Windows lock/login screen link?
Perhaps this is my lack of experience in Windows, but in my mind, I could see having an optional link or button on the Windows 7 lock screen (not sure about Windows 10) that would go to the 1Password Teams web service URL in kiosk mode and allows someone to login and grab their Windows network account password in our environment. Do you think this is something doable, considered, or even advisable? We have a password self-service feature right now that does this that's deployed via Group Policy, and we plan to deploy 1Password to all users so that they can store all of their business logins and share with teams, but it seems the Windows network password is the one "outsider" that won't fit nicely in the way we are deploying this to our users.
Thanks for a great product!
1Password Version: 6.0
Extension Version: Not Provided
OS Version: Windows 7
Sync Type: 1Password
Comments
-
@jlinczak: Bear with me, because I'm not certain I understand what you're asking. Do you mean you want to access 1Password before logging into Windows? If so, that isn't possible, as 1Password (like any app) runs within the Windows user environment, not at the system level. It isn't able to run on the login screen. Please let me know if I've misunderstood your request!
0 -
No worries - I get it all the time. :) Yes, what you said is what I was thinking. I take this from an example like the product ManageEngine's Self-Service Password reset tool (https://www.manageengine.com/products/self-service-password/self-service-password-reset.html), which we are using now for our small business. Their tool has a similar idea - older Windows login screens have a button, but newer versions just have a link, and that link pops up a browser in kiosk mode (so you can't change the URL) that allows access to a webpage that can in turn allow them to unlock their accounts or reset their password before logging in. So I was thinking, why not do this for 1Password? Have a link on the login page to 1Password in a kiosk mode with no ability to change the URL, log in to your 1Password for Teams site, grab and copy your password and paste into your Windows login page. No? :)
0 -
Hi @jlinczak,
It is an interesting idea and we'll look into it. We have received requests for 1Password to work with Active Directory as well as other SSO systems, this could work with your idea as well.
The one thing that might be problematic is that the user has to enter their account key in addition to their master password on these machines because they're public and we need to clear the data as soon as you sign out. That might be more of a hassle compared to using your smart phone to quickly look up your password in the 1Password app that may be easier and quicker to unlock with biometric support such as Touch ID on iPhones and fingerprint scanner on Android devices. Heck, even using 1Password on the Apple Watch may be quicker.
Thanks for letting us know about it and we'll keep this in mind as we continue to improve 1Password Teams.
0 -
The one thing that might be problematic is that the user has to enter their account key in addition to their master password on these machines because they're public and we need to clear the data as soon as you sign out.
Ah, yes - I see what you mean. I haven't use the site in a while, so I had forgotten about this as a requirement.
The point on phones/watches is a good one, but I guess that's assuming folks have one, and what that means for strict BYOM-type policies. But I could see where something like a biometric scan from a mobile device would be a lot more secure than anything else.
Thanks for entertaining the idea.
0 -
You're welcome! Hopefully, we'll come up with something that might make this easier for your setup in the future.
0