Bug: Invitation process creates multiple accounts for a single email, by default (accounts)

NetpogNetpog
edited January 28 in Memberships

Repro:
1. Get an invite from a friend with a Family Account.
2. Open the emailed link in an incognito window (or clear cookies, or be logged-out).
3. Follow the instructions.
You see: That you’ve got a NEW secret key, and a new account that doesn’t include any of your existing logins.
Expect: "There's already a 1Password account with this email address! Please sign into that account, now, and we'll add any vaults shared by {inviting username}'s Family."
Optionally, also: "... or, if you want to use a different account for {inviting username}'s Family, provide a different email now."
Consequence: People (whom I find in the forums) can't log into their old account, after doing this.
Workaround: Sign in (you'll get one of the accounts, unpredictably) and click "Change email"

When this happened to me, I got a "Welcome to 1Password!" confirmation email, after accepting the invitation.
"You’re all signed up! .... Your sign-in address: {the email I'd already been using for 1Password, which now applied to TWO accounts}"

I fixed the problem, with the Workaround above, but this shouldn't be possible!


Versions, OS, Sync type: All N/A. (Irrelevant to this bug.)

Comments

  • ag_anaag_ana

    Team Member

    Hi @Netpog!

    Expect: "There's already a 1Password account with this email address! Please sign into that account, now, and we'll add any vaults shared by {inviting username}'s Family."

    A user is allowed to have multiple 1Password accounts. If they get a new invitation to join a new account, we allow them to do it, even if they already have an account. The new account could be completely separate from the one they already have, so we should not merge them.

    Optionally, also: "... or, if you want to use a different account for {inviting username}'s Family, provide a different email now."

    You are also allowed to have multiple 1Password accounts under the same email address, you don't need to create multiple emails for this.

    Can you please clarify how you think this is a bug? Thank you!

  • Fascinating. Maybe this is ideal behavior. But I need to understand:
    1. When I have multiple accounts with the same email, how do I control which one I'm signing into?
    2. When someone shares a vault with me, via an invitation sent to my usual/primary email address, do I have a choice whether to make that vault visible via my primary account, or to create a new account? (And, if so, how to choose?)

  • ag_anaag_ana

    Team Member

    @Netpog:

    1. When I have multiple accounts with the same email, how do I control which one I'm signing into?

    Each account has a different Secret Key and Master Password. You could use the same Master Password for multiple accounts, but the Secret Key will change. So depending on what combination of Secret Key and Master Password you are using, you will connect to that specific account.

    1. When someone shares a vault with me, via an invitation sent to my usual/primary email address, do I have a choice whether to make that vault visible via my primary account, or to create a new account? (And, if so, how to choose?)

    No, someone can share a vault with you only if you are already part of their account. This is why you are required to create one account first, if you are not a member of it already.

  • MrCMrC Community Moderator
    edited August 21

    @Netpog

    This is very much inline with the experience I and another 1Password Families user had.

    The results of what ultimately happens are confusing at best, for the person who invites and the invitee. There is nothing in the documentation, or the email invitation that makes it clear a new account is going to be created.

    Please either change the documentation is clearly state what will happen, and change the wording on the invitation, or allow the shared vaults to be more seamlessly integrated into a users current, everyday 1Password UI experience (I have doubts that the majority of families actually have multiple family accounts).

  • ag_anaag_ana

    Team Member

    Thank you for the feedback @MrC! We will keep this in mind moving forward and we will do our best to keep improving how you can share items within 1Password.

  • Yes, thanks, @MRC, for stating the problem better than I could.

    Just to confirm: vaults can only be shared between family members? And I can be a member of exactly one family per account. Yes?

    In any case, as MRC said, it wasn't sufficiently clear to me that I was going to be creating a second account under the same email address. (By contrast, I like the UI "Accounts" tab, in the Windows app: obvious and simple.)

    Feature request: I'd love to be able to RECEIVE an invitation at my main email address, and then ACCEPT it while specifying a different address. (But I acknowledge that most users have one email address, so I don't expect that request to get high priority.)

    And thanks, @ag_ana, for your responsiveness.

  • ag_anaag_ana

    Team Member

    @Netpog:

    Just to confirm: vaults can only be shared between family members?

    Correct.

    And I can be a member of exactly one family per account. Yes?

    Can you clarify what you mean by "one family per account"?

    You can be a member of as many 1Password Families accounts as you wish, even using the same email address, if that is what you were referring to.

    Feature request: I'd love to be able to RECEIVE an invitation at my main email address, and then ACCEPT it while specifying a different address. (But I acknowledge that most users have one email address, so I don't expect that request to get high priority.)

    Thank you for the feedback!

    And thanks, @ag_ana, for your responsiveness.

    You are very welcome :)

  • @ag_ana, I want to thank you for your latest reply, and also, if you don't mind, to confirm that I understand this. I've a couple afterthoughts, inspired by my struggle to figure this out.

    I am urging clients to use 1Password. For that reason, and because of their unusual security requirements (for which 1Password is uniquely well-suited, but that's off-topic) I am eager to ensure I've got this right. While I'm not a user of 1Password for Teams (yet?), but I've skimmed the impressive Security Design White Paper.

    Here's how I understand multiple accounts, thanks to your reply, the White Paper, and the help page.

    • Both families and teams can include multiple accounts, one of which is the Family Organizer or team Administrator.
    • As a user, I can have simultaneous access to multiple accounts from different Families or teams on any given installation. (By installation I mean, e.g., app-v-extension and PC-v-smartphone; I've more installations than I do devices.)
    • If I am using multiple accounts in a single installation, then those different accounts will naturally have different secret keys, and they might have different email addresses, but I must use a single master password if I want to see everything at once.

    As for security:

    • An account can by recovered by the Family Organizer or the team Administrator (or other Recovery Group members designated by that Administrator).
    • The Organizer/Administrator/Etc. recovering an account can gain access to that account's private vault(s) only if they also have access to the account's email.

    Two notes on UI & usability:
    1. Usability and UI problem, affecting new users only: If I'm not the Organizer, then my 1Password profile,
    . a. does not make it explicit that I am not the Organizer. (A new user doesn't know to interpret "That's you!" as "team/family member".)
    b. does not reveal who is my Family Organizer (or team Administrator?), let alone how to contact them.
    c. does not hint that the Organizer role goes beyond merely paying and inviting.
    .
    2. I know you-all are working on this, but it was surprisingly difficult for me to grasp 1Password's basic structure and semantics. Maybe I'm just slow, but I do suggest a usability test, looking at new user being invited to a second Family. And I think a short single central introductory overview to 1Password is in order. There's lots of help and reference material, but first-time obviousness remains a problem.

    It's often a challenge, and it's seldom quick and easy, to get people to give up their browser's password manager and embrace 1Password.

  • @ag_ana, I want to thank you for your latest reply, and also, if you don't mind, to confirm that I understand this. I've a couple afterthoughts, inspired by my struggle to figure this out.

    I am urging clients to use 1Password. For that reason, and because of their unusual security requirements (for which 1Password is uniquely well-suited, but that's off-topic) I am eager to ensure I've got this right. While I'm not a user of 1Password for Teams (yet?), but I've skimmed the impressive Security Design White Paper.

    Here's how I understand multiple accounts, thanks to your reply, the White Paper, and the help page.

    • Both families and teams can include multiple accounts, one of which is the Family Organizer or team Administrator.
    • As a user, I can have simultaneous access to multiple accounts from different Families or teams on any given installation. (By installation I mean, e.g., app-v-extension and PC-v-smartphone; I've more installations than I do devices.)
    • If I am using multiple accounts in a single installation, then those different accounts will naturally have different secret keys, and they might have different email addresses, but I must use a single master password if I want to see everything at once.

    As for security:

    • An account can by recovered by the Family Organizer or the team Administrator (or other Recovery Group members designated by that Administrator).
    • The Organizer/Administrator/Etc. recovering an account can gain access to that account's private vault(s) only if they also have access to the account's email.

    Two notes on UI & usability:
    1. Usability and UI problem, affecting new users only: If I'm not the Organizer, then my 1Password profile,
    . a. does not make it explicit that I am not the Organizer. (A new user doesn't know to interpret "That's you!" as "team/family member".)
    . b. does not reveal who is my Family Organizer (or team Administrator?), let alone how to contact them.
    . c. does not hint that the Organizer role goes beyond merely paying and inviting.
    .
    2. I know you-all are working on this, but it was surprisingly difficult for me to grasp 1Password's basic structure and semantics. Maybe I'm just slow, but I do suggest a usability test, looking at new user being invited to a second Family. And I think a short single central introductory overview to 1Password is in order. There's lots of help and reference material, but first-time obviousness remains a problem.

    I find that it's often a challenge, and seldom quick or easy, to get people to give up their browser's password manager and embrace 1Password.

  • ag_anaag_ana

    Team Member

    @Netpog:

    Thank you for the extensive feedback!

    Both families and teams can include multiple accounts, one of which is the Family Organizer or team Administrator.

    Correct. Although you can also have multiple organizers or administrators if you want.

    As a user, I can have simultaneous access to multiple accounts from different Families or teams on any given installation. (By installation I mean, e.g., app-v-extension and PC-v-smartphone; I've more installations than I do devices.)

    Correct.

    If I am using multiple accounts in a single installation, then those different accounts will naturally have different secret keys, and they might have different email addresses, but I must use a single master password if I want to see everything at once.

    Each account can have its own separate Master Password. Once you add an account to the 1Password app, you will be asked to enter the Master Password for the account. Afterwards, you can unlock the 1Password app with the Master Password of the first account you added to the app, regardless of how many accounts you have added, and what their Master Password is.

    An account can by recovered by the Family Organizer or the team Administrator (or other Recovery Group members designated by that Administrator).

    Correct.

    The Organizer/Administrator/Etc. recovering an account can gain access to that account's private vault(s) only if they also have access to the account's email.

    Correct.

    . a. does not make it explicit that I am not the Organizer. (A new user doesn't know to interpret "That's you!" as "team/family member".)

    If you login to your 1Password account on 1Password.com in a browser > click on your name in the top right corner > select My Profile, the app will show you your role below your name. This is for both organizers and members. Do you think this information should be shown somewhere else?

    b. does not reveal who is my Family Organizer (or team Administrator?), let alone how to contact them.

    The organizer or administrator is the person who invites you to join the account. This information is in the email you receive with the invite, but I can see how it could be useful to access this information even later on inside the app :+1:

    c. does not hint that the Organizer role goes beyond merely paying and inviting.

    Can you please elaborate on this? Can you give me an example of where this could be useful inside the app?

    The reason I ask is because the documentation already clarifies the different roles, so I wonder if it would make sense to add this inside the app too:

    About family organizers in 1Password Families

    1. I know you-all are working on this, but it was surprisingly difficult for me to grasp 1Password's basic structure and semantics. Maybe I'm just slow, but I do suggest a usability test, looking at new user being invited to a second Family. And I think a short single central introductory overview to 1Password is in order. There's lots of help and reference material, but first-time obviousness remains a problem.

    This is something that we are indeed working on, to make it easier to get started :)

  • @ag_ana, thank you for that incredibly helpful reply. (And: sorry I'm so late to acknowledge it.) Your clarification about master passwords and multiple accounts was most welcome: I simply hadn't grasped that the Master Password of the first-added account will unlock the vault holding ALL the accounts.

    This is very useful! And goes directly to a key use case for my clients: a client wants to unlock her personal account as well as her business account, but only on her work computer. On her other devices her business account must be inaccessible, and therefore it must have a distinct password.

    This is also not at all obvious. I suggest that you include onboarding steps that are used only when a user adds their second account. That's when 1Password became very mysterious to me.

    (I'll use a separate reply for your UI questions.)

  • @ag_ana, I’m pleased to see you taking these points so seriously. My biggest problems with 1Password are UI-based: things that are confusing, or that make it too easy to lose a new password. So it’s great to know that you are working on it.
    To the three points:
    a. You said: “the app will show you your role below your name”
    It does not. I created a test account just now, and that family member’s sign-in shows only “That’s You!”. Okay, so I’m “You” right now. But am I a family member? Or what?
    EXPECTED: “You’re a Family Member”
    BETTER STILL: “Family: {familyname}”
    b. (regarding “who’s my Family Organizer (or team Administrator)?”
    Many of us are terrible at organizing or searching our emails. And invitation emails are easily discarded; we don’t EXPECT them to hold information that we can’t find anywhere else.
    But that’s the only place a Member can find the contact info for their Organizer/Admin? Then they’re left high and dry, when there’s a problem.
    EXPECTED: For this info to be in my profile. (Perhaps behind a link to “about my account”, which might also explain some of the less-obvious facts that are only to be found in the documentation.)
    BETTER: Include it in the Emergency Kit. Even if a member loses that document, they're likely to internalize that one of the vital items is "You're a Member of the {familyname} family. The organizer is {name & email}."
    c. (why should the app indicate the extent of the Organizer’s role?)
    Good question. I suggest two reasons:
    (1) When a family member is locked out of their account, they might not guess that the Organizer has the power to help them get back into their vault. Why wouldn’t they? Because most family-plan services give the family organizer no account-recovery capability beyond delete-and-reinvite. For a password vault, that’s a terrible fall-back!
    So, if that fact is made clear during the first-time sign-in, or whenever the member is curious about their account (and therefore looks at their profile), they’re more likely to know what to do when The Day comes.
    (2) If the members are made aware of the organizer's ability to invite guests, they are likely to suggest that the organizer do so. I'm the family organizer, and I confess that I'd completely forgotten about that feature, before reviewing the documentation about the organizer's role, just now. It's not mentioned by the website, unless I think to click the drop-down while inviting someone.
    People forget what features are available to them. The more people use the full power of 1Password, the happier they'll be with it.
    EXPECTED: On the "People" page, I'd expect to see the family members listed, as they now are, and also a separate table of guests, with "you have no guests yet; learn more; invite a guest".
    ALSO MISLEADING: The Invitations page says "Invite family members...." Okay, thanks, but where do I go, to invite a guest? (The answer, "you do that right here", isn't at all obvious!)

    BONUS PS with UI bugs noted when adding a family member:
    (1) It wasn’t clear, until I received an email, that I could simply click on the new user’s name in order to confirm them, and that my invite would not be consumated until I'd done that confirmation. So I tend to invite a family member, and then forget all about the matter. Later, and only if I'm lucky or organized, I'll spot that "You must confirm" email.
    EXPECT: Tell me that I'll have to confirm them!.
    ALSO EXPECT: The website to tell me that I can do so, and give me a link, rather than relying entirely on the email.
    (2) When I send the email invite, there's no confirmation that it was sent; the dialog box simply disappears. I have to click into invitations to see whether my submission was accepted or ignored.
    EXPECT: "An invitation was sent to {email}."
    MUCH BETTER STILL: "...to join {familyname} as {rolename}", so that I can see when I witlessly invite someone to the wrong family, or with the wrong role. Which does happen.

  • ag_anaag_ana

    Team Member

    @Netpog:

    It does not. I created a test account just now, and that family member’s sign-in shows only “That’s You!”.

    Where are you looking exactly? I just checked my own profile and I definitely see my user role. Are you able to post a screenshot (please mask any personal information before you do so)?

    ALSO EXPECT: The website to tell me that I can do so, and give me a link, rather than relying entirely on the email.

    If there are pending team members, the website will show you by highlighting the bell symbol at the top of the page, letting you know that you need to still take some actions :+1:

    (2) When I send the email invite, there's no confirmation that it was sent; the dialog box simply disappears. I have to click into invitations to see whether my submission was accepted or ignored.

    You are right that the dialog box disappears (since that specific action has been performed), but the list of pending user members there should also update immediately, allowing you to keep track of the list.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file