Suggestion: Option to use shorter PIN while 1Password is running
I would love the following:
- When 1Password is started (after a reboot, after manually closing it etc.), one uses the secure password/passphrase as usual
- However, one can define a shorter PIN (could be a 6 digit number, or a short password) that can be used to unlock an already running 1Password
For me, this would be a nice compromise between a totally locked down 1Password, and very lax settings that ask for a password only on start.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@Tinue: We have no plans to offer a PIN option in 1Password for Mac. It was a necessary evil in the past on mobile devices since tiny onscreen keyboards can be difficult to manipulate, but computers don't have that problem. Adding a PIN option would effectively just leave you with a weak-link password that could be guessed to access your data. You can certainly change your Master Password to make it weaker now, and that would have the same effect on security and usability. But, to be clear, that's not recommended. Using a long, strong, unique Master Password is an integral part of your security. It's your prerogative if you are comfortable with a lower level, but poor security isn't something people need 1Password for. What I would suggest is tweaking Preferences > Security so that it better fits your workflow with regard to how often the Master Password is required. That can help a lot, and without the downside of having a weak password that can decrypt all of your data.
0 -
It's very useful. I miss it after msecure.
I have VERY strong password and i tired type it every time i need to use 1password :(
You recommendation sounds like turn security off if you want lower it a little bit.
But it's not the same like use pin. pin is more secure then disabling password.
But short pin isn't unsafe. You can ask pin after unsuccessful enter pin code.
Please don't force me switch back to mSecure.0 -
You can ask master-password after unsuccessful enter pin code 3 times.
0 -
You recommendation sounds like turn security off if you want lower it a little bit.
@sergeyklochko: I don't think you read it:
Using a long, strong, unique Master Password
That's the recommendation.
But it's not the same like use pin. pin is more secure then disabling password.
1Password doesn't offer an option to disable the Master Password.
But short pin isn't unsafe. You can ask pin after unsuccessful enter pin code.
A PIN implies a weak, numerical-only password. You can do that today. But again, it isn't recommended.
0 -
No. I can't.
Why I must have strong master password? Because my data can be accessed from internet since they are store on 1passwords servers. It's much easy to hack if I use weak password and have leakage you very-long-security-string you send my by email. I can't use non-strong password for my items on your servers.1st launch of password manager require master password for decrypt my passwords. Also master password required if I want export or mass delete my items. Also master-password require to link new device to account.
Every other operation require just PIN to unlock password manager. If someone try to guess my PIN and enter it wrong 3 times just ask for master password again. It is my problem if I want use PIN and someone can "guess" it, not yours.I don't understand why If someone have access to my phone, "guessing" my PIN is ok and it's very secure for your opinion, but if someone have access to my mac and "guessing" my PIN it's not ok. Is it "think different" practice?
I vote for PIN for android phones without scanners, and I vote for PIN on computers. Let's customers decide if they want use PIN to lower security or just disable all security checkboxes to keep security strong :rage: and prevent asking every time master password.
0 -
Sorry for my english.
Really, I half-step from switch back to msecure, because it have PIN and it's useful.
And if you rule security is priority, tell me why my credits card information is't stared? There is a lot of places in internet where I can use it with unstared information from 1password.
0 -
Thanks for the feedback, @sergeyklochko. We appreciate your input on the subject. As brenty mentioned we don’t have any plans to implement a PIN on macOS and it is very possible that PIN codes will be going away on mobile devices as more and more devices support biometrics. You make a very good point about PINs being the weak link on mobile devices, but I don’t agree that because weakness exists in one place that weakness should be allowed to exist in another place. I’m sure we could argue the merits either way all day, but that is our current position.
Also, as a point of clarification, we don’t email the Secret Key, and we never have access to it. It is not stored on our servers. It is generated on your computer (in your web browser) and is never transmitted to us/1Password.com. The Secret Key does serve to strengthen the encryption of your data stored on 1Password.com such that if someone were to gain access to the encrypted data, even if you had been using a weak Master Password (again, not recommended), it would be highly unlikely that they could “guess” the encryption keys. You can read more about the benefits the Secret Key offers here:
About your Secret Key | 1Password
Ben
0 -
I sorry I think I sow it in my mail.
Anyway, missing pin on mac is why I switch to mSecure if I can't use PIN on comps and on phones. Can I get my money for subscription back? I hate day when I switch to 1password on mobile, but thanks gods, you give me pin on my old androids. Now you plan get it back.0 -
Please email our sales team at
sales@1password.comto discuss. Generally subscriptions are non-refundable but they may be able to help. I’m glad to hear you were able to find a solution that offers the balance between security and convenience that you were looking for.Ben
0 -
Just let me play with suggestion use weak password instead PIN. Go to the https://my.1password.com/signin/
For some of customers it's look like just one blank field with prompt for master password.If someone can get access to my comp, it's very easy to guess my password if it weak. We have same situation there.
Please, LET CUSTOMER DECIDE use or not PIN codes. Do not lower our security by force us use weak master passwords.
0 -
I’m sorry if the point was not clear but we do not suggest using a weak Master Password (which could be equally as bad as using a PIN). I don’t see how using a PIN would be any more secure in your example. If someone has access to your computer what prevents them from guessing you PIN any more than guessing a weak Master Password?
Ben
0 -
It's very easy. You can shutdown 1password if someone enter 3 times wrong PIN. When it restart it's ask master password. or you can just ask it after 3 times. It's pretty enough to stop "guessing" or brute force PIN.
Do you think 0.003% is very high chance to guess for 4 digit PIN? What about 4 alphanumeric chars or 6 digits?0 -
If someone has access to your device you can't stop the brute force of locally available data (which 1Password's data is). If someone is determined to access your data they are going to make a copy of the encrypted database and attack it offline. This is where things like PBKDF2 come in:
How PBKDF2 strengthens your Master Password | 1Password
It seems the better answer here would be to use a strong macOS user account password with a short screensaver idle activation and require the password immediately upon screensaver activation. That coupled with whole disk encryption would be a much better defense against an attacker who has access to the device than a 4 or 6 character PIN which would easily be bypassed.
Ben
0 -
I prefer balance with security and usability. My disk is encrypted so even my comp will be stolen, I have very strong password for login in.
I tell you why I need strong password for 1password. I tell you it isn't very useful with typing my master password every time when I need it. I'm not paranoid, and I do not need total and exceptional security. Chance to get my password database with attack is more likely then get it local. I need DUMB local protection only with strong master password.I think PIN with algorithms I describe is safe enough for me. Why do you restrict me to not use PIN? Do you better know my passwords price for me? Why do you teach me for security if you can't realize my environment?
I have no answers for these questions.
I really do not understand why you can't thrust me to choose my personal security level?
Why should I disable all these beautiful checkboxes if I need a little bit more usability?
0 -
I understand your position, but we're not interested in implementing a PIN code feature in 1Password for Mac. I'm sorry. If as a result you feel that perhaps another solution would better fit your needs I understand.
For every feature request that we say "yes" to we have to say "no" to at least ten others. This is one we have to say no to, at least for now.
Ben
0 -
Unfortunately, 1password is the only program with shared banks. It's pricelessly for my family. I can manage my own, but not my family. My wife hate me for switching her to 1password and restrict to use weak password.
So we should be not connected persons again with switching down to mSecure.I can't understand your position. There is nothing except principle in your position.
0 -
@sergeyklochko - while we're glad to hear you and your wife enjoy the shared vaults aspect of a 1password.com account. It's definitely one of my favorite advantages of 1password.com membership. And -- as both brenty and Ben have already mentioned previously in this thread -- either or both of you are welcome to make your Master Password quite weak, if you prefer. We strongly recommend you NOT do this, but it is possible.
What's not going to be happening is implementing a PIN code for 1password.com accounts, either on the web or in 1Password for Mac, because it reduces security. So it seems you're at a bit of a fork in the road. We've given you all the ideas we can to try to approximate the feature you're asking for that we won't be implementing, but at the end of the day, if you find the lack of a PIN code in 1Password for Mac a deal-breaker, well, we'd be sorry to lose you as a user, but as long as you're using some other password manager to help keep you secure, that's what's most important. Good luck with whatever you choose, and thanks for taking the time to stop and share your use-case with us. :)
0 -
ok. I still believe I can turn your opinion.
Pin is more secure then disabling checkboxes in security section. I think you do not recommend disabling checkboxes, right? But checkboxes still there... And everyone can disable it. Is it very secure to give users chance disable those checkboxes? Why do you allow it? Why you can't add pin and DO NOT RECOMMEND use it like disabling checkboxes?
PIN give chance to local "guessing" only. It's useless until you have access to device with master-password unlocked 1password or until you know master password.
Why you told me about lower security, and still have ability to reduce it dramatically even without using pin code?
How many people just disable those boxes, BECAUSE YOU DON'T HAVE PIN? Do you know? Looks like it's me, and my wife. We are two, but I think we are much more then two.Looks like your don't understand. PIN do not replace master-password at all. It's can be used only for databases already unlocked. But if I need some "checkboxes" can ask for pin, not for mater-password.
Please, think about it.0 -
Well. You hide my comment.
0 -
I prefer balance with security and usabiprntscr.com/kawl7plity. My disk is encrypted so even my comp will be stolen, I have very strong password for login in.
I tell you why I need strong password for 1password. I tell you it isn't very useful with typing my master password every time when I need it. I'm not paranoid, and I do not need total and exceptional security. Chance to get my password database with attack is more likely then get it local. I need DUMB local protection only with strong master password.I think PIN with algorithms I describe is safe enough for me. Why do you restrict me to use PIN? Do you better know my passwords price for me? Why do you teach me for security if you can't realize my environment?
I have no answers for these questions.
I really do not understand why you can't thrust me to choose my personal security level?
Why should I disable all these beautiful checkboxes if I want a little bit more usability?
0 -
@sergeyklochko - We don't "hide" comments or remove them unless they violate our forum guidelines. What can happen is if someone posts too many comments in quick succession without reply, or post comments with too many links, they may run into our automatic spam filter, which is what appears to have happened here. I've restored your comments. Sorry for the confusion.
Looks like your don't understand.
Looks like you've confused not agreeing with your idea with not understanding it. The two aren't the same. :) Seriously, we went through the PIN code issue back during the 1Password 3 days, and wound up abandoning the idea once processing power increased to the point where even older devices had the horsepower to do frequent decryption without too big a hit to performance. However, around here, we rarely if ever say flat-out "never" to something, so even an idea that we've tried and discarded in the past might come up for a re-evaluation at some point in the future if things change (which certainly happens fairly frequently in the security world). Anything's possible.
That said, I'm not sure what else I can say to you at this point. I'm truly grateful you're passionate enough about this feature to continue advocating so strongly for it, but I get the sense that you're thinking if you can just get ME to agree with you, that will mean our developers will start work adding a PIN code to 1Password for Mac right away. While I'm certainly flattered you appear to think so highly of my influence on the direction of our code, I'm afraid it's misplaced; that's not quite how it works around here. We get quite a few user requests, plus our own ideas about what to work on next, and each idea has to be considered on quite a few levels, including: how many people will this affect, how many want it, how difficult would it be to add, are there any security considerations, what else do we have to do right now and how important/urgent is this compared to those things...you get the point. And I'm not the person who makes those decisions all on my own, anyway. I will certainly mention your wishes to the development team, and I'd recommend looking at the release notes in our updates to see what's new. Thanks again for taking the time to advocate for this feature. :)
0 -
@sergeyklochko: I wanted to follow up on something Lars mentioned in passing: we used to have a fairly prominent PIN option in 1Password for iOS version 3. We moved away from that with later versions, especially when Touch ID was introduced, not only for security, but also because a lot of people get used to using a PIN and forget their Master Password. To this day, I'm still answering emails from people using 1Password 3 who are completely out of luck, unable to access their data, because they used a PIN for so long that maybe of them forgot they even ever had a Master Password. It's all well and good for you to demand that we add this feature for your purposes, but we have to consider all 1Password users.
We don't get a lot of emails like this these days since few people are using PINs anymore these days on iOS. Security concerns aside, we have no desire to get more 1Password users on other platforms into that situation today. It's best to learn your Master Password because it's needed to decrypt your data. Practice makes it easier to remember and type over time. Adding a second password -- a PIN -- doesn't help matters, either with security, or with convenience either in the long run. History has proven that.
0 -
I have 16+ chars password. You can’t type it in second. I just disable all security checkboxes now. Let my mac keep my 1p databases with login password if agilebits can't do it comfortable for me. It’s the only way to keep good master-password and usability with balance now. Or use weak password.
Now, let ms see for users who forget their master-password. You have answer for forget master-password people case - just ask it once in week and after each reboot to enter master-password. Is it very difficult to you or complicate to users? If you can do it with fingerprint on macbook, why you can’t do it with pin on iMac?
Guys you try to persuade me, I understand nothing in security. Well. I have 25 years expirience with local and networking attacks and protection users. Believe me, I know you arguments, but still think you use it for bad not for good. I still can’t understand why you let me disable checkboxes. I can forget master-password if I disable it all. I totally unsecure my 1p for local attacker. And I have no choise if I don’t want type my good master-password every 5 minutes.
I can’t believe, you standing to security and then show all my credit cards numbers/exp dates to anyone who can see my screen. I can't believe you standing for security and let me disable it all. I can believe, you standing for security and don’t want help me stay a little bit more securely then nothing.
0 -
I have 16+ chars password. You can’t type it in second. I just disable all security checkboxes now. Let my mac keep my 1p databases with login password if agilebits can't do it comfortable for me. It’s the only way to keep good master-password and usability with balance now. Or use weak password.
@sergeyklochko: Hey, if you're okay with that setup, that's fine with us. After all, you're in the best position to know if your computer is at risk of being walked off with or used by someone else. And of course even if you "disable all security checkboxes", that doesn't make 1Password insecure; it just means it's up to you when you lock it.
⌘ ⌥ ⌃ Lworks any time. :)Now, let ms see for users who forget their master-password. You have answer for forget master-password people case - just ask it once in week and after each reboot to enter master-password. Is it very difficult to you or complicate to users? If you can do it with fingerprint on macbook, why you can’t do it with pin on iMac?
Yup. You can do that with Touch ID on a MacBook Pro. You're welcome to use that. Also keyboard. Macs have full size mechanical keyboards to type on. People know how to use these, and they work well for entering passwords -- much moreso than onscreen keyboards on mobile devices.
Guys you try to persuade me, I understand nothing in security. Well. I have 25 years expirience with local and networking attacks and protection users. Believe me, I know you arguments, but still think you use it for bad not for good. I still can’t understand why you let me disable checkboxes. I can forget master-password if I disable it all. I totally unsecure my 1p for local attacker. And I have no choise if I don’t want type my good master-password every 5 minutes.
You should try setting auto-lock to more than 5 minutes then. Checkboxes only affect 1Password's auto-lock behaviour. They don't or make anyone's Master Password weaker. Unless we add a PIN checkbox. Then literally anyone using that will have, in effect, a very weak substitute for their Master Password. People don't need 1Password to be less secure. And adding something like that would be a tacit endorsement: people would assume it did not negatively impact their security to use a PIN, when it truly would.
I can’t believe, you standing to security and then show all my credit cards numbers/exp dates to anyone who can see my screen.
Nope. Sorry. Only you can do that.
I can't believe you standing for security and let me disable it all. I can believe, you standing for security and don’t want help me stay a little bit more securely then nothing.
If you think a PIN -- a short, numerical-only password -- makes you more secure, I don't know what else to say to you.
0 -
I can manage situation and be secure with uncheked boxes. It's cost like $50 for whole family.
So question closed for me now. Other people can type their passwords every time, because agilebits know better what they are really need.
Hope you will be smart enough to not delete these checkboxes to prevent users to forget they passwords and lowering secure.
Except this aspect your product is very useful.
0 -
Thanks for the kind words. I don't think anyone types their Master Password every time they open 1Password. That's not the default, and it's very customizeable. We don't have any plans to change that. The Master Password is central to the security of all 1Password users, so indeed it's important that we each remember ours. Cheers! :)
0 -
Delete it please
0 -
@sergeyklochko: What do you want deleted?
ref: PPD-42667-376
0 -
Hi,
Instead of a PIN code for unlock, how about a "short version" of the password ? As suggested in the first post, when 1password is started, only the real, full and strong password is authorized.
But if 1password is locked, the suggestion is to unlock with the 10 last characters, per example. My password is 256-chars (!) stored in a KeePass database. I'll appreciate to have these 10 chars to type for unlock. It's what Keepass2android use for "quick unlock", with (only) the last 3 chars (not enough, IMHO).
And, of course, if the short password is wrong for the 3rd time, it need the full password to unlock.
0 -
@Mikolajek - it's an interesting idea, but one we've ultimately found little value - and significant risk - in, as brenty explained above. Each person can define their own level of risk tolerance, obviously, but as a security product, we feel we have a responsibility to all our users -- not just the tech-savvy ones -- to have a base floor of protection below which things can't be set.
Please understand that what follows here are simply my thoughts and suggestions; as I just said, each person must determine his or her own threat profile and risk tolerance. But when you say your Master Password is 256 characters, a couple of thoughts come to mind, the first of which being: while opinions on the exact calculation vary, the general rule of thumb is that once you've used about 23 characters in a password, you've achieved approximately 128 bits of entropy (depending on the charset used -- assuming full ASCII here). You're well into the trillions of years here for a successful brute-force password-cracking attempt of a 128 bit password, using currently-available computing power. And each time you add another character, you increase that exponentially. My point here is that given current (and foreseeable near-future) cracking technology for brute-force methods, there comes a point of diminishing returns for Master Password length. Yes, you can continue to pile up the zeros in the 'number of years to crack' column, but at some point, the drawback of having to remember, let alone correctly type, a lengthy Master Password exceeds the advantage of piling up more zeros.
This should not be read as us formally urging you or anyone else to consciously lower your own security; if you've assessed your own threat profile and believe you truly need your 1Password data protected by a Master Password of 256 characters, you can certainly continue to do that. But my second point is going to be: if your Master Password length is sufficiently long (and potentially random) that it's burdensome to type it in each and every time, and so you find yourself looking for ways to make that easier by typing fewer characters or other shortcuts, you're ultimately relying only on whatever you lower your security to in order to achieve that shortcut. If you've got a 256-char Master Password but you're only entering 10 characters of it, then you're really effectively only a 10-char Master Password. Again, any of this is your choice -- you can have a ten, twenty or five-hundred character Master Password, if you like. But we're not likely to redesign 1Password to allow a less-secure method of vault-access for all users to allow you do make a 256-char password a 10-char one.
0
