FR master password procedure(concerns the site)

Panos_Tzelekis
Panos_Tzelekis
Community Member

Hi there,
When setting or changing the master password, it would be wiser to force save as(rename) the emergency kit with new&old password. Even by the use of pop-up procedure notification that blocks the fields to enter the password.
I understand that most people would write these things down prior to changing the password, but as a hyperactive with dyslexia I know that such wisdom does not always apply to us especially when we use the generator.
BTW this is what encryption software always do and weirdly enough only keepass (out of as many password managers I tried) starts by saving the keys and credentials before letting u use the vault.
Of course u can argue that the above statement is not entirely true but if u think of the procedure encryption software use u know that u definitely going to save the password somewhere safe.
Also, congrats on 1password to which I finally committed. After 1.5 years of trying different password managers I find it excellent!

All the Best and Enjoy!


1Password Version: 8.5.0 / 7 latest
Extension Version: 2.1.4
OS Version: w10/11

Comments

  • Hi @Panos_Tzelekis

    Thanks for taking the time to share your perspective on this. Are you suggesting that the 1Password account password (both old and new) be stored digitally on the Emergency Kit? If so, we recommend against that. We recommend only writing the account password on printed copies of the Emergency Kit. I do see how it would be helpful to add a prompt to update the Emergency Kit when changing the account password, though, if we're not doing that already. I'll run through this process and if we're not already prompting an update tot the Emergency Kit I'll file feedback for our developers suggesting we do that. 👍🏻

    Ben

  • Panos_Tzelekis
    Panos_Tzelekis
    Community Member

    no saving in 1password. just the promt! current behavior is a promt to download the kit after u saved new password. i think a prmt befor is wiser and as i mentioned how encryption software normaly behave.
    best

  • @Panos_Tzelekis

    I'm not sure I follow. The Emergency Kit itself isn't different if all you're changing is the account password, and not the Secret Key. As such I don't understand why it would matter if the prompt to update the kit is before or after you've actually changed the password? Could you help me understand the value here? What would prompting to download the Emergency Kit before you actually change the account password do that prompting you to download it after you've made the change doesn't? Also, what if you start the process but then don't finish it? As I say, either way, the actual Emergency Kit document would be identical, but I may be missing something. :)

    Ben

  • Panos_Tzelekis
    Panos_Tzelekis
    Community Member

    ok the emergency kit is an example. what i actually suggest is a behaviour that forces (reminds or better actually forces) u to save both old and new password(with the kit or elsware) before u actualy change the password. the logic is to always have the needed credentials at hand prior to changing the password.
    best!

  • 1Password does record both new and old passwords. You can view old passwords in the password history:

    Does that help address the concern?

    Ben

  • Panos_Tzelekis
    Panos_Tzelekis
    Community Member

    ok Ben,
    thanks for mentioning all the above.
    what i suggest is exactly what u said in ur first post. a promt that makes u save the password before u actually change it, not in 1p but somewhere safe as a text or better in the kit.
    the senario is if u decide to go with the generator and u have enabled the 90 secs clear clipboard setting, unless u actually paste the gen password and the old one in a txt before u actually change the password, chances are that u get locked out.

    hope this makes better sense
    best

  • @Panos_Tzelekis

    I'm afraid we may be talking past each other. 1Password already does what you're saying. The generated password is saved before you change it, and the old one is saved in the password history, regardless of the clipboard. Putting this data into a separate document / somewhere other than 1Password is not recommended.

    Can you walk me through a case where what you're describing happens? E.g. the password for the account needs to be reset after using 1Password to generate a new password for it? I just tried this and it does not have the result you're describing. I recorded a video to demonstrate, which you can watch here:

    https://bucket.agilebits.com/ben/20211202ENYqENcK.mp4

    After recording the video I see you mentioned that you're using a combination of 1Password 7 and 1Password 8. I recorded this on a Mac using 1Password 8, but it'll be exactly the same in 1Password 8 on Windows, and the concepts shown here would be the same for 1Password 7 on Mac (though the UI would look a little different). Does the video help? Please let me know.

    Ben

This discussion has been closed.