Is it safe to stay logged into ipassword (by changing to 8 hours) or is this a security issue?
We hate typing the long password all day long.
Is it safe to stay logged in by changing the logout to the maximum of 8 hours? Or does that put us at more risk?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Windows
Browser:_ chrome
Referrer: forum-search:Staying logged into ipassword
Comments
-
Hi there @wlowe
The answer to your question about whether a longer auto-lock time is secure or not is "it depends", because your circumstances might be very different from others.
For example, someone whose computer stays at home all day might make a decision about their own security and set the auto-lock timer to something longer than someone who's carrying their laptop with them all day, working in public places, and so on. It all comes down to your own judgement about how "at risk" you are.
You asked: "Or does that put us at more risk?"
By definition, yes, slightly, but the question is more about where you make the balance between convenience and security. No one else can really advise you on what "best practice" looks like in your case.
The most secure option is to set the auto-lock timer to 1 minute. The most convenient is Never. The "best" will be somewhere between the two.
You can always adjust this setting later if you want – it's not a one-time decision – to strike the right balance.
I did want to just check something from what you said:
We hate typing the long password all day long
(emphasis mine)
Apologies if I misread this, but it sounds like y'all (in the plural sense) are using the same account password. If you're using 1Password Families, for example, you should all be using separate Users on that account (with different account passwords), so please let me know if that's the case and I'll be happy to help you straighten things out.
Please let me know if you have any questions, or would like any further help. :)
— Grey
0 -
Thanks very much for that input. So, if I am home all day with my computer (but doing a lot of work on the web) it is not necessarily less secure to have a longer auto-lock time, is that correct?
0 -
Personally, I would say that in that case, you can probably bump the auto-lock timer up a bit without there being any greater real measurable risk. In the scenario you described, it doesn't sound super-likely that someone would stumble across 1Password on your computer while it's unlocked.
For what it's worth, I started with the auto-lock timer at 15 minutes, but found this a bit short, so bumped it up gradually until it wasn't a problem any more.
Also, you can use Windows Hello to unlock 1Password if you have it set up already for unlocking your PC:
☞ Use Windows Hello to unlock 1Password on your Windows PC
That way, even if your auto-lock timer is shorter, you'd be able to unlock 1Password using a PIN, fingerprint, or facial recognition (depending on your PC), which may well be more convenient than entering your account password. Don't forget your account password though! It can't be reset if you forget it, so also make sure you have a copy of your Emergency Kit somewhere safe:
☞ Get to know your Emergency Kit
Are you using 1Password Families, by the way? Is everyone sharing the same account details and account password? Let me know and I can help you get things sorted out.
0 -
Yes, thanks. That sounds like a good strategy for us. We are using 1Password families and it is just me and my wife and we both have access to all the same accounts, so we've just been using a single password for us both to access 1password. Is that a problem?
0 -
If you're using 1Password Families, you should each have your own account details (email address, Secret Key, and account password). There are some points to bear in mind here:
- You'll each get your own Private vault (that no one else can access).
- All family members will be able to view and edit items in the Shared vault.
- Items can be moved or copied between your Private vault and the Shared vault
- Only one family member can be signed in to a copy of 1Password at any one time. If you share a computer, you should each have your own user account in Windows to help with this.
To get started with this, you should make another "user" (family member) so that you both have your own account details:
☞ Add and remove family members
When you've done that, send us an email at
support+forum@1password.comso that we can help you with the rest directly. You'll receive an auto-reply from 🤖 BitBot. It will contain a conversation number, which looks like[#ABC-12345-123]– post that here and I'll be able to make sure your message goes to the right team. I look forward to hearing from you. :)0 -
@GreyMIP your comment "it doesn't sound super-likely that someone would stumble across 1Password on your computer while it's unlocked". interests me. Are you saying that if a computer using 1P is unlocked and 1P is unlocked it is possible to uncover the 1P password? Or are you merely stating the an unlocked computer with unlocked 1P leaves someone's Vault open to searching? If it is the first, I'm concerned because I did not believe that was possible. If it is the latter, that is obviously true and doesn't worry me.
0 -
There are some items which are created for you when you start using 1Password, called the Starter Kit, and the "1Password Account" item contains your account details (email address, Secret Key, and account password) for your reference and to help you sign in on another device. Having this item in 1Password isn't a security risk, since it could only be seen by someone who's already looking at 1Password while it's unlocked – it's like keeping a spare key to your house inside the house. For someone to steal that spare key, they must be inside the house anyway.
Even without this item, someone with access to 1Password on your computer who's intent on stealing your 1Password data could just export it, which is why it's so important to use auto-lock settings which are secure enough without being a massive inconvenience.
0
