Disable 'insecure desktop'?
Is there any way of setting 1Password so it always uses 'Secure Desktop'? Sorry if this topic has been dealt with elsewhere, I had a look but I couldn't find it.
If keyloggers truly are a risk, then it is important to make sure that 1Password is NEVER accessed insecurely on a compromised machine; just a single lapse of concentration or 'deliberate' relaxation of security when under pressure is enough. I think there are two loopholes here:
- The 'Unlock on Secure Desktop' preference for browsers is set per computer and defaults to 'off'; when using multiple computers, it is easy to forget this and end up installing without remembering to set the option.
- The Unlock on Secure Desktop button on the desktop is not the default, is quite small, and requires a mouse click. It's so easy to use the 'insecure' default login box by accident (or deliberately..).
Even after remembering to use Secure Desktop, if there is a login glitch of some kind the obvious next step is to try an 'insecure login' to see if that fixes the issue: if the temptation to log in insecurely is there, surely every user will use it?
Remember: if a keylogger is installed, just one slip is all it takes.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows
Sync Type: Not Provided
Comments
-
@jrennie: The most important thing to keep in mind is that Secure Desktop isn't a panacea. If your machine is legitimately compromised, then it's only a matter of an attacker taking the time to get what they want. For example, Secure Desktop can prevent them from grabbing your Master Password, but as you access your data, they could simply take screen captures or record the clipboard history over time (among other things). Secure Desktop is a protection against a very specific kind of attack, to prevent your Master Password from being compromised in the short term. But if you have reason to believe this is necessary, it's much more important to address the root cause for concern by having your machine scanned, cleaned, or otherwise confirmed safe. Otherwise you're just relying on an attacker being too stupid or impatient to hang around and let you access the data for them.
But you're right: having it enabled by default would be — all things equal — better than not. Unfortunately Secure Desktop is incompatible with (or unavailable on) many PCs, and can cause crashes and other issues if it's unsupported. Otherwise we'd still have it enabled by default. But it simply isn't feasible. As much as it would be nice if it were, the limited protection it offers is outweighed by denying people access to their data when they can't even use the app as a result. If you're fortunately enough to be able to use this feature, while it isn't ideal, a click here and there to enable/use it isn't such a terrible thing. And perhaps we can find a better solution in future versions.
0 -
Brenty - thanks for the very comprehensive answer. Still a couple of things there, though...
- I have no reason to believe I have been compromised, so I haven't quarantined my PC or summoned Mandiant, but then, again, I have no reason to suppose that I haven't. Secure Desktop is merely a sensible precaution, not a last resort for the paranoid, but it must be used consistently in order for it to fulfil its purpose. If you're saying it isn't really helpful, that somehow undermines the purpose in having the feature in the first place.
- I appreciate that there will be people with PCs that don't support Secure Desktop; but the fact that their computers are inherently insecure shouldn't have a negative impact on those of us whose are, surely? I wasn't hoping that you make Secure Desktop mandatory for everybody, including those poor souls, merely that you should help those of us who can use it to do so effectively. This might call for a little ingenuity, but not a huge amount, I bet.
0 -
Brenty - thanks for the very comprehensive answer. Still a couple of things there, though...
I have no reason to believe I have been compromised, so I haven't quarantined my PC or summoned Mandiant, but then, again, I have no reason to suppose that I haven't. Secure Desktop is merely a sensible precaution, not a last resort for the paranoid, but it must be used consistently in order for it to fulfil its purpose. If you're saying it isn't really helpful, that somehow undermines the purpose in having the feature in the first place.@jrennie: I'm not saying it isn't helpful. As I mentioned, Secure Desktop can protect you from having your Master Password captured. It's just important to keep in mind that there are many other risks once someone has the ability to put a keylogger on your machine. Thanks for humouring me as I prattled on a bit. Even if you're already aware of these things, since this is a public forum I try to consider others who might have similar questions and read this discussion. :)
I appreciate that there will be people with PCs that don't support Secure Desktop; but the fact that their computers are inherently insecure shouldn't have a negative impact on those of us whose are, surely? I wasn't hoping that you make Secure Desktop mandatory for everybody, including those poor souls, merely that you should help those of us who can use it to do so effectively. This might call for a little ingenuity, but not a huge amount, I bet.
Let's not forget that all PCs are inherently insecure. That's not a knock; it's simply a fact, as they're built on decades-old hardware and software platforms whose creators, though brilliant, did not design them with security in mind. It just wasn't a concern at the time. So we're all stuck with some legacy baggage that prevents us from being as secure as we'd like, with or without 1Password.
I appreciate your points, but Secure Desktop isn't something we invented; it's a Windows feature that 1Password can take advantage of where available, much like EFS, which also isn't available to everyone (requires specific Windows SKUs, etc.) So it isn't just a matter of us being clever. The thing that allows Secure Desktop to be, well... secure, limiting the unlock screen to known processes, is that it's an OS-level feature.
Enabling Secure Desktop by default prevents many people from using 1Password at all. 1Password can still benefit these people even without that feature, and you can still use Secure Desktop. While having it available by default would conveniently save you and I a click here and there, I just don't think it's reasonable to render 1Password unusable for others to accomplish that. That said, eventually it may be that we target specific Windows software/hardware requirements that change that equation, so that it's feasible to require Secure Desktop or other specific features. Things are always moving forward, but with Windows 7 still a majority OS, it would be imprudent to cut all of those people off, especially for such a small gain in the grand scheme of things.
0