Automatic Lock in 1Password X
Hello,
Long time Lastpass user testing 1Password to see if I would like to switch. I'm using Win 10 with the Brave Browser. So far I really like the program and seriously considering moving over...except it appears that there is no way to leave the 1Password X browser plugin permanently unlocked. The only option I could find was by logging into my profile on 1Password.com and maxing out the auto lock to 300 mins.
I just want to confirm that there is no way in 1Password X to permanently prevent the vault from auto locking.
The challenge I have is that having to enter my 25 character password multiple times, e.g, after closing my browser, etc. is extremely annoying. Also, my family including teenagers uses Lastpass (which does not have this issue) and there is NO WAY they would accept having to reenter their long passwords constantly in 1Password X. I get why the feature is there. However, I think there needs to be a better balance between convenience and security.
So, please let me know if there's any way around this feature.
1Password Version: 1.20.0
Extension Version: 1.20.0
OS Version: Windows 10
Sync Type: Not Provided
Comments
-
Hi @Odin23! Welcome to the forum!
So far I really like the program and seriously considering moving over.
Thank you for the kind words!
I just want to confirm that there is no way in 1Password X to permanently prevent the vault from auto locking.
That is correct: you can extend the automatic unlock time, but for security reasons we do not allow 1Password to be unlocked indefinitely.
So, please let me know if there's any way around this feature.
On Mac, you can enable desktop app integration in 1Password X beta, so you can unlock the extension with Touch ID. If we manage to port the feature over to the Windows app too, that would be an easier way to unlock 1Password X.
Alternatively, instead of using 1Password X, you could use the 1Password for Windows desktop app together with the companion browser extension, and configure it so it unlocks with Windows Hello ;)
0 -
I second this. I have been a user of 1password for years and switching to 1password.com has been painful. Not only do I have to reenter my password after 300 minutes but I have to hit shift-cmd-X every time! This has made using 1password a very unpleasant experience. Let me leave it unlock for 24 hours. I realize hitting shift-cmd-X is probably (maybe) some security thing but it's made it so I've fallen back to using browser to store passwords. Please think about the friction you've introduced and how it's probably have the opposite effect of what you want.
0 -
Thanks for the response. 1Password is supposed to save me from entering my password on websites over and over, but ironically, it's requiring me to enter my password over and over to keep me from entering my password over and over. I seriously hope this is fixed. A 5 hour timeout is ridicules. The old plug-in was unlocked until I closed the browser or some very long time. Having to hit shift-cmd-x is a major part of the friction. Why?
0 -
Hey @mark8761. 5 hours is quite a long time in my view — I certainly step away from my computer every so often and would want 1Password to lock during that timeframe. :smile: You could consider turning off the auto-lock functionality altogether, although 1Password will still lock when you completely close your browser, rather than having a specific timeout set. Or you can also always use the classic extension, too — you are not required to use 1Password X if you do not want to.
0 -
How do I turn off auto-lock? I'm not sure why you limit it to 300 minutes. Why not let me set that to what I want? I work at home, there are 2 people in my house. My computer requires a password after 15 minutes.
0 -
I too am VERY VERY FRUSTRATED BY your insistence that you know what is best for me the customer...If you guys don't fix this extension AUTO LOCKING fiasco for my chrome then we are going back to Dashlane and soon. You probably don't give a damn so why am I complaining here????
0 -
I posted the original question in this thread and the recent replies pinged my email. FWIW, I thought I’d chime in here.
I have since returned to Lastpass as this ONE issue was a deal breaker for me. It is quite obvious to me that the 1Password team thinks that their users are too stupid to assess the level of risk in their own environment and systems to make a decision on what is an acceptable risk for their own device.
Case in point, the response from Team Member ag_michaelc “I certainly step away from my computer every so often and would want 1Password to lock during that timeframe.” Great for YOU, but not EVERYONE wants the software to make that decision irreversibly on their behalf. For example, most cars have an auto lock feature, which is great. But there are some people who decide not to turn the feature on for a variety of reasons, so the feature is made optional. Automakers don’t pretend to understand every possible scenario their customers will have and allow the user to decide based on their own risk assessment. 1Password team why not give your users the option to choose if they want that auto lock function enabled?
1Password team, I get it that you’re trying to protect all threat vectors for your users. However, not all users are in a high-risk environment all the time and it’s possible to have a balance between security and convenience simply by warning the user of the potential risk of removing the auto lock and allowing them to decide for themselves. Instead, you’ve created an incredibly inconvenient and arrogant “feature” which makes the product unusable for users that would have happily switched to your service.
To users chasers and mark8761, I suggest you cut your losses in time invested in using 1Password and transition back to your previous password vaults. It’s unlikely this complaint will get any attention other than the obligatory “Thanks for the valuable feedback” and quickly filed under “Ignored Suggestions”.
0 -
@Odin23 a major potential downside to the convenience of the automotive "auto lock" feature is its converse: the "auto unlock" feature that is usually set to occur whenever the vehicle stops and its transmission is in placed in "Park." This can result in the vehicle being transformed from an almost impregnable fortress capable of rapid escape into an inviting and vulnerable target for evildoers. Once again, as you suggest, user choice in employing (or not) these various "conveniences" based on specific circumstances is key.
0 -
@williakz I totally agree. Interestingly, the risk you cited in your example is the exact scenario my family hates about the car auto lock. We drive into a perfectly secure home garage, put the car in park and everyone in the car has to wait for the driver to unlock all the doors for everyone to get out. Very annoying. I have pretty high confidence that the risk from evil doers in my locked garage, on a secured property is very low, that's not a risk assessment the auto maker can or should make irreversibly on my behalf. It should be my choice.
1Password's approach is: all users are too dumb to assess the risk of their own technical environment so let's decide for them with a one size fits all feature. User choice on when to use the auto lock feature IS the best feature.
0 -
@Odin23, jumping lanes from discussing 1Password to talking cars, most modern vehicles have the ability for the user to tailor Auto Lock/Unlock behavior to operate as desired. When the vehicle stops and is put into Park, either no doors, only the driver's door, or all doors will automatically unlock. Jumping back to an idea 1Password may wish to consider, the specific behavior of the vehicle is determined by user choice as indicated via a documented setup procedure.
0 -
Hey guys, thank you all for the valuable feedback here.
I'd love to explain and elaborate on the current situation for you.
1Password X is a standalone extension that lives and works solemnly in your browser. It is bound to the browser's restrictions, policies and API's, and therefor cannot keep functioning when the browser is closed/quit. As soon as the browser is closed, 1Password X will lock up just as the 1Password desktop app locks up when your computer restarts/shuts down. It has no way of knowing what is going on in your system when the browser is closed, so locking up is crucial.You can definitely adjust 1Password X's auto lock settings (or disable it completely if you'd like) which is useful when you keep the browser running non-stop; Right click the 1Password X icon in your browser's toolbar -> Select "Settings" - > Adjust or disable the auto-lock as you see fit.
Our current roadmap involves adding an integration feature to 1Password X, which will allow it to connect to the 1Password desktop app. One of the biggest advantages is that using the desktop app, the 1Password X extension will be able to remain unlocked even if the browser is closed, because it will have a way of knowing what is happening on your system and keeping your data safe. Other advantages include unlocking 1Password X using Touch ID or Windows Hello! That is a big feature we've been working on for quite a while and hopefully it will be released in the near future.
To clarify even further, you are not stuck with 1Password X at all. We currently offer 2 different extensions. 1Password X, which is a standalone extension, and the good old companion extension, which you probably already know if you've used 1Password before. The old companion extension only works with the desktop app, and will remain unlocked for as long as the desktop app is unlocked (Which is similar to the feature we're working on adding to 1Password X). The downside of the companion extension is that it is a bit outdated and doesn't show up inside usernames/password fields suggesting relevant actions.
So you definitely have full control and choices here over your 1Password and how you want it to behave!
- You can use 1Password X and control how the auto-lock functions.
- You can use the old companion extension: https://1password.com/browsers/
- You can use a combination of both if you'd like, but keep in mind that you'll get double prompts for saving new logins which might be confusing and cause some user errors.
Hopefully the integration feature will reach 1Password X soon enough and will address all the issues you've raised here, but until then there are definitely ways to get things to work the way you want it to.
I hope that clarifies why things work the way they do currently. We always listen to users and feedback is super important to us, so feel free to keep it coming! :+1:
0