Feature request: Unlock browser on Windows using an app on mobile phone.

I would like to unlock my browser on Windows by using mobile app. For example, when I activate browser plugin, it also activates mobile app on my phone asking to unlock the browser. If I then press OK on the phone, browser would unlock.

I think it would be not only more convenient but also more secure than typing password into various browsers a couple times a day.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:unlock using phone

Comments

  • Hi @akompanas,

    Thanks for writing in.

    Are you on Windows 10? We support Windows Hello on Windows 10, which also includes PIN if you don't have any biometric security features. You can use Windows Hello to unlock 1Password throughout the day after first unlocking with your master password.

    I think it would be not only more convenient but also more secure than typing password into various browsers a couple times a day.

    It is not more secure, it is actually more risky because the traffic between your computer and mobile devices can be picked up by anyone in your network and/or area.

    You'd still need to unlock 1Password on both sides before it can talk, so it wouldn't be that much faster than using Windows Hello. Remember, 1Password does not use authentication, it uses encryption as in your master password encrypts the data, there's no way to unlock without a form of your master password, that'd mean it'd have to transmit a key from your mobile device to your computer. How do we verify your key is real, you'd still have to unlock 1Password somewhat on that PC with a different key. Blindly trusting any key is also very risky.

    In addition, you're not typing into your browsers. 1Password browser extensions have no UI or data, it connects to the running 1Password program to bring up its native UI to let you unlock it. Your browsers do not see anything other than what 1Password fills or save, your master password is not exposed to them.

  • akompanas
    akompanas
    Community Member

    Hello @MikeT,

    thank you for your interest and explanation. Yes, I am using Windows 10 but I cannot control windows login features as it is controlled by company domain policy.

    As for phone security - I have it mostly already in a sort-of unlocked state that when I use 1Password I only need to touch the fingerprint reader to use it without re-entering the password. Unfortunately, I do not have a fingerprint reader on my laptop.

    I know that there are gadgets on the market that facilitate 2FA in a similar way that I described. So a thought that having such a feature in 1Password would be of a great help for me.

    Maybe it would be enough to enter password into a browser once a day and then it could be unlocked with a touch on the phone until a second timeout ellapsed.

    Anyway, I appreciate that you think this through and make sure the product stays secure.

  • Greg
    Greg
    1Password Alumni

    Hi @akompanas,

    The weak link is the communication between your phone and your computer. As Mike mentioned above, the traffic between them can be picked up by anyone in your network and/or area and it is not secure. I would recommend you to reach out to your IT department and discuss Windows Hello. It is very convenient. :)

    Let us know if you have any other questions, we are always here for you. Thank you! :+1:

    Cheers,
    Greg

This discussion has been closed.