Feedback on barrier to entry / computer literacy
Comments
-
I agree with the criticisms of "Secret Key". I have used 1Password happily for years. My wife tried LastPass (free) and was dissatisfied. So I suggested 1Password and offered to set it up for her on her computer, even happy to pay.
After filling in everything - including credit card details - and spending 2 hours of my time, I could not find how to log in without the "Secret Key", and the nonsense that you can retrieve it AFTER logging in is just that - nonsense.
So I cancelled the order.0 -
Hi @dissatified
The Emergency Kit should be printed during the account creation process, if signing up using a web browser on a computer. If you're signing up within one of the apps then the Secret Key is accessible within the app you used to sign up. :)
Ben
0 -
The "Emergency Kit" was nowhere to be found - perhaps because I only downloaded the Firefox extension rather than waiting hours for the entire Mac download. But, can you admit that obtaining the "Secret Key" after log in is - by definition - utterly absurd since you need it to log in? Did 1Password not work fine before this innovation and, since I am still under the original plan that does not require a "Secret Key", are my data now compromised?
0 -
The "Emergency Kit" was nowhere to be found - perhaps because I only downloaded the Firefox extension
If you signed up in a web browser on a computer the Emergency Kit is likely in your Downloads folder. Part of the signup process is to download the kit, and it won't let you proceed until you've done so.
rather than waiting hours for the entire Mac download.
It would be very abnormal for 1Password for Mac to take "hours" to download on most broadband internet plans. I'm certainly not on the fastest internet in the country — 100 Mbps download, but 1Password downloads within 10 seconds on my computer. If it is taking hours on your connection you may want to consider running a speed test and then having a chat with your Internet Service Provider (ISP). I'd say that's fairly unacceptable at this stage of the game. But I digress...
But, can you admit that obtaining the "Secret Key" after log in is - by definition - utterly absurd since you need it to log in?
You do not need the Secret Key to log in if you've signed up within the app — that is done for you automatically. But it sounds like that isn't the case.
Did 1Password not work fine before this innovation and, since I am still under the original plan that does not require a "Secret Key", are my data now compromised?
The security model is different. With standalone vaults your data might only be stored on your own devices. With 1Password.com membership your encrypted data is stored on 1Password.com. The Secret Key adds a layer of protection that makes that situation much more comfortable. This guide explains:
About your Secret Key
The basic idea is that even if you use a somewhat weak Master Password there is still a strong layer of encryption protecting your data, even if 1Password.com were compromised. Because standalone vaults aren't stored on 1Password.com the concept isn't as applicable.
Ben
0 -
"If you signed up in a web browser on a computer the Emergency Kit is likely in your Downloads folder.
Likely in your Downloads folder. It was not.
No idea why the Mac download lingered on and on. I do not blame 1Password for this and the Firefox Extension took only minutes, but being Mac, perhaps Firefox does not have the same access to Downloads as Safari.
In my limited experience - re-trying several times - you do need the "Secret Key" to log in. 1Password should be aware that this is indeed the case, and stating "sounds like" is not good enough. Because of this flaw you are losing customers and goodwill.
Although I have not looked into it in great detail, I understand that the "new" 1Password still enables data to be stored in Dropbox, as does the old. So please explain again the need for a "Secret Key" under these circumstances.0 -
Although I have not looked into it in great detail, I understand that the "new" 1Password still enables data to be stored in Dropbox, as does the old. So please explain again the need for a "Secret Key" under these circumstances.
That is not the case when using 1Password membership vaults. Membership vaults are always stored on 1Password.com and not on any 3rd party services. Syncing with Dropbox is not possible for membership vaults.
Some of the main changes with membership are outlined here:
About 1Password membership
In order to make those things possible we have to run the server side as well as the client side. Dropbox and other 3rd party services just don't give us the resources we'd need to build the types of features we're offering through membership.
In my limited experience - re-trying several times - you do need the "Secret Key" to log in. 1Password should be aware that this is indeed the case, and stating "sounds like" is not good enough. Because of this flaw you are losing customers and goodwill.
If you use the same Firefox browser to access https://my.1password.com/ are you asked for your Secret Key there, or is it pre-populated?
Do you still have a vault called "Primary" with all of your data in it? Or do you have access to your 1Password data some other way? If ultimately you're unable to get signed in because of lacking the Secret Key we can help you delete your account, sign up for a new one, and re-run the migration.Please let me know.
Ben
0 -
I’m not sure if this the correct Forum for a broader discussion but since ‘Secret Key’ exemplifies the more general problem with the new subscription 1Password I will post it here anyway.
I was (and am) very, very happy with the original 1Password: concise, simple to use, intuitive and reliable.
The new, subscription service is almost the opposite. It appears to have been designed by young computer geeks who are totally unaware that much of their customer base are older, non-geeks who simply want a safe storage system to save writing down their passwords.
Starting with the Registration - as discussed above - the “Secret Key” is the start of the problem and, quite amazingly (for older people) it has to be stored as a paper: how counter-productive is that?
My wife is totally computer illiterate and, although not much better, I spent several hours installing 1Password on her Mac. The instructions for finding the ‘Secret Key’ were obscure and inaccurate (eg log in first when you need the secret password to log in).
I eventually found the “Emergency Kit” on her Mac using the Spotlight Search function, something she would not know to do.
Having downloaded and installed 1Password and added my Credit card etc., I downloaded and installed the Extension for Firefox. To test it before teaching her I added one of her password-requiring sites using Firefox then asked her to add her other site-specific passwords. Here I list some of her problems:
1) The site that I had added to 1Password on Firefox did not appear when using Safari, nor was it present when using the 1Password icon in the toolbar. They do not appear to be linked. Incredible.
2) The first site that she chose to add had a simple password - chosen as such to be easy to remember since it was only for discount shoe sales. 1Password would not open the site but stated “Weak password”. We cannot find a way to by-pass this.
3) Every time she wanted to open 1Password it asked that she re-write her password. This, I agree, is my fault since - for security reasons - I set it to shut down upon the screensaver starting, but was a pain in the neck for her. But why cannot 1Password allow discrimination between “secure” and non-secure passwords, perhaps with a ticking system?
I will stay with the old, non-subscription 1Password, but will not subscribe my wife to the new version; nor could I recommend it to anyone. We will re-try LastPass instead.
0 -
Since we're talking about subjects a fair bit beyond what the thread starter of the original thread intended I've split your comments into their own thread. That way we can give your feedback the attention it deserves without interfering with the other customer. :+1:
First: I am sorry that you had so much trouble. I could offer that the difficulty you've experienced is not typical, but I realize that doesn't help you any, nor does it help us address the problems you encountered.
Starting with the Registration - as discussed above - the “Secret Key” is the start of the problem and, quite amazingly (for older people) it has to be stored as a paper: how counter-productive is that?
It is recommended to store it on paper, but it can also/alternatively be stored as a PDF. I tend to recommend paper, but the latter works too. The important thing is having it and storing it safely, not necessarily so much about how it is stored (digital vs analog).
The instructions for finding the ‘Secret Key’ were obscure and inaccurate (eg log in first when you need the secret password to log in).
The problem here is that our guide for locating your Secret Key offers a number of suggestions, not all of which are going to be applicable in every scenario. I'll talk to our documentation team to see if there is a way we can make that more clear. The suggestion is to "use a browser you’ve used to sign in to your account before, like the browser on the computer you used to create your account" and if you do that, you won't have to enter your Secret Key to log in (which will then allow you to obtain your Secret Key). This is only applicable though if you used a web browser to sign up and haven't cleared the cache from that browser since doing so.
I eventually found the “Emergency Kit” on her Mac using the Spotlight Search function, something she would not know to do.
I understand this difficulty, but where did Spotlight find it? It should have been in the Downloads folder. I did suggest looking there above: https://discussions.agilebits.com/discussion/comment/511400/#Comment_511400
This is also outlined in the guide: 'If you don’t remember saving your Emergency Kit, look in your Downloads folder for a PDF file named “1Password Emergency Kit”.'Perhaps we should also add a suggestion to the Secret Key guide explaining how to search using Spotlight?
1) The site that I had added to 1Password on Firefox did not appear when using Safari, nor was it present when using the 1Password icon in the toolbar. They do not appear to be linked. Incredible.
This should not be the case, but is something we'd have to troubleshoot. If you still have this difficulty we'd be happy to look into why / how this happened. Please let me know.
2) The first site that she chose to add had a simple password - chosen as such to be easy to remember since it was only for discount shoe sales. 1Password would not open the site but stated “Weak password”. We cannot find a way to by-pass this.
How did she add the site to 1Password? And how is she trying to open the site using 1Password?
3) Every time she wanted to open 1Password it asked that she re-write her password. This, I agree, is my fault since - for security reasons - I set it to shut down upon the screensaver starting, but was a pain in the neck for her. But why cannot 1Password allow discrimination between “secure” and non-secure passwords, perhaps with a ticking system?
We generally disagree with the concept of "secure" and "non-secure" passwords, especially in the stages where you're just getting started using a password manager and as such likely still have a lot of password re-use across sites. It is possible to adjust how frequently 1Password locks though, and if you have a Touch ID enabled Mac you can use Touch ID in many cases instead of typing the Master Password.
I will stay with the old, non-subscription 1Password, but will not subscribe my wife to the new version; nor could I recommend it to anyone. We will re-try LastPass instead.
I hope ultimately you're able to find a solution that you're comfortable with and confident in. We'd like to better understand how we can better guide folks who end up in situations such as the one you ended up in, or better yet to prevent that happening in the first place. If you can elaborate on the details of any of the points I asked about above that would be much appreciated.
Ben
0 -
Thanks Ben for your detailed response, quite impressive the work you put in and I appreciate it.
But, in this my last response, I have to say that the product is flawed.
I did not record where Spotlight Search found the ‘Emergency Kit’ but it was not in Documents when I looked.
Tonight I tried again. The Firefox 1Password Extension contained the few passwords that we had added but these were not in Safari 1Password. Nor were they in the Menu bar iPassword Indeed, the latter had a highlighted “Add 1Password Extension to Firefox”.
So, eventually I did this and now had 2 1Password Firefox Extensions - one containing the few added passwords and the other nil. I tried deleting one, but after re-entering the email address and master password a few times I eventually gave up because dinner was ready. I give up.
Thanks for your help.
Best wishes.
0 -
You're very welcome. Again my goal at this point is to try and determine where things broke down so we can evaluate if there are areas in which we can do better in the future. Is the Firefox extension that has passwords saved in it "1Password X," and the one without "1Password (desktop app required)"?
Ben
0