Feature request: Automatically unlock 1Password through OS X's keychain

xver

Hello, I'm writing this feature request specific to 1Password for OS X. Please excuse my bravery - what I am suggesting might sound odd at first for a security product such as 1Password, but please hear me out. I did not find a similar request on this forum's search.

I would like to suggest adding automated unlocking of the 1Password for OS X keychain by using OS X's login keychain. I understand that there previously have been concerns about this approach being insecure, but please let me explain from a system developer's perspective why storing the 1Password master password with the operating system's keychain does not weaken security:

• The OS X keychain is encrypted with the user's login password. It is therefore impossible to extract the master password from a powered-down or stolen computer as long as the user set a reasonably secure login password.
• Keychain items on OS X are locked to code signing identities. This lock is enforced by the keychain manager through the operating system kernel. Other applications, even non-sandboxed ones, can therefore not extract the master password stored in the keychain.
• Processes running as root could override the keychain manager's limitations - but they could also just read the master password from 1Password's address space because, after all, the kernel will do whatever root tells it to do.

The only realistic attack vector left is a weak login password set by the user. Therefore, if this feature is implemented, there should be a clear warning stating that the feature should only be used with a secure login password.

Thanks in advance, xver

hawkmoth

I can't evaluate the security issues you discuss, but I would be curious to know what you are wanting to accomplish. Is it that you only want to enter one password to open you session and have everything then available, without need of further password entry? I'm just curious.

xver

Yes, this is exactly it. Instead of entering two long passwords (my login password and my keychain password) after powering on the computer, I would prefer a centralised logon managed by the OS only.

Plato

Absolutely NO, NO, NO!

I don't use a login password and I don't want to use one.

danco

Plato, if this existed, I am sure it would only be an option, so would not be a problem for you.

xver, I am not competent to comment on the security issues, you may well be right on those. But I do know that 1PW3 had this option. AgileBits decided to remove it, because they found that too often it led to people forgetting their 1PW Master Password. Requiring a user to enter the password (at least) once each login helped avoid this problem.

littlebobbytables

Hi @xver,

This request has been made in the past and the response back at the time was no. I don't know if it is for the reason danco stated (which definitely applies to iOS and people who use a PIN or Touch ID) or if there were other reasons at the time. It was a conscious decision to do so though. As such it would be doubtful the request would be re-opened without a reasonable change in circumstances from when it was first made. Sorry.