Unlocking multiple accounts
I have added multiple accounts to the 1PW for Windows early access version (one business account & one family account), but each has a different master password. In 1PW7, unlocking one of the accounts also unlocked the secondary account at the same time, but this doesn't appear to be working in the current EA version and it prompts me for the master password to the secondary account each time.
Is this something coming soon, a bug, or is the functionality being withdrawn? Or did I miss something again? :lol:
Thanks! :)
1Password Version: 8.1.0-60
Extension Version: 2.0.4
OS Version: Windows 10 21390.2025
Sync Type: Not Provided
Comments
-
Hiya @teh_c 🤗
In 1Password 8 for Windows (and 1Password for Linux!) every account with a different Account Password will need to be unlocked separately.
That said, if you have multiple accounts added that share the same Account Password, they will be unlocked at the same time, just as it did so within 1Password 7 for Windows.
0 -
Hi @teh_c , this is an interesting idea! I'll mention this to our development team.
Just in case it's helpful, it can still be handy to have the secondary Master Password stored in your primary account anyway, so that you can copy / paste those sign-in details when you need to log into the secondary account.
But, 1Passwordception does sound appealing... 🔑🔑🔑 and I can definitely see how this would be a useful feature! Thanks again 😀
0 -
I have the same issue ... with an added twist that it seems to allow for Windows Hello to unlock the second account. When I select the Windows Hello icon and facial recognition process takes place, it still is not unlocking the account. I still have to manually enter the password.
0 -
That said, if you have multiple accounts added that share the same Account Password, they will be unlocked at the same time, just as it did so within 1Password 7 for Windows.
What is the recommendation? Should multiple 1Password accounts have the same account password? Why would that password reuse be okay and other password reuse not be? I see this as encouraging reuse which is something you otherwise strongly discourage.
0 -
Thank you for bringing that up, @soshiito. You are correct that we recommend using the same password for all 1Password accounts, and not anywhere else:
When you’re invited to join a team, you’ll be asked to create a Master Password. Because you already use 1Password, enter the Master Password you already use.
(from How to use multiple accounts)
The main reason password reuse is usually bad is because every service you give a password to provides another opportunity for it to be exposed. The other is that the potential negative outcome is multiplied by each account you use the same password with if that password is exposed. 1Password account passwords aren't given to us. In fact, they don't leave your local devices. As such, using that password for two different 1Password accounts doesn't come with the same increased risk as using the same password for two different services that do store that password in some fashion. In the case of 1Password, your password is no more likely to be exposed simply because you've used it with multiple 1Password accounts [bolded as this is the tl;dr]. 1Password's use of SRP somewhat minimizes the issue since the
verifier
is different in every case and the server doesn't store anything derived from the password. This makes it such that if 1Password.com were breached we have no hash of a password that could be guessed or made part of a rainbow table.Additionally the Secret Key is unique for every account and since that is mixed into the keysets, password reuse has no effect on the final key's strength. This isn't a concept that is generally in play with other, non-1Password, accounts.
I hope that helps!
Ben
0