Why does a Dropbox vault capture the 1Password login when being added after the 1PW online vault?

1ppsmu
1ppsmu
Community Member

I use 1Password individual subscription. I was able to connect to my personal vault with the iOS app. After that I also added a vault which is shared with me via Dropbox (its like a team-vault ... shared with multiple users).
Now I have to use the password for the Dropbox vault to get access not only to it but also to my personal 1Passwort vault.

This behaviour is very surprising to me - and at first quite scary because my password seemed not to work anymore!

Why can't I select which vault I want to open and then use the corresponding password which seems to me the most intuitive action?


1Password Version: 7.4.4
Extension Version: Not Provided
OS Version: iOS 13.3
Sync Type: 1Passwort and Dropbox

Comments

  • @1ppsmu

    As you very well noticed. 1Password uses the Master Password for the Primary vault to unlock all other vaults. This behavior predates the existence of membership type accounts. I wish that I had more information to share about this. But it's working as initially intended. I do not know if that could to be changed.

    As a crude workaround, you could remove the current Dropbox vault. Then create a new Dropbox vault or even a local vault using the Master Password of your choice. Then add in your existing Dropbox (shared) Vault. Forcing the application to use the Master password of your liking.

    • I would suggest a Dropbox vault in your situation so that if any data gets inadvertently saved to it, it will sync to the other devices.
    • If you're using different devices, the same workaround would likely need to be applied to each device.

    I know its not ideal at all, but its the best workaround I can think of in your situation while maintaining your current Dropbox setup.

  • 1ppsmu
    1ppsmu
    Community Member

    @ag_tommy
    Thank you for that tip.
    I removed the shared Dropbox vault from the iOS app and made a new Dropbox synced vault with the same password as the 1Password-membership-online-vault which I kept in the iOS app. As the new vault name I chose "LoginOnly"(.opvault). This vault is intended to facilitate the login with the same password as the 1Password-membership-online-vault and will never contain any login/password data.
    I then readded the shared Dropbox vault.
    Yes - I am now able to log in using my "normal" online-vault password.

    But ... this ... feels ... weird!

    If I understand you correctly, this is caused by the technical history of 1Password (on iOS at least).
    The obvious question would be: Why can't the online-vault act as the "primary" vault ... THE vault which determines the password to unlock all vaults added later? (Or ask the user: Which password do you want to use when you start/use the app? Maybe only choose a vault and then its password will be used. Not allowing the user to define yet another "master" password.)
    It also feels less secure, because now I have another vault with the same password lying around. (I'm not saying it IS less secure.)

    You don't have to reply to this, because you basically helped me solve this. So, thank you for that. (I'm just reiterating here what I did in case somebody elso stumbles over this.)

  • @1ppsmu

    The way 1Password unlocks is:

    1. If a Primary vault exists then unlock using the Master Password for that vault, regardless of what, if any, memberships are signed in
    2. If a single 1Password membership is signed in then unlock using the Master Password for that membership account
    3. If multiple memberships are signed in then unlock using the Master Password of the first added membership

    These are each exclusive scenarios. For example, if multiple memberships are signed in, you cannot unlock 1Password using the Master Password of the second account that was added.

    It also feels less secure, because now I have another vault with the same password lying around. (I'm not saying it IS less secure.)

    For what it's worth we recommend using the same Master Password for any Primary vaults owned by the same individual as well as any of their 1Password memberships. For example... I no longer use a Primary vault, but I have accounts within at least 7 different 1Password memberships. All of these share the same Master Password.

    Ben

  • 1ppsmu
    1ppsmu
    Community Member

    @ag_tommy
    Thank you for that tip.
    I removed the shared Dropbox vault from the iOS app and made a new Dropbox synced vault with the same password as the 1Password-membership-online-vault which I kept in the iOS app. As the new vault name I chose "LoginOnly"(.opvault). This vault is intended to facilitate the login with the same password as the 1Password-membership-online-vault and will never contain any login/password data.
    I then readded the shared Dropbox vault.
    Yes - I am now able to log in using my "normal" online-vault password.

    But ... this ... feels ... weird!

    If I understand you correctly, this is caused by the technical history of 1Password (on iOS at least).
    The obvious question would be: Why can't the online-vault act as the "primary" vault ... THE vault which determines the password to unlock all vaults added later? (Or ask the user: Which password do you want to use when you start/use the app? Maybe only choose a vault and then its password will be used. Not allowing the user to define yet another "master" password.)
    It also feels less secure, because now I have another vault with the same password lying around. (I'm not saying it IS less secure.)

    You don't have to reply to this, because you basically helped me solve this. So, thank you for that. (I'm just reiterating here what I did in case somebody elso stumbles over this.)

  • ag_ana
    ag_ana
    1Password Alumni

    @1ppsmu:

    Why can't the online-vault act as the "primary" vault ... THE vault which determines the password to unlock all vaults added later?

    It can, but only if you don't have other standalone vaults inside the app, as you have discovered. I think there might be a historical reason for this, since before 1Password accounts were introduced.

This discussion has been closed.