1P 8 Unlocking Multiple Vaults

HenryY
HenryY
Community Member

In the past, unlocking your Master Vault would unlock ALL your vaults. This is no longer the case in 1Password 8, and it makes it kind of difficult.
We now have to unlock each vault individually. If we're using multiple vaults, this is a big hassle. Can you please revert this behavior?

Thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

«1

Comments

  • B0rg
    B0rg
    Community Member

    The changed this in 1P v8, you have to change all your other vaults master passwords to be the same as your Primary master vault.

  • Hello @HenryY! 👋

    @B0rg is correct, when you enter an account password into 1Password 8 only the account that the password belongs to will be unlocked. The best way to use multiple 1Password accounts at the same time is to use the same account password for each account: How to use multiple accounts

    You can also enable Touch ID unlock for 1Password which will allow you to unlock all accounts at the same time using just your fingerprint: Use Touch ID to unlock 1Password on your Mac

    I hope that helps. 😊

  • HenryY
    HenryY
    Community Member

    Thanks @Dave_1P . Any chance you can revert the previous functionality? I don't really want my Work vault (controlled by my company) to have the same master password as my personal vault.

  • @HenryY

    Thank you for the reply. I would be happy to pass along your feedback to the team, can you tell me a little more about your concerns with using the same password for both 1Password accounts? Your employer does not have access to the account password of your work account and your account password never leaves your device: How Secure Remote Password protects your 1Password account

    I look forward to hearing from you. 🙂

  • HenryY
    HenryY
    Community Member

    @Dave_1P Yes, isn't the whole principle of using 1Password to avoid using the same password for multiple logins? Doesn't sharing the same password between multiple vaults violate this principle? In addition, I have shared vaults in different accounts (Personal, Work). If one password was somehow compromised, it would be reassuring to know that the other vault is safe. Also, since one of the accounts is not owned by me personally, it seems dangerous to have my most closely guarded secrets sharing the same password in an account that's controlled by another entity.

  • @HenryY

    Thank you for the reply. You're right that our advice in this instance seems to go against general advice when it comes to reusing passwords and the difference in this case is 1Password's architecture and security/authentication design. Our Principle Security Architect wrote a detailed explanation here: Two accounts - now needs two different passwords every time you login? — 1Password Support Community

    If you'd like to avoid using the same account password for all of your 1Password accounts then enabling Touch ID unlock for 1Password is the best way to unlock all accounts at the same time.

    I hope that helps. 😊

  • HenryY
    HenryY
    Community Member

    @Dave_1P Touch ID doesn't work on my keyboard that doesn't have Touch ID. I also just read the explanation you linked to. It still doesn't address the concern that Vault B is under a different account that is not necessarily owned and managed by the user, in this case my Work vault is in a corporate 1Password account that is separate from my personal. If something happened, like say I was ordered to surrender my 1Password (Work) password, I would be putting my own personal information in my Personal 1Password account in jeopardy under this system.

  • HenryY
    HenryY
    Community Member

    @Dave_1P There have been a lot of regressions in 1Password 8, and I'm coming into 1Password 8 with an open mind with the belief that it will improve. However, this is a major security regression from a security company.

  • Unknown
    edited May 2022
    This content has been removed.
  • @HenryY

    Thank you for the reply. There are several security considerations that led us to make the changes that we did in 1Password 8:

    • When someone chooses an account password they intuitively expect that only that password will be able to unlock their account. With 1Password 8 only the account password associated with a 1Password account can ever unlock the vaults stored in that 1Password account.
    • Organizations often enforce password policies to make sure that their employees/members are using a password that fits their organization's security requirements. With the previous way of doing things it was possible to unlock a 1Password account with a password that didn't meet the password policy that an organization set for that organization's 1Password accounts if another 1Password account with a weaker account password was added to the app first.

    There are also other considerations that we considered, especially from a usability perspective. For example, we had many reports of users who would get used to unlocking the 1Password app using the account password of one account and who would forget the account password of their other account due to lack of use and end up being locked out. By enforcing that users regularly use their specific account passwords we prevent users from forgetting their account passwords.

    -Dave

  • AndreaBarghigiani
    AndreaBarghigiani
    Community Member

    The last point of people losing the password of the secondary vault IMO it's just silly because they should have used the same 1Password to store that in the first place.

    Anyway is not possible to have a simple option that you need to check in Preference to allow the 'one password open them all' behaviour? Maybe when the user check that option you'll ask then all the master password for all the connected vaults, but at least you ask them once.

    Even if I do understand that your security concerns are legit I have to say that it"s really time consuming when you do it multiple times a day. On top of that I am not used to type my company password and now each time I have to use something stored in the company vault I have to unlock my private vault, search for the company psw and paste it. I am a keyboard kind of guy but many of those steps require the use of a mouse because I'll spend even more time navigating the UI with the keyboard.

    If you really want to take care about company security policies it should be up to them to allow or not the 'merge' of the vaults.

    At the ends this will involve just a couple of settings:

    • the company has an option to allow or deny the feature
    • the user is able to activate it

    This will not require the change of the master password of the second vault.

    I really miss this one.

  • Thanks so much for the feedback @AndreaBarghigiani

  • JoshRouthier
    JoshRouthier
    Community Member

    I would agree with @AndreaBarghigiani suggestions of:

    • the company has an option to allow or deny the feature
    • the user is able to activate it

    This is the one feature in 1P8 that I know our users are going to hate, hate, hate, and anything to lessen the blow of the major upgrade will be a win in my book.

  • Hi @JoshRouthier:

    Thanks for your feedback on this. As Dave mentioned above, for the time being, the best recommendation would be to use the same account password for all of their accounts. In this case, it's different than reusing a password for a traditional authentication based login system, as discussed here.

    Jack

  • Teju
    Teju
    Community Member

    Hi,

    Please consider letting users make the decision to set a primary account that unlocks other accounts.

    I had to delete 1Password8 and re-install 1Password7 because of how frustrating I find the process to unlock multiple accounts.

  • AnthonyE
    AnthonyE
    Community Member

    I agree with the comments and suggestions from @AndreaBarghigiani and @Teju. I have several 1Password accounts and am required every time I open 1 P to enter the master password for each (in order to access all my logins anyway). I do have a Mac with TouchID, though most of the time I am at a monitor and the Mac is in clamshell, so using TouchID is not possible.

  • Hi @Teju and @AnthonyE,

    Our recommendation to unlock multiple accounts simultaneously is to use the same account password for them. Let me know how that works for you or if you have any questions. 🙂

  • voxmatt
    voxmatt
    Community Member

    Hi all, this functionality is ... brutal. I would also like the ability to have the master vault unlock all (I understand that the proposed solution is to use the same account password, which is kind of concerningly entertaining that the party-line from a company designed to eliminate password re-use proposes... password re-use, but whatever).

    TouchID helps. But I still need to enter a password every 2 weeks and then, inevitably, I end up in the state where 1 vault is unlocked and 1 is locked (terrrrrible).

    Can we at least have the option to — whenever a password unlock is required — to prompt for all vaults. There should at least be a warning that you only unlocked 1 of ___ vaults.

    To restate, my preference would be:
    1. Use ahem one password to unlock all vaults
    2. When a password is required, have a prompt to enter the password for each vault
    ....
    345. Use the same password for all vaults

  • Peter Agocs
    Peter Agocs
    Community Member

    I upgraded 1pw8 just now and faced this issue this morning.

    I have 3 accounts currently with no touchID support on my desktop. So I would like to know which UX designer think it could be a good idea to force typing strong passwords (I am using 42 char long random generated) for every account ( 3 in my case ) more times a day????

    Using same password for different account for an online security product? Is this really a great suggestion?

    I am customer since 2006 so I can say this is the worst UX design failure what you did.

    I personally reverted back to 1pw7 until this will fix or I do not upgrade my desktop machine (not planned yet).

  • pinecone
    pinecone
    Community Member

    @andrew.l_1P I am flabbergasted that a representative of a company that bases their existence on password security would recommend reusing the same password for multiple accounts/vaults. Wow.

    I can only assume that 1PW is so caught up in trying to undo the damage they have done to the product that they are losing sight of the basic principles of password security. This does not give me any confidence in your company or products.

  • Hi @voxmatt, @Peter Agocs, and @pinecone,

    Thanks for your feedback. I understand your concerns and acknowledge that this instance is an exception to our usual recommendation to avoid reusing passwords. To be clear, we do not recommend using your 1Password account password for anything besides other 1Password accounts you own.

    If you haven't already, I encourage you to explore the thread Jack linked above, this post in particular is a good summary but I think the thread in its entirety will address a lot of the point you've surfaced here.

    Let me know if you find anything you'd like to discuss further. 🙂

  • Peter Agocs
    Peter Agocs
    Community Member

    I understand what @Roustem said but I am personally not comfortable to use same password on a private and an another corporate account. For me the HW key support idea could be perfect solution.

    vote++;

  • Thanks for your reply, @Peter Agocs. I can definitely see how a hardware solution could be a good alternative and have recorded your feedback. 👍🏻

    ref: IDEA-I-853

  • voxmatt
    voxmatt
    Community Member

    (this won't solve some of the anger in this thread, but...) I'd still press that even inside the current constraints of the system, you should make it very clear to the user that not all vaults are unlocked. It completely breaks the product (for me) to have my work locked and personal unlocked (or vice versa).

    Again, this still sucks, but at least I wouldn't unwittingly end up in a broken state.

  • nickjbedford
    nickjbedford
    Community Member

    I posted here too for my input: https://1password.community/discussion/comment/659797/#Comment_659797

    I'd like to also add my dissatisfaction with the unlocking situation in 1Password 8. Advising people to use the same password for personal and work accounts is terrible advice. I'm a software/web developer and understand the ins and outs of secure coding, encryption and passwords.

    Not everyone has Touch ID to enable multi-unlock, and no one should ever use the same master password for multiple accounts. This violates everything 1Password stands for. But having a regression in user experience like this and not listening to the feedback, claiming that you know better, is really disappointing. This helpful time-saving feature existed in several previous versions of the software.

    At least you could provide it as an opt-in setting to allow one account (designated by the user) to unlock the others.

    It's quite easy to implement as far as I'm concerned. One primary account password encrypts the passwords to the secondary accounts, and auto-unlocks them when you provide the primary password.

  • rhukster
    rhukster
    Community Member

    I'm with you @nickjbedford ! This current situation is a huge pain for those of us having to deal with multiple vaults. I'm sick and tired of constantly having to log into 4 vaults each having their own unique and secure password. Changing them all to a single password is not an acceptable solution as they are not all owned by me. Also that's a terrible solution no matter the situation, 1Password 8 really seems like 1 step forward and 2 steps back to me. I hope that the 1PW team can see that there should at least be a configuration option to revert to the prior behavior of having a master account that can unlock all vaults automatically.

  • zachMade
    zachMade
    Community Member

    I would also like to voice my dissatisfaction with this change. Having a user toggle enabling multi-account sign-in by unlocking just one of the accounts already on a device is preferable to changing the Master Password for all the accounts to just be the same. And no, TouchID is not a solution.

  • donkihote
    donkihote
    Community Member

    I am also planning on reverting back to 1Password 7 because of this change in functionality. It's super frustrating, and the suggested workarounds are not for me.

  • deviantintegral
    deviantintegral
    Community Member

    This is still an issue with the current releases.

    We get support requests from our team because there's no indication that their work vault is still locked in the autofill UI. As well, it's not clear in the app that setting the same vault password would change this behaviour. Are there any updates on this?

  • cssmith07
    cssmith07
    Community Member

    I would like to add my ****HUGE ****dissatisfaction around this removed functionality to 1PW8. I discovered this LOSS when I upgrade 1 of my PCs to Version 8. And since then, I am NOT upgrading any other computers, nor iphone apps to Version 8 due to this fact. I am keeping my Version 7 until it is added back. Forcing users to use the same password on multiple accounts completely violates the entire purpose and strength of 1PW (independent of your strong architecture). It adds risks period!

    1PSWD has been built on LISTENING to your user base. Don't loose focus on that! PLEASE provide an update on WHEN this functionality will be restored....

This discussion has been closed.