Hi... I've owned version 3 of 1Password for iOS for sometime. Recently I bought version 4 and for the time being anyway, I have both versions installed on my iPhone 4. As you know, there is both a Master Password and an Unlock Code available for both versions. In my world of doing passwords, the Master Password is a tough password while the Unlock Code is a simpler 4 digit code. After installing version 4, I now realize I have a question about each version (both 3 and 4) and they are two different questions.
First, version 3. I have the Unlock Code set to "auto lock" after 2 minutes and under the Master Password section I have that set to "auto lock" after 10 minutes. When I click "lock now" what comes up is the entry for the 4-digit "auto lock" code. The bottom line is the way I have version 3 set up I NEVER have to enter the Master Password. Is that because 2 minutes is obviously less than 10 and therefore when it locks it ALWAYS locks under the Unlock Code and so I never have to enter the Master Password??? I mean I can not touch this app for a week but when I do, the Unlock Code is always what comes up, never the Master Password. Is this the way it should be???
Now, for version 4. This one is tougher... I imported settings and content from 1Password 3 into 1Password 4. I see that I still have 2 minutes and 10 minutes for Unlock and Master respectively. Quick Unlock Code is set to ON and Lock on Exit is also set to ON. When I close the app and reopen sometimes I get a request for the Unlock code and sometimes I get the request for the Master... Is version 4 set up to be different in this regard than version 3 and if so, how???
So why does version 3 NEVER ask me for a Master Password??? And why does version 4 ask me for the Master more often than I would like???
As a follow up, I see that I can set the Master Password request time to NEVER in version 4 and that would make that password never be requested again but I don't have that set to NEVER in version 3 either and version 3 never asks for the Master while version 4 does??? Again, I'm confused... thanks. bob...
Thanks for writing in to us - I'm sorry to hear that we've gotten you confused!
First of all, let's discuss the Quick Unlock Code in 1Password 3 for iOS. The PIN code was originally conceived as a convenience feature for frequently accessed items in the time before iPhone OS supported fast app switching and background tasks. It was a compromise we were never happy with, but it provided the best balance of security and user experience at the time.
One of our goals with 1Password 4 was to make strong security the default. The old PIN code had the downside of being used to encrypt some items and with only 10,000 possibilities, this just wasn't good enough for us to continue with. We did away with that approach in the first iPad version as well. We do still have the unlock code available in settings, but it is only used to control access to the 1Password application, never for encryption of any of your data. This means that you need to authenticate with your master password at least once per session in order to be able to use the QUC.
From the User Guide:
You can configure 1Password to never prompt the password/code, but this only works after you:
Why the last one? When you stop using 1Password, the iOS app will keep track of how long it’s been in the background in order to ensure there’s enough memory for your current and most recently used apps. 1Password can remain unlocked in memory only until iOS is forced to fully close the app in the background to reclaim its memory block, so that your current apps can use it.
If the termination has occurred, you’ll have to enter the master password to unlock it.
Note that the more memory you have in your iOS devices, the longer 1Password can remain unlocked. Keep this in mind when switching to older iOS devices that might see 1Password locked more often.
I hope that clarifies the situation and our decision a bit. If you have other thoughts or ideas, please email us: [email protected] agilebits .com
We are always here to help! :)
thanks Megan... I think I now understand the 1Password 4 part... Thanks for that... Since, for the time being, I am still also keeping 1Password 3 around (until I really learn version 4) why exactly do I NEVER need to enter the Master Password when accessing logins on 1Password 3??? I don't have anything set to NEVER but instead the Quick Unlock Code is set to 2 minutes and the Master to 10??? Is it because since 2 is less than 10, the code always locks under the QUC and therefore never under the Master or is there some other reason??? thanks... bob...
In 1Password 3 the PIN can allow access to the app. You'll only need to enter the Master Password when viewing items with Master Password Protection enabled. Items created in the iOS app have this OFF by default. Items created in the desktop versions of 1Password and then optionally synced to 1Password 3 on your iOS device default to having Master Password Protection ON.
If you created all of your items in 1Password 3 on your iOS device then none of your items would have Master Password Protection enabled by default. That is precisely the scenario we were were working to avoid in 1Password 4. In 1Password 4 all the items are protected with the Master Password automatically.
Glad to see we're halfway there in terms of explaining things!
1Password 3 had 2 separate levels of security. The 4-digit code is used to show low security items. When you tap into an item marked as high security, only then you will need to enter the Master Password.
I'd like you to test something for me: Open an item, scroll all the way down, and you'll see a Master Password protection toggle.
If it is on, then Master Password is needed for that item. If it is off, then it is only protected by the 4-digit code. Are your items marked as low security?
First, to answer your question, Megan, I opened several of the items (logins) I have on my iPhone in 1Password version 3. In all of them, Master Password Protection is set to OFF. So that fits with all you guys have said above. So now I think I understand all of it... I use 1Password not only on my iPhone but also extensively on my main computer (MacBook Pro). The logins on my MacBook Pro are ones I want and have protected with a very strong password. But I only keep less important logins on my iPhone and so protecting those logins with just a 4-digit code is ok. However, I NEVER make Master Passwords on anything very simple. Instead, I make them complex. So on 1Password 4 when I go to open one of these non-critical but still password protected logins, I keep getting the request for my quite long and complex Master Password. That won't work. So I either have to have a way to shut off the Master Password capability unless and until I ever start protecting more important logins or I have to make a simpler Master Password.
Now just now I went in to 1Password 4 and set the "Request After" for the Master Password from 10 minutes to NEVER. If I read what you said above, that should work unless and until I leave 1Password 4 closed for a long time, after which I would have to re-enter the tougher Master Password, right???
The logins I currently protect on 1Password Mobile would be a nuisance at most if they got compromised, thus the reason for wanting to keep using this app at the QUC level rather than at the Master Password level. But if I ever decide to start say doing banking over my iPhone (I chose not to presently) than all that would change and I would then revert to using the Master Password to use those specific logins...
Anyway, thanks for the info. It makes sense to me now. I see that you had a different philosophy on version 4 versus version 3. Makes sense... Just answer that one question above. With Master set to NEVER, will I be able to keep using the QUC on 1Password 4 unless I don't access 1Password often???
thanks for the help... By the way I use 1Password on my mac mundo times every day and I love it... Been using it for quite a long time now...
You're right: setting the "Request After" for the Master Password to "Never" will work until 1Password is left alone for too long (and too long again is dependent on several factors, including how much memory you have available on your iOS device).
Now, I'm glad to hear that you are using complex Master Passwords to protect your data. If you haven't already seen this, I recommend reading our blog post Toward Better Master Passwords. There's some great discussion in there about how to create strong passwords that can be easier to type. (This might make your life a lot simpler when typing in your Master Password on your iOS device.)
Hi... One more sort of related question. Just today I received an email from Dave stating that 1Password 4 for the Mac is now out. I recently just purchased 1Password 4 for iOS. Are these two considered to be completely separate from a purchase point of view??? Do I get a break for buying one if/when I buy the other??? Just a bit confused about that part... thanks... bob...
Our licenses are platform-specific, so the iOS purchase is considered separate from the Mac purchase. You will note from the newsletter though, that we do have some pretty great launch sales on, including 20% off for new users, so now is a great time to check out 1Password 4 for Mac. :)
You can check out 1Password 4 for Mac in the Mac App Store here: http://j.mp/1PmasFO
Or you can purchase directly from our store here: https://agilebits.com/store
If you have any further questions, we'd be happy to help!
It would appear that in a very recent update to the Mobile version of 1Password 4, the ability to set the Master Password lock time to NEVER has been removed. If I'm correct, that's unfortunate becuase now the longest time one can set before the Master Password is again required to be entered is 30 minutes. That seems flawed as it almost negates the reason for having a Quick Unlock Code at all. As I said in an earlier post, I set hard passwords for Master Passwords but I wouldn't want to have to reuse that more complex password every thirty minutes. Was the removal of NEVER as an option for how long to have to wait to reenter the Master Password intentional or is this a bug in the newest version of 1Password 4 Mobile??? thanks... bob
I have personally seen no info on it (never option) being a bug or a change in design.
I also miss the never option and after the update I was like HUH where did it go ?
I have good news for you (and you too, @thightower)! Looks like the "Never" option will be back. I can't say when, but it is being planned. :)
Much appreciated... I will watch for it... bob..
Re comments above about setting Master Password to "Never". I don't see that choice, only ... Minutes, the maximum being 30.
And even with the 30 minute setting, I am required to enter the master password almost immediately after I go to a different web page.
I'm now using 1PW version 4.3, but I remember having the same problem version 3.x
Dave it was an option up until v 4.2.7 I believe and looks like it was missing in 4.3. @Megan was saying at some point in the future it will be back again. Its just not known exactly when, but as they say its on the road map.
This is really frustrating guys... I have a complex master password and having to enter it each time the program is instantiated is really frustrating.
Seeing the option to set 'never' back would be very much appreciated.
I have an iPhone 5s and it's locked down via TouchID and of course a key code. I'm happy to take the risk. However it's my choice to make not the programs.
Have we got a timeframe of when this will be back?
Hi Benjamin ( @bennie )
I do apologize for the frustration here! Unfortunately, I can't give you anything specific in terms of timeframe. Our developers do know that this is important to you all :)
In the meantime though, setting 'Request After' to 30 minutes and sliding the 'Lock on Exit' toggle to OFF should have the same effectiveness as the 'Never' setting.
Apologies for the delay in responding to you. Thanks for the update on this, it's really appreciated.
Your interim tip has helped considerably.
Looking forward to the update.
Thanks for letting us know @Megan's tip was helpful, @bennie. On her behalf, you're welcome. :)
I agree with @bennie because I also have a very complex master password. I wish the ability to put in the quick code would stay on always like it did in previous versions. This way I would turn lock on exit and still use the quick code to unlock. In my opinion, there should be a master lock now button as well as a lock now button. I feel like it was perfect before giving us the option of how secure we want the app to be.
Hi @nels0nb (and @bennie, @diitto, and Dave),
You'll be happy to know that 1Password 4.3.2 is now available as an update in the App Store, and the 'Never' option is back!
Please note that the 'Never' setting is still subject to the exceptions mentioned above:
I hope this makes using 1Password easier for you all :)
thank you for this. It has not been working for me but I did not have the second condition set correctly. I now have all conditions set. I will provide an update. @Megan
I'll keep my fingers crossed that things work will for you! :)
Just a comment from my experience.
I too have a complex master password and have to re enter it quite often. BUT I don't think this is the fault of 1Password. My iOS devices often run out of memory so meet one of the conditions Megan describes when you have to do it. In my travels on other websites I have learnt if you switch to one of your already open tabs on Safari and the page reloads it means you have hit this limit. I often have a number of apps and Safari tabs open (each one uses extra RAM) so this happens a lot for me.
I guess blame Apple for not upgrading the RAM fast enough to keep up with ever expanding Apps.
Thanks so much for adding your thoughts here. I use my phone the same way you do and most of my apps re-load when I switch back to them simply because I use so many so frequently. I'm excited for the day when the RAM can handle all of my social networks, games, and of course, 1Password at the same time. :)