Unlock 1Password without typing the password every time

1Password allows you to remember only one password across all of the services you use, while having a unique password for each service.

The “problem” with 1Password, is that you want the password you use to be secure, really secure, so your password for 1Password has to be super long, which you need to manually type whenever you need to access your passwords (that’s for the Mac and Windows versions – on iOS you can use you finger, which is awesome).

I’ve been trying different things over the years (see this blog as an example), but they all felt clunky solutions. This is the best solution I came up with so far.

This blog will show you how to unlock your 1password without typing anything, but still keep it secure (use at your own risk !, there is no substitution from a security standpoint to having your password in your brain only. You need to weigh the ease of use with the security risks associated with this method, and choose if you will use it or not).

ONE MORE THING TO MAKE CLEAR. AgileBits DO NOT endorse this method, and in-fact recommend against solutions like that. You can read more about this in the following blog, and disclaimer from AgileBits below:

https://blog.agilebits.com/2013/03/06/you-have-secrets-we-dont-why-our-data-format-is-public/

We have to advise you to never enter your 1Password Master Password into
anything that isn’t 1Password. We aren’t casting aspersions on the integrity or
competence of any developers, but we simply can’t advise otherwise.

Note: This solution is geared for the Mac, and at the time of writing, the current version of 1Password is version 6.

success

What does the solution look like?

Instead of typing the password manually, you will use a USB drive as your key to unlock 1Password. Simply inserting the USB drive will unlock 1Password, and disconnecting the USB drive will lock 1Password. Your 1Password password will be stored encrypted on the USB drive , and the password to un-encrypt the information will reside on your computer, so on their on either one cannot be used to unlock your 1Password.

Caveats

  • You need to think of the USB drive as a your house key, and your computer as your door lock.
    1. If you leave the USB drive in your computer  and leave the room, everyone in the room can potentially access your 1Password.
    2. If you keep the USB drive in the same carry bag as your laptop, and someone steals your bag, they have access to your 1Password – so NEVER keep the USB drive in the same carry bag as your computer.
  • Over time you may forget your 1Password password – DON’T !!!
  • Do not lend your USB drive to anyone, it is easy to copy the file off your USB drive, and use it later on with their own USB drive – Make this USB drive a dedicated stick for 1Password (get the cheapest USB drive you can find, this will work with an old USB drive you have lying about).

How secure is it ?

  • It is less secure than remembering your password and keep typing it.
  • The encryption I use is 256 bit, so as long as the password you use to encrypt is very long, it is quite secure from an encryption stand point.
  • We store the password to un-encrypt the USB drive in mac keychain, and get Keyboard Maestro to read it directly from there, but if someone gains access to Keyboard Maestro program on your computer, they can still retrieve the password by changing the Keyboard Maestro script (a very simple process). This by itself will not grant them access to your 1Password. They will still need access to your USB drive, or to the file stored on it.
  • At the end of the day Keyboard Maestro gains access to your master 1Password, and it is NOT designed to handle super sensitive data (that’s why the creators of 1Password advise against solutions like that), so there is a potential of Keyboard Maestro to leak the information to other processes on your computer.
  • As long as you don’t leave the USB drive and your computer in the same vicinity and leave the room, either one of them by themselves do not allow access to your 1Password (MAKE SURE YOU DO NOT USE YOUR 1Password PASSWORD TO ENCRYPT THE USB DRIVE !!!!)
  • If you loose your USB drive:
    1. Replace your 1Password password ASAP.
    2. Recreate this mechanism using a DIFFERENT encryption password.

What will you need?

  1. The GPG suite to encrypt / un-encrypt your password file
  2. The cheapest USB drive you can find
  3. Keyboard Maestro for the mac
  4. 1Password for mac (either the app store version, or the agile bits store version) – this blog is written for the App store version but with minor tweaks in the Keyboard Maestro script (a link later in this blog) , it will work on either one, see the Keyboard Maestro section in Step 3).

Making it all work

Step 1 – Installs:

  1. Install Keyboard Maestro for the mac.
  2. Install 1Password for mac
  3. Install GPG. Download the GPG suite from here, and install it. We do not need to install the whole suite, only the Mac GPG2 binaries (installing everything will also include ways to encrypt emails and such). Below are step by step instructions for that.

Screen Shot 2016-04-23 at 10.48.46 AM

Screen_Shot_2016-04-23_at_10_48_58_AM

Screen_Shot_2016-04-23_at_10_49_16_AM

The last step is to click “install”.

Step 2 – Create the encrypted text file to add to your usb drive

Open the terminal window on your mac (you can google, or watch this video if you are not sure how to do it: https://www.youtube.com/watch?v=zw7Nd67_aFw), and type in the following:

cd ~/Desktop
nano personal.txt

This will bring you to an editor , type in your 1Password password (make sure there are no trailing spaces), and hit “Control-O”, enter to save it, and “Control X” to exit. You should see a new text file on your desktop named “personal.txt”

Next enter the following (in the same terminal window):
gpg  –cipher-algo AES256  –symmetric personal.txt

This will prompt you for a password. Make that password very long, but something that you can repeat. This password SHOULD NOT be your 1Password password. GPG will prompt you twice for the same password, and you will need it once again when you setup your Mac keychain.

once it saves the file, type the following:

rm -Rf personal.txt
mv person.txt.gpg personal.txt

you should now have a text file on your desktop named “personal.txt”, when you open it, it should look like gibberish.

Now copy the encrypted text file to the usb drive, delete it from your desktop, and clean your trash (make sure you don’t have anything important in your trash before you clean it – I’ve seen that before, trust me).

Step 3 – setup osX keychain with the USB password

The gaol of this, is to keep the environment as secure as possible, so we will store the USB password in the Mac OSX keychain, and get Keyboard Maestro to read it directly from there, this way it is not stated in plain text inside Keyboard Maestro.

To enter the USB password into the Apple KeyChain, open up the “Keychain Access” application, make sure that the Category is set to “Password” (see the picture below), and hit the “+” sign.

Screen_Shot_2016-04-28_at_9_45_27_PM

 

Enter the following information (see image below). The password should be the one you used when creating the “personal.txt” file.
Substitute “{your osX account name}” with your user name, and type the USB password into “the Password” field.

Screen_Shot_2016-04-28_at_9_46_04_PM

Step 4 – setup Keyboard Maestro

Create two new rules in Keyboard Maestro (you can download the templates here, right click on the link, and choose “download linked file as” and store it somewhere on your computer. Double click on the file downloaded, this will add it to your Keyboard Maestro), one will lock 1Password when you eject the usb drive, and the other will open up and unlock 1Password for you when you insert the drive. Also if 1Password is locked, and the usb disk is connected, pressing on SHIFT-COMMAND-L would unlock 1Password for you automatically as well (as long as the USB drive is in the computer).

These are the scripts as shown in Keyboard Maestro (in case you want to write them yourself):

Screen_Shot_2016-04-29_at_2_05_53_AM


Screen_Shot_2016-04-29_at_2_02_59_AMWherever there is “{YOUR USB NAME}” – highlighted in red in the above pictures, you need to enter the volume name of your USB drive (see pictures below for how to know what you need).

You will probably have less issues if the name does not include spaces. If it does, you can right click on the name select “get info”, and change the name under “Name & Extension”.Screen_Shot_2016-04-23_at_10_03_37_PM

Also, please note that I noticed that the current 1Password version (version 6 at the time of writing this blog) from the AgileBits store is named “1Password 6”, while the 1Password from the Apple Store is named “1Password”, the scripts I have are for the App store version, so if you downloaded the App from their website, you will need to re-select the app launch and menus in my scripts to match the version you have).

Step 5 – Test it

The expected behaviour is for 1Password to unlock itself when you insert the USB drive, and lock itself when you pull the USB drive out.

The first time you use the script, you will get asked to provide your osX credentials, that’s because Keyboard Maestro is asking to access your keychain password for the USB drive. When it asks you, also specify “always allow”, unless you want to type your osX password every time.

TADAAAAA congratulations, assuming that all works, you can stop typing long sentences whenever you need to use your 1Password.

I hope this helps others as much as it helps me …