Feature Discussion: Unlocking v3 vs v4

willia4
willia4
Community Member

I had a great conversation with the Anthropomorphic Personification that is the @1Password twitter account and it suggested I bring my complaints here. :) Well...not complaints, really. I love 1Password and use it dozens of times a day: I've stored most of my life there now (after taking appropriate safeguards). The entire 1Password ecosystem is one of the greatest pieces of software I use, and that includes the stuff I write myself!

Still, I think v4 of the iOS app took one big step backwards that has made me hesitant to use it. So, even though I bought it, I'm still clinging to v3. The Dropbox API changes made me realize that it won't work forever: even though I'm skating by on these changes because I've already synced with Dropbox, one day something will happen and I'll need to push forward into the new version.

So, before that happens, I wanted to get this written down. I'm not really asking you to change anything since I'm sure you had great reasons to switch to this new design; but I did at least want to offer one datapoint to consider going forward. (And, should v3 stop working one day, I'll still switch to v4 because on the whole it's great great great software and I couldn't live without it. Nice work if you can get it, I guess!)

For reference, I've tried to recreate the conversation with Storify, but that turns out to be harder than it seems: http://storify.com/willia4/conversation-with-1password-and-willia4

The issue is this: for my 1Password database (the one that's stored in Dropbox and lives on my Mac and Windows computers), I use a very long and complicated Master Password. It's a basic dice ware password with a bunch of numbers, symbols, and mixed capitalization thrown in. It's probably overkill, but it makes me feel better since the database is stored on Dropbox and who knows if I can trust those jokers.

Via the magic of physical keyboards and muscle memory, I can type this password in pretty quickly on my computers. It's a huge pain to type in on iOS, though. I have to keep hitting the little blue Shift button and switching between the numeric and symbol keyboards; while hunting and pecking, I lose my place in the password field and can't tell where i am and have to start over. It's not fun.

v3 of the iOS is a tremendous help with this.

In v3, when you set up Dropbox syncing, it asks for your Dropbox password and then it asks you for the "Master password for your data file stored on Dropbox". This is the hard-to-type master password. But I only have to type it once because 1Password remembers it for me!

Then, in the Security settings of v3, there's another "Master Password". I think of this as the "mobile master password", distinct from the "real" master password needed for Dropbox. My mobile master password is a much more straightforward and easy-to-type-on-a-mobile-keyboard dice ware password.

My assumption has been that the "real" master password is encrypted via the "mobile" master password. And since I have a passcode on my phone, it's encrypted again with Apple's hardware encryption. Because I try to maintain good physical security of my phone (and can remotely wipe it in the worst case), this has satisfied me as a decent compromise between ease-of-access and security. (Though I suppose I might be a bit naive about that and await a blog post where Molly and Patty show me how wrong I am)

v4 changes it up by removing the "mobile" master password. There's just the one master password of the main database and that's never written to disk. There's a "quick unlock code" that you can use if the database is still unlocked; but since it locks as soon as iOS terminates the app, this doesn't help me very much (background apps don't stay around very long for me).

So to use v4, I guess I'll need to change my master password to something easier to type on mobile. I can certainly do this, but it'll be a pain. I've gone to some effort to make sure "the right people" have access to this stuff in case I get hit by a truck (there's such a delicate balance between data being secure and data being useful; I think I've struck the right balance). So changing my master password involves burning new discs and storing new passwords in various safes and such. Like I said, I'll go to that effort when I have to switch to v4: but I'm not looking forward to it.

I apologize for the wall of text. Thank you for making a truly great piece of software and thanks for having such active and patience customer support acting on behalf of that software in twitter. I think we got confused because v3 has two master passwords whereas v4 only has one, but I think that's settled now. :) I'll stop complaining about this on twitter now and will certainly not stop recommending 1Password to anyone who listens.

Comments

  • Dan Ridley Hallock
    Dan Ridley Hallock
    Community Member

    I agree that this is an annoying sticking point with v4. I'd love to see a return of the separate master password on the mobile devices. So far I'm just living with it, but I have to say that the Quick Unlock code is definitely not a solution — there've been like 1-2 times, ever, that I've been asked for the Quick Unlock code instead of the Master Password, even when Request After is set to Never. I'm assuming this is because iOS is closing 1Password, and I have enough daily-driver apps that I cycle between that it's not surprising. I'm just loathe to make my Master Password less secure on my notebook & on Dropbox. The old system seemed like a good compromise to me.

  • charlie98
    charlie98
    Community Member

    in security settings for V4 there is Lock on Exit which you can turn off which, when combined with judicious use of Quick Unlock time, allows you to use the master code once and then quick unlock until you either power off or lock. IMO this is not a security issue since the master password is for encryption whereas quick unlock is authentication.

    Assuming quick unlock is authentication I would like to see it become similar to device passcodes and which is currently being discussed here. Personally I've gone with the years version of my device passcode.

    Unfortunately I've also discovered that there are circumstances, which I've been unable to duplicate deliberately, where a mistake in entering my quick code somehow does not require the master password but rather continually asks for the quick code but never accepts it resulting in the need to power off my device to get at the enter masterpassword.

  • Hi guys,

    It is annoying, we do understand, we are 1Password users too and feel your pain as well. We just can't sit back and make that kind of compromise to your data by bringing back the 4-digit PIN code for the initial unlock in 1Password, we have to prepare for the next decade of security threats and increasing computation powers heading toward cracking passwords. You can read about the security improvements we made in this article.

    There really are good reasons we did this, it was never meant to annoy anybody but to ensure the entire database is protected by a strong master password that is never stored anywhere on your devices. Rather than a 4-digit code that can be cracked in minutes if not seconds and it was protecting some of your data while keeping your master password scrambled in the iOS's device's keychain, which we didn't want to do in the first place.

    Not to mention, it also allow us to remove the confusing low/high security levels to keep it simple. Many folks were actually use low security level for all of their items, not just the ones they didn't care much, we're talking banking sites as well. You must understand, that was just too scary to see for us, we had to move toward providing more security while removing any confusing parts that could weaken the security integrity, even it meant it was going to annoy some folks and cause us some users who loved using 1Password with this simple code.

    It was one of the toughest decisions we ever made and we had to go with the more secure method while providing Quick Unlock Code as a compromise for that. It was never a solution for 4-digit PIN code but it offers a way to authenticate yourself (@charlie98, that's a good way to categorize it) while the app has been unlocked and until the auto-lock timer kicks in.

    We really do understand. If there are ways to make it less annoying without weakening the entire security model in 1Password, please be assured, we would do that. We're always investigating and asking questions like this to see if we can find a way.

  • fishpatrol
    fishpatrol
    Community Member

    I just registered so I could +1 willia4. I'm glad for something more robust than a 4-digit PIN to open 1P on my iPhone, but having to switch through number/symbol keyboards to type my 1P master password is a hassle. I can see how this is done to improve security, but the real-world effect of this change may be that people choose master passwords that are weaker but easier to enter on an on-screen keyboard. I find myself putting off actions that require accessing logins that are stored in 1P on my iPhone because I don't want to go through the hassle of keyboard-toggling. It's defeating the reason I bought the 1P app.

    If this is the new baseline, I'd be glad to read an article on creating a strong password that you can quickly type on an on-screen keyboard that won't make you (or your dear spouse) want to punt 1Password or punt strong master passwords.

  • khad
    khad
    1Password Alumni

    From our "On hashcat and strong Master Passwords as your best protection" blog post:

    The Master Password generation scheme that I recommend in Toward Better Master Passwords involves picking words from a list of 7776 words by rolling dice. We can make these passwords stronger by using a longer list of words. The reason that 7776 is that it works by rolling five dice (or one die five times). We can use a longer word list if we don’t need to roll dice. But it is absolutely essential for the security of the scheme that the process of picking words is really random and not under direct human control.

    Another option is to do as I suggested in that article. Create a relatively short password the usual (not very good way), but make sure it isn’t something on the diceware list. Then create a diceware password and simply add the two together.

    A third, more complicated option, is something that is a bit of a “work in progress”, but this hashcat news means we can talk about it a little early. The idea is to use lists of words from different languages as well as longer lists of words. Randomly pick which language to use for your first word, then use diceware on that. You may have to learn a few foreign words in the process, but once you’ve learned those words they should be about as easy to remember as the words of your native language.

    I have prepared lists of words exactly for this scheme along with a README file that contains not fully fleshed out instructions on how to use the system. This is very experimental, but it has allowed me to have a a strong Master Password for 1Password on iOS which isn’t too annoying to type on an iPhone keyboard or to remember.

    I hope that helps. Please let me know.

This discussion has been closed.