Unlock on Secure Desktop
This is a feature included in the latest beta release. How does it work?
Comments
-
It is supposed to add some protection against key loggers. When you unlock your keychain on another desktop, key loggers cannot spy on the (keyboard) messages.
0 -
Yep. Just to add to what Stefan already said:
Because the "enter master password" dialog appears on another desktop (that we temporarily create ourselves), and because Windows messages do not travel across desktops, key loggers aren't able to spy on the (keyboard) messages.
0 -
Ahhhhhhhh... Ok. I misunderstood what "unlock on secure desktop" meant. I thought that it was allowing me to identify a computer that was "secure" (and thus make use of the program less time-consuming somehow), and wondered why it required me to enter the password twice, since that seemed like it made it MORE work. Just fyi that that's how one non-techie user understood the label.
0 -
Thank you for your feedback, Jenneane! We'll see if we can make this clearer. :)
0 -
I also misunderstood what the phrasing of "unlock on secure desktop" and also thought that it was to identify this computer I was using as "secure" and perhaps ask for authentication less or provide for more seamless use. I think the wording should change to something like "unlock from a trusted device", "unlock on a different computer to proceed", or "Dual authentication. Unlock using another trusted device."
0 -
This feature unlocks your keychain on a secure desktop, unavailable to key loggers. I doubt "unlock using another trusted device" makes this any clearer.
0 -
First of all, kudos on this new feature. Having a keylogger capture my master password is something I've been worried about, and prompting for the master password on the secure desktop seems like a good strategy for minimizing this risk.
I was a bit confused by the "shield icon" on the "Unlock on secure desktop" button. This icon normally means that a process requires elevation, which is not the case here.
Is there a reason you have implemented "Unlock on secure desktop" as a separate button, rather than just replacing the existing unlock mechanism? It seems to me that the right way to implement this would be to pop up a notification on first launch of the new version explaining that you have implemented a new, more secure, unlock mechanism, with an option to disable it if it causes problems for anyone. Then, at future launches of the app, go directly to the secure desktop unlock. Having two different ways to unlock the app is confusing, and the average user won't understand why they should choose one over the other.
I wonder, is there a way you could combine the secure desktop unlock with a "security image", i.e. a unique image displayed to the user with the unlock window that is only accessible by the secure desktop process? This would help foil attempts by trojans to impersonate the 1Password unlock window.
@rqc: I think you may still misunderstand what the "Unlock on secure desktop" button does. It displays the unlock window on your computer in a special mode that prevents other programs that are running on the computer from "seeing" it. This special mode is referred to as "secure desktop mode". It has nothing to do with a different computer.
0 -
Thanks for the kind words, rgsteele. I can't say I disagree with what you wrote. I'll let Stefan know, though I'm not sure of the efficacy of the security image part.
0 -
I was a bit confused by the "shield icon" on the "Unlock on secure desktop" button. This icon normally means that a process requires elevation, which is not the case here.
Analog to UAC, the feature brings up a dialog on another desktop, unavailable to key loggers. This is why the shield icon is there.
Is there a reason you have implemented "Unlock on secure desktop" as a separate button, rather than just replacing the existing unlock mechanism?
It is not for everybody for compatibility reasons (for example: it is not supported on Windows versions older than Windows 2000).
0 -
Analog to UAC, the feature brings up a dialog on another desktop, unavailable to key loggers. This is why the shield icon is there.
According to the Windows UI Guidelines, the shield icon should only be used when a process requires elevation. A user who does not have administrative privileges on a computer will avoid clicking this button because they will (rightfully) expect that they will get prompted to enter administrative credentials if they do.
It is not for everybody for compatibility reasons (for example: it is not supported on Windows versions older than Windows 2000).
Why not continue displaying the old interface for users on operating systems that don't support the secure desktop, and display only the secure desktop login to users on supported platforms (with the option to turn it off)?
I hope the secure desktop unlock is coming to the browser extensions as well. Keep up the great work!
0 -
I hope the secure desktop unlock is coming to the browser extensions as well
It is available in our extension for Internet Explorer
0