1Password Should Allow secure unlock with the OSX Keychain
1Password Should Allow secure unlock with the OSX Keychain, which is battle tested and provides "good enough" security for the vast majority of users. Obviously this shouldn't be the default, but it should be an option for power users who are willing to accept a [very] slightly less secure, but far more useable, setup.
On my Android device, I can unlock my keychain biometrically, aka easily. There should be a comparable feature in OSX.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:1Password Should Allow secure unlock with the OSX Keychain
Comments
-
@JonathanSFisher thanks for the feedback! This is something that was available in previous versions of 1Password but was removed because it led to people forgetting their Master Passwords, which is a no-good very-bad thing, as it means they won't be able to access their information if something happens to the OS X Keychain or they want to access that information from another device.
0 -
Exactly, I wouldn't make it the default, but it's a useful feature.
0 -
@JonathanSFisher I don't believe this was ever the default, but I'm afraid that was before my time ;) Like I said, we appreciate the feedback, and if we have a conversation about bringing this feature back I'm sure we'll take it into consideration :)
0 -
It's a bit concerning (and aggravating) you would reverse course on innovation rather than solve the actual problem. If their 1password was unlocked by keychain at login, then the only way they could lose access to their 1password vault would be to forget their computer login. If you guys weren't checking to make sure they used a password to login to their computer (and was never secure anyway) I can see why this is a problem. Otherwise, now you're punishing the rest of your users for a few moron's mistakes.
0 -
Hi @JonathanSFisher,
Thank you very much for your feedback and feature request, we certainly appreciate it! I wanted to elaborate a bit on the setting nmott referred to, and why it was removed:
Back in 1Password 3 for Mac, there was a setting in the Preferences called "Never prompt for master password". When enabled, the master password would be stored in the OS X Login keychain, so as long as it was stored there it never needed to be re-entered in 1Password, even after rebooting the Mac.
Unfortunately, that setting caused issues for many users because they didn't need to type their master password for months or even years, as the login keychain remembered it for them. A lot of people forgot their master password because of that, and therefore, if the login keychain became corrupted or their master password was deleted from it accidentally, their 1Password data became inaccessible forever.
That was of course a bad situation, and unfortunately it happened to more than just a few customers. It's unfair (and untrue) to call them "morons" because of that - the problem is that that setting made it too easy to forget the master password, and it was also too easy for that master password to be removed or corrupted in the OS X keychain. In order to prevent that scenario from ever happening again, that option was removed entirely, starting in 1Password 3.9.
We certainly weren't trying to punish anyone by removing that feature. We removed it because it was essentially encouraging folks to forget their master password and eventually get locked out of their data. I can certainly forward your request to our developers, but because of the problems it caused previously, it's not likely to be re-added unless we find a reliable and secure way to prevent those problems.
Are you being asked to enter your master password too often? If so, you can configure 1Password so it requires your master password less often. We have information about the auto-lock settings in the Security Preferences section of our user guide.
I'm sorry this isn't the answer you wanted to hear, but I hope it at least helps to explain why that option is no longer in 1Password. We really appreciate that you took the time to send us your feedback about that, and if you need anything else, please don't hesitate to let us know. Have a great weekend! :)
0 -
My apologies for the morons comment. I just think you guys could find a happy medium rather than say "no"
0 -
Thanks for taking the time to write in with your request. The security features and practices in OS X change often and we'll continue to look out for ways to make unlocking more convenient when we can.
0
