Have to enter master password to save password

My problem is, when I want to enter a website with a password I have to unlock 1password if the lid has been closed.

@garethsnaim: This is an option in 1Password Preferences > Security. It isn't something I'd recommend changing, since a laptop could easily be lost or stolen, but you're free to customize the security based on your own comfort level.

If I have to look up and enter a password each time, I may as well write down the passwords for the websites and save my self some money!

Indeed. That's a great way to save money! Unfortunately, it's also incredibly insecure, both in and of itself (storing in plain text/sight), and also because it encourages you to use weaker (possibly reused) passwords that are easy to type in manually.

But ultimately it's entirely up to you. If you believe that the only function 1Password serves is a place to store things, and you're satisfied with using a notebook for that purpose, then 1Password probably won't seem like a good value to you.

But in fact using 1Password allows you to remember and type a single Master Password to login to websites, which can each have ridiculously long, unique, random passwords you will never need to know or enter manually. This ensures that 1 no human or machine will be able to guess them to gain access to your account and 2 even if your login credentials to one site are taken (phishing, website breach), none of your other accounts are exposed.

So even if you have 1Password set to the strictest security settings so that you have to enter your Master Password every time, this is still easier (remembering and typing the same thing over and over again) than writing down and typing a different password for each site, or (/shudder) more secure than using the same weak password for every site so you can easily remember and type it.

The fact is if someone has stolen my laptop they have to get past the encrypted drive password any how, so presumably I can just turn off the restrictions of 1Password or its a waste of time?

If your laptop is powered on when it is stolen, the unencrypted data is accessible, both on the drive itself and in memory. In many cases it is trivial to simply dump the contents of the internal drive. Anything stored in your 1Password vault is encrypted separately using your Master Password, so that even if someone is able to access all of the data stored on the laptop, they will still need the Master Password to access what's stored in your vault.

Additionally, even unlocked and in use, 1Password does not decrypt all of the data in the vault wholesale; rather, it only decrypts items as you access them, so that even a memory or disk dump (or malware collecting data) at that time would only reveal the item you're currently using. 1Password absolutely needs to decrypt your data in order for you to see it, and if someone else owns your machine, you should assume that they can see what you can; but 1Password doesn't ever need to decrypt all of your data at once, so, similarly to the breach of a website where you're using a unique password, the rest of your logins won't be affected. That brings me back to your original post:

After a while when saving a password in safari I have to enter my master password. I have made this long and its a real pain having to enter this first and sort of puts me off using it.

Good! Your Master Password is a crucial part of your security, and choosing one that is
— on its face — challengingly strong will pay off in the long run...and over time, the more you enter it, the less likely you will be to forget it, and you'll also be able to type it more quickly/easily as time goes on. I wish everyone got off to such a great start! :)

I do not understand why I need to enter my master password to add a new password, I could understand it if I was trying to change a password. But surely for adding a password, the master should not be needed?
I have switched off idle time for lock, I still don't understand why it requires a master password just to add a New Password/login via safari, I don't see how this is a risk and therefore requires a master password. What is the reason?

This kind of goes back to what I said above: 1Password encrypts your data using your Master Password, and therefore it needs your Master Password to either decrypt your data to access it, or to encrypt new data you're adding. This is just good security, and providing the Master Password is technically necessary as a result. You can't have one without the other. :glasses:

Regarding the lock out, this is really disappointing, it won't even autofill when locked. Im essence the only way I can use this sensibly in Safari is to have it unlocked all the time, which makes a mockery of autofill. I set it with a 20 letter password, thinking I was 'da boy, but basically the programme is useless if I have to enter the password any time I want to do anything.
Do people just use it constantly unlocked to make it useful?

To be clear, 1Password does not autofill. 1Password will only fill your information when you tell it to. This is one measure to prevent phishing or redirection attacks.

I can't speak to what others do, but in my own use I have an auto-lock timer set that generally allows me to sit down at the computer, unlock 1Password, and pay a bunch of bills, work, or login to several sites in sequence without interruption. Once I'm not using the computer for a while (or I explicitly end my session by putting it to sleep, etc.) 1Password auto-locks. If I spend 8 hours straight actively using my computer, 1Password will stay unlocked, even if I use the default setting:

Lock after computer is idle for n minutes
Enabled at 5 minutes by default
1Password will lock when there is no keyboard or mouse activity for the number of minutes you specify.

So if 1Password is locking on me, I'm either not in front of the computer, or I'm sitting there napping. And in that case, I'm happy to have 1Password lock itself for me. :lol:

I have everything in 1Password Preferences > Security checked except "Lock when main window is closed". If you have that one checked, it may be worth re-evaluating, just based on your previous statements. Keep in mind that the auto-lock settings are completely in your control, so some experimentation will allow you to decide what works best for you. I'd say as a general rule it's best to start with very strict security settings and then tweak them to back off a bit until it's still just a bit uncomfortable, but you can live with it. It's better to err on the side of security and get a little bit annoyed now and then, rather than risk leaving your vault open at a critical moment.

Sorry if both of these are covered in prefs, but I could not find anything.
Hi, I am set to uk localistion on mac, I see no such option under 1password, see the attached image for my problem.

1Password, like all OS X and iOS apps I've used, doesn't have localization settings. This is handled at the OS level. So definitely take a look at this in System Preferences as Stephen_C suggested.

Please don't take these points the wrong way. Its difficult I suppose coming from a free product to something that costs, my expectations may be too much. In general I am chuffed with the software, works great and you have not succumbed to the desperately boring Yosemite look, well done!

Thank you thank you thank you!!! :chuffed:

While the YQ (Yosemite Quotient) of 1Password 5 is somewhat subjective, I'm glad to hear that it suits you! I think it's significant that you brought that up along with your other questions and comments, as anything new (to you, or me, or any of us) can be perceived as confusing or unappealing just as easily as it can be found acceptable, so we're constantly trying to find the right balance for the greatest number of people. And your feedback as a whole is very helpful in that regard!

I think I covered everything, but be sure to let me know if I missed something or if you have any other questions! :)

Well Mr Brenty you can certainly type :)

@garethsnaim: Yknow, you might be onto something there! :lol:

For my main mac, which lives at my house, I have to believe that if someone broke in, they would not want to be hanging around trying to look at my passwords, rather they would be on the hop trying to get back out the house, whereby the power will be cut to the mac. Therefore the protection is broadly off. I am not in a business environment, there is no one looking over my shoulder here.

Because you referenced the lid of your Mac being closed, I'd assumed that we were talking about laptops exclusively. In that case, the battery would keep the machine live...but it sounds like that might not apply to your situation across the board.

For my mac laptop. The main drive is encrypted, I did not quite understand what you meant here, but guess you mean if someone swiped my laptop in some hipster coffee shop, whilst I was purchasing my second skinny caramel latte, but left it open, ran around the corner behind some bins then tried to access a bit like Mr ROBOT, then yes this is a risk I suppose, so I have set restrictions here.

Point taken. I guess my thought is that a laptop can easily be taken from anywhere to anywhere, so this would be (and is, with my own Mac) my chief concern.

What about this for future awesomeness, allow me to unlock my macs with my phone? Presumably with all this newer bluetooth tech that should be possible. password required on mac, so verfiy on phone with thumb print? (I could be talking crap here I admit)

Indeed! I know that some AgileBits customers and team members alike would love to see a Handoff/Continuity (or similar) feature where the mobile app can be used to unlock 1Password for Mac...but the technology isn't quite there yet. This is something we'll continue to explore, and if and when it becomes possible and feasible (security-wise) I suspect we'll be very interested. ;)

I suppose if we are extra nervous we may worry that our thumb was removed in the raid, but we should not over think these things some times :)

My feeling is that once body parts start to come off, you've probably got bigger problems. That said, in the case of 1Password for iOS and Touch ID, I'm not sure of the current status in the UK; but in the US at least, law enforcement can compel you to provide biometric data...however, they cannot compel you to divulge your password (as this falls under self-incrimination). So in situations where you may have to subject yourself to search and seizure, simply powering down the iOS device will wipe the Master Password (and device passcode) saved for Touch ID purposes from the Keychain, and then the password will need to be entered manually before Touch ID can be used again. But of course if I'm at the mercy of someone for whom the justice system is an afterthought, I know I'd prefer to give up my personal data rather than find out what personal parts maybe taken in its stead.

But as you say, these scenarios are rather unlikely; so in the end, while I can offer some suggestions, it's up to you to decide what balance of security and convenience you're willing to accept for your data and adjust the settings accordingly. :pirate: