Auto-lock options limited

In previous versions of 1Password, you could set the auto-lock time to 4 hours, which is a good option for a desktop. However, the beta version has removed this and has only a huge jump between 1 hour and Never! One hour is way too short when I'm working at my desktop at home all day. It's extremely inconvenient to have to keep signing in over and over when there is no chance that someone is going to jump in and hijack my account.

In desperation I've set mine to Never, but I don't feel comfortable with this either. Any chance we can have the 4 hour option back? and/or 8 hours (to reflect the work day)? Better yet, an option to set our own auto-lock time, although I recognise this might involve a lot more work to implement!

Thanks as ever for what is otherwise a wonderful, life-saving piece of software!


1Password Version: 8.2.2-19.BETA
Extension Version: 2.0.6
OS Version: MacOS 11.5.2

Comments

  • ag_chantelle
    edited September 2021

    @alphgal

    Thank you for sharing your feedback and example of your particular use case. You're right, we can definitely add more granular control over auto-lock settings between "1 hour" and "Never". I'll be sure to share your feedback with our development team. Hopefully we'll see some positive changes in an upcoming release.

    ref: dev/core/core#9398

  • binaryoverload
    binaryoverload
    Community Member

    I would say honestly that 4 hours and 8 hours are too long in my opinion.

    My concern would be that employees would set it to these long times and potentially abandon their computers at points leaving their vault open to be tampered with. (As an option, might it be possible to set a maximum auto-lock time for an organisation?)

    The whole point with 1Password is that it should be unlocked only as long to unlock what you need. For this reason, I have my 1Password set to 10 minutes.

    I definitely get that some people will want the long unlock times, but as a security app, I feel like 1Password should balance the security implications of that since people might just set a long time without thinking of the ramifications.

  • @binaryoverload

    Indeed, and those are great arguments. They largely reflect how I personally feel as well. Most people pay for 1Password because they're trusting us to make sensible design decisions that result in an increase to their security posture. On the other hand we have arguments that 1Password shouldn't "nanny" those who understand the risks and want to make informed decisions based on their risk profile. That is a balance we're constantly trying to make right so as to best suit the majority of our users.

    As an option, might it be possible to set a maximum auto-lock time for an organisation?

    This is currently possible with 1Password 7 via MDM:

    About mobile device management

    Hopefully we'll be able to offer similar options with 1Password 8.

    Ben

    ref: dev/core/core#4335

  • MinhThienDX
    MinhThienDX
    Community Member

    Yeah, why don't the dev team just put a field to input number and a select box like below?
    Just do some validation (not empty, must be number)
    The select box just put some choices like minute, hour, day, week, month, year, decade, century, millennium or something I don't know and the call it a day?

  • Thanks for the suggestion, @MinhThienDX. 😊

    Ben

This discussion has been closed.