1Password not locking on VMware fusion suspend

I'm running a Gnome Shell Ubuntu 18.04 Desktop in a VMware Fusion VM on a Macbook Pro and when I suspend the VM the browser integration locks but the standalone 1Password doesn't so when I resume the VM my vaults are still unlocked, even though the lock symbol is present on the browser integration.


1Password Version: 8.0.33-69.BETA
Extension Version: 1.24.2
OS Version: Ubuntu 18.04.5 LTS
Sync Type: Not Provided

Comments

  • Dayton_agDayton_ag

    Team Member

    Hey there @markw_modica, thanks so much for writing in - that's a great question!

    When a virtual machine is suspended, it is essentially frozen to the outside world, freezing processes and stopping the passage of time with respects to the machine. While the machine is suspended, no internal processes or actions can take place that would cause 1Password to lock, such as the lock screen being called or reaching a 10-minute auto-lock timer.

    Could you check and confirm if, upon resuming the virtual machine, clicking the 1Password icon in your browser will cause the extension to connect to the unlocked 1Password desktop app?

  • It does - when you click the browser extension icon (which shows locked) it opens the unlocked desktop app. It doesn't happen every time but to give you the background, this is a work laptop and I suspend my Ubuntu VM at the end of the work day and then typically resume it the next day. If the vault is unlocked when I suspend, the next day when I resume the browser extension is showing as locked but the desktop app is still unlocked.

    I tried to replicate this by suspending while unlocked, waiting for longer than my timeout period and then resuming but it didn't exhibit the same behaviour - in this case it was still unlocked but the browser extension also showed it being unlocked. I haven't had the time to test this more thoroughly.

    Perhaps the way they both calculate idleness is different? Maybe the extension has knowledge of the last time it checked and sees the jump in time?

    Before I used the desktop app the browser extension would always be locked the next time I unsuspended the VM (typically the next day but sometimes at night).

  • Another point to make is that in this state the browser extension doesn't autofill. It just prompts to open the desktop app so I have to lock the vault manually and then unlock it again (that's the annoyance that prompted me to post this).

  • Dayton_agDayton_ag

    Team Member
    edited May 13

    Hey @markw_modica, thanks for sharing that info! I spoke with the team, and the difference here is coming down to the different ways that the desktop app and 1Password in the browser "track" how time passes.

    The desktop app bases it off of the idle time of the system - since suspending the system freezes the idle time, upon resuming the VM the idle time of the system has not progressed, and the desktop app remains unlocked. 1Password in the browser, on the other hand, has a secondary check of looking at the system clock to determine if it should lock, and this is what causes the extension to lock immediately upon resume.

    in this state the browser extension doesn't autofill

    I believe this comes down to the extension checking system time and believing it should be locked, so then disconnecting itself from the desktop app.

    I'll file these findings internally for the team to look at. :smile: Let me know if you have any questions!

    ref: /dev/core/core/#7493

  • Thanks @Dayton_ag, that lines up with my assumptions. It would be great if this could be addressed but I guess for now I'll just have to remember to lock up before suspension.

  • Dayton_agDayton_ag

    Team Member

    @markw_modica

    Sounds good, and thanks again for writing in with this! :smile:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file