Unlocking Multiple Vaults

Dave_1P

@amorton

It's true that you should never reuse passwords across other services and you definitely shouldn't use a password that you use for something else as your account password for 1Password.

The reason why you can use the same account password for all of your 1Password accounts is because 1Password isn't vulnerable to the sorts of login attacks that other services are. Unlike most other services, we don't store your account password on our server and it is not transmitted to us. Rather your account password is combined with your Secret Key and then processed using a derivation function to create the keys that authenticate your account and decrypt your data.

Beyond technologies such as Secure Remote Password, each 1Password account continues to be protected by its own unique Secret Key even when you use the same account password for all of your accounts. An attacker would need both your account password and the unique Secret Key for a given account in order to access that account:

Other services just use a single user generated password for authentication/encryption, 1Password uses a dual-key system that includes a unique 34-character and 128-bit Secret Key to protect each of your accounts.

-Dave

esquared

@Dave_1P - While I understand the simplicity of the single "master" password for all 1P accounts, and the security arguments around the combination of the Secret Key and password are compelling, I still believe you are (collectively) missing critical points that deserve more attention. Notably:

(1) the confusion that is created by the mere suggestion that passwords get reused across accounts. People have been told repeatedly to "never use the same password twice", and finally when that message seems to be getting traction and people want to use 1Password to avoid that, you are changing the rules and saying, "yes, normally, but in this one specific case, it's ok". I get the security model is darn good with the Secret Key + Password, but that is going to go way over the heads of 95% of your users. Moreover, the more naive users are likely to say "well, if it's ok for 1Password, it must be OK over here in this other situation too", which I'm sure you'll agree is not true.

(2) Some users, myself included, have strict requirements that we never use the same password twice, and any technical arguments about the security model are not going to sway anyone with authority to make the rules. This means we either have to break the rules - a bad idea and could result in disciplinary action - or we have to suffer with the current UX - which you have acknowledged needs rework for people like us.

(3) (this is possibly going to be contentious) - I appreciate the mathematical arguments (bits of security being improved) by the added Security Key, however, the Security Key is not really all that secure (IMO). It's presented in clear-text several times to the user, most notably on the recovery kit, must be transmitted in the clear or retyped in order to sign into multiple devices, and most importantly, can easily be recovered in clear text form from a simple grep .. | awk over the filesystem (on macOS, at least) from various browser plug-ins. Therefore, I would argue that the Security Key is nothing more than a long-ish salt.

(4) (following on that argument) - anyone with access to my computer, including one's employer, could in theory recover the Secret Key, and if the employer (or business partner in my case) also has access to my recovery kit, they now have access to all my 1Password accounts, even for that of my family account. I've made this argument before, but never seen any ABits responses. Now I trust my business partner (and my spouse), but in the best of worlds neither should have theoretical access nor the moral quandary it implies in the event of my demise or other even in which the recovery kit would need to be used.

All of that combined are my reasons for continuing to use separate passwords for each of my accounts, and thus I hope you see why I and others push so hard on improvements to the UX to accommodate our usage of 1Password.

Dave_1P

@esquared

I'll avoid going over territory that we've already covered in this thread, your feedback about why you personally aren't able to use the same account password for each of your 1Password accounts and your suggestions regarding the user interface for unlocking multiple accounts has been heard and passed along to the product and development teams. I appreciate your passion for the subject and definitely see your perspective. 🙂

I did want to touch upon a new point that you raised about the locally stored Secret Key: 1Password isn’t designed to protect you from someone who already has full (root) control of your device. Since 1Password is a software application, it is dependent on the integrity and state of the device that it is running on and the apps that it is running next to. If someone, like your employer, has root access to your work computer then it's entirely possible for them to secretly install a corporate tool that is capable of viewing and recording everything that you do on that computer. Using a different account password for each 1Password account added to a device that is completely controlled by a third-party like your employer won't necessarily offer you increased protection from that third-party.

The account password and Secret Key serve distinct functions; your account password protects your data while it's on your device(s) while your Secret Key protects your data while it's off your device(s). We've documented the local storage of the Secret Key in our Security White Paper on page 79: 1Password Security Design

If you do have any other questions or suggestions about the Secret Key and how it is stored then I encourage you to open a new thread so that we can discuss that there while keeping this thread focused on the topic of unlocking multiple accounts in the 1Password app.

-Dave

MathiasMagnusson

Let me add to this. It makes no sense what so ever. Not even your own web site think it does.
"With 1Password you only ever need to memorize one password."

If i have tool that has a password then that password should unlock access to the tool. If not, why do we not have a password for every piece of information so it does not unlock all of them or at least so each Vault is individually unlocked.

You arguments about this pretty much leads to that the passwords for the accounts doesn't matter. Thus, rather than me now entering a 20 letter password, I will end up with the shortest possible. In fact, as it is not improving security as you condone having the same password, why don't you do away with it all together. If I am to have the same on multiple accounts, then I need to agree with everyone to have the same password. This means that at the workplace we all know the password to get into our collegues private 1Password account if they walk away from the computer unlocked. Such recommendations is not what have made me stay with 1Passord for years.

Security is important, but so it usability. When you make security harder to use users end up simplifying their lives. For me it will mean a password that I can enter very fast. So very short and with as few unique letters as possible. It also means setting auto lock to be off or to have a much longer time. Nobody wants to be repromted after every meeting, discussion coffeee...

So Apple Watch works. It allows me to log in to both accounts with just using it once. How is this different from me entering a master password separate from the account passwords? I have not verified if this works in Windows but if it does then I'll always use that. But it forces users to be Apple customers in order to have a nice workflow.

From a website, how do I request to unlock another account? It seems to prompt only for the first account.

To me all of this seem like an argument claiming a bug is a feature. I am in IT so I know all about that. :-) But there is no mention of this as a new feature in 1Password 8. If it were a feature there seem to be a lot of things missing. Lika opening all vaults from a website, or indicating to me that the reason that the suggestions on a website is missing things is due to the account not being unlocked.

If you use autolock and that means you have to reenter a number of passwords after inactivity, on cannot really see that as being more secure. Security that is enoying enough will be circumvented over time. I know from work that the shortest and easiest passwords I and my collegues have are those that the security team forces us to enter over and over. Making the most important passwords the easiest to hack.

Usability is a security feature!

(Speaking of which when I tried to post it required a new account. Registering one then made the website forget my comment and there was no way back. Good thing I have a deep distrust for websites ability to actually post what I had written so I had it ready to be pasted.)

GreyM1P

@amorton

You should use the same account password for all your 1Password accounts whenever you can. That's the only "one password" you'll then have to remember.

All of your other online accounts should have strong, random passwords generated by 1Password.

Because each 1Password account has a different Secret Key, the underlying cryptography that actually encrypts and decrypts your 1Password data is still different for each account. However, unlocking 1Password is much easier when you have only one account password to enter.

esquared

@GreyM1P - I really encourage you to read back in this and related threads. There are many of us who cannot (for "reasons") use the same password for all 1Password accounts. The tool needs to support us better than it does now, and the continued suggestion that users do otherwise ignores their unique needs.

Dave_1P

@esquared

Using the same account password for all of their 1Password accounts will work best for most folks as explained in our guide. Since this is a thread with many different users in many different situations and environments not all of our replies will apply to your own specific situation and we're here to help everyone.

You can find my reply to your specific feedback and situation here: https://1password.community/discussion/comment/686917/#Comment_686917

-Dave

MathiasMagnusson

I'm baffled about the suggestion about using the same password.

Are you really suggesting to share a single password across accounts belonging to different teams and organisations. Isn't avoiding sharing of password for multiple uses pretty much your whole business idea?

For a security company to recommend sharing passwords for whatever reason takes away quite a bit of the credibility. If a hacker gets my password for one account, they'd be able to access all my accounts with 1Password spread over multiple organisations. How is that a good security practice?

cssmith07

****Super Simple Request (SSR)**** --> Can you just put the functionality back as was experienced with 1PW 7?

1PW's success, as I see it, has been your ability to listen to your customers. Can you please listen now? Thank you.

joelataylor123

I'm in this boat. I'll try the "use the same password" idea, but geez it's a PITA to enter multiple passwords many times over. For this reason, I've relaxed as many of the Security options as possible, but I still get caught in an endless loop with the Chrome browser add-in. Super frustrating that I had to Google it, sign up for an account and make a comment on it.

Ocean West

What if in vaultA I had password for vaultB and in vaultB I create a new type of item a "vault token" that is generated key or OTP - I take that and paste that in to specific field for the login item back in vault A - this would permit cascading of credentials for vaults. And each vault maintains its own password.