being connected to the internet is more secure than being connected. I don't think anyone here is arguing otherwise. :) But I think every also weighs the value of having access to the internet with the inherent risk of doing so. And there are ways to mitigate most of that risk.

    1Password, in its existing structure, appears extremely vulnerable to malware agents sniffing for "snatchable" in-the-clear displays of decrypted passwords or the mother lode, a PDF/printout of all sites/usernames/passwords.

    If your computer is compromised 1Password is still the strongest link in the chain and thus is fairly unlikely to be the target. An attacker is much more likely to target your web browser, which will gladly give up passwords as they are filled into web forms. But you're absolutely right: on a compromised system we're limited in what protections we can offer. 1Password is just one tool in the security toolbox. I would suggest that good security hygiene such as not clicking links in emails, not opening attachments, being very careful about what browser extensions are installed, etc are all still important considerations even when using 1Password.

    It seems to me you folks are arguing security above all else even when security is NOT the main consideration in SOME applications (like mine) of 1Password across your large user base.

    I'm not sure I understand your argument. Because some folks aren't concerned with security we should be willing to forego our core principals to accommodate them? Sorry; I don't see that flying. I think it is important to understand the purpose and goals of 1Password in the context of discussions like this one. The fact that there are people who would otherwise utilize the product that don't agree with that purpose or those goals doesn't seem like reason to disregard them.

    What say I develop a small app that detects the prompt for 1Password's Master Password, goes to a file where that MP is (insecurely) stored, and feeds it to the entry screen? You guys interested? My oldsters are...

    There are some protections for the Master Password field (i.e. Secure Input on macOS). The OS won't allow a 3rd party to view or modify the contents of the Master Password field. That said, We aren't going to stop you from pasting the Master Password, or from storing it insecurely. But we strongly recommend you NOT do it. Storing your Master Password unencrypted on the same disk as you run 1Password from is like locking your car but leaving the window down and the keys on the seat. Maybe that is an acceptable solution for some, but it certainly isn't something we're going to design for in the software.

    Ben

  • I think @XIII makes some excellent points. :)

    Ben

This discussion has been closed.