Why does saving a new login require me to enter my master password?
I've been learning about symmetric and asymmetric encryption, and it seems that 1Password shouldn't need to prompt me to enter my master password when adding a new login or updating an existing one (it's annoying to get this prompt multiple times a day).
Instead of (presumably) using symmetric encryption to add or update my password, why not encrypt my passwords with a public key? That way I wouldn't have to enter my master password every time I added a new login or updated an existing one!
1Password Version: 6.7.457
Extension Version: 4.6.10.90
OS Version: Windows 1703
Sync Type: Not Provided
Referrer: forum-search:Why does password
Comments
-
Why does saving a new login require me to enter my master password?
@CarlWalsh: Great question! Since 1Password encrypts all of your data using your Master Password and doesn't store it, you need to enter it so it can encrypt the data you add — or access anything in your vault(s), which is necessary for it to do things like identify an existing login so it can offer to update it for you instead of creating a new one every time.
Public Key encryption is useful, but 1Password doesn't use this to encrypt your data since it has a very different purpose: defense against brute force attacks, for which we utilize PBKDF2 to put a high processing demand on each attempt to slow down attackers trying to guess your Master Password to get into your data.
As such, it seems like a better solution to the problem your'e having would be to customize your security settings in 1Password so it does not lock as frequently while you're sitting there actively using your computer. I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
Don't forget that for autosave or updating to work it also needs the ability to read decrypted data to know if it should offer to save or update at all. The only exception that makes sense in my head would be manual save where you're asking 1Password to save a new item regardless of whether it already exists. All the other paths require analysis of your vault for whether an item matches by domain and if it does whether the new details differ from those already stored.
0 -
@littlebobbytables: That's what I meant, but you said it much better than I did. :)
0
