Auto-lock options limited

In previous versions of 1Password, you could set the auto-lock time to 4 hours, which is a good option for a desktop. However, the beta version has removed this and has only a huge jump between 1 hour and Never! One hour is way too short when I'm working at my desktop at home all day. It's extremely inconvenient to have to keep signing in over and over when there is no chance that someone is going to jump in and hijack my account.

In desperation I've set mine to Never, but I don't feel comfortable with this either. Any chance we can have the 4 hour option back? and/or 8 hours (to reflect the work day)? Better yet, an option to set our own auto-lock time, although I recognise this might involve a lot more work to implement!

Thanks as ever for what is otherwise a wonderful, life-saving piece of software!


1Password Version: 8.2.2-19.BETA
Extension Version: 2.0.6
OS Version: MacOS 11.5.2

Comments

  • ag_chantelleag_chantelle

    Team Member
    edited September 13

    @alphgal

    Thank you for sharing your feedback and example of your particular use case. You're right, we can definitely add more granular control over auto-lock settings between "1 hour" and "Never". I'll be sure to share your feedback with our development team. Hopefully we'll see some positive changes in an upcoming release.

    ref: dev/core/core#9398

  • I would say honestly that 4 hours and 8 hours are too long in my opinion.

    My concern would be that employees would set it to these long times and potentially abandon their computers at points leaving their vault open to be tampered with. (As an option, might it be possible to set a maximum auto-lock time for an organisation?)

    The whole point with 1Password is that it should be unlocked only as long to unlock what you need. For this reason, I have my 1Password set to 10 minutes.

    I definitely get that some people will want the long unlock times, but as a security app, I feel like 1Password should balance the security implications of that since people might just set a long time without thinking of the ramifications.

  • BenBen AWS Team

    Team Member

    @binaryoverload

    Indeed, and those are great arguments. They largely reflect how I personally feel as well. Most people pay for 1Password because they're trusting us to make sensible design decisions that result in an increase to their security posture. On the other hand we have arguments that 1Password shouldn't "nanny" those who understand the risks and want to make informed decisions based on their risk profile. That is a balance we're constantly trying to make right so as to best suit the majority of our users.

    As an option, might it be possible to set a maximum auto-lock time for an organisation?

    This is currently possible with 1Password 7 via MDM:

    About mobile device management

    Hopefully we'll be able to offer similar options with 1Password 8.

    Ben

    ref: dev/core/core#4335

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file