v8 missing quick multi vault login

cmde2022
cmde2022
Community Member

With 1Password 7 I could login into both vaults, private and work at once by typing either password in the prompt. On 1P 8 I need to actually open the app window, click on the other account and enter the other password. It is super annoying. There should be a quick way to do this from the new quick-access window (cmd shift space).


1Password Version: 8
Extension Version: Not Provided
OS Version: macOS 12

Comments

  • esquared
    esquared
    Community Member

    I too had this issue on first use of 1Password 8, but after I locked 1P, and then unlocked both accounts again, then at least the fingerprint ID would work.

    However, I see some changes in behavior that are frustrating still:
    - will have to login to all accounts every 2 weeks ("for security")
    - if I login with password for one account, there's no non-password way (e.g. fingerprint) to login to the other until 1P is locked again
    - there is no keyboard shortcut option to select "login to all via fingerprint" on the login screen

    On the other hand, I can see why 1Password 8 moved to this model - in the previous model, any account password would allow access to ALL accounts.

    Would be really nice if the 1P dev/design team could weigh in on this change in behavior.

  • Hi @cmde2022 / @esquared:

    Generally speaking, we'd recommend using the same account password for all of the 1Password accounts you may have. Using biometry like Touch ID or Windows Hello will unlock accounts that have been unlocked with their account password. For example, if you have 3 accounts, all with different account passwords, and then unlock the 1Password app with the first account password, from that point on, Touch ID will be able to unlock that account. Once you unlock your second and third accounts, then Touch ID will be able to unlock all three accounts. Until the account has been unlocked with its account password at least once, there isn't any way of using biometry to unlock an account.

    Jack

  • esquared
    esquared
    Community Member

    @Jack.P_1P - I get the rationale for requiring the master password for each account, and I'm not against that. However, the UX around that could use a little help if this is the direction you intend to keep. In particular, it would be exceedingly helpful if we could unlock each account serially with the appropriate password, BEFORE being given a view of any passwords. Instead, after I enter one account's password, I get to view only those passwords, and have to manually unlock each subsequent account. If I'm not paying attention, I forget that I've only unlocked one account.

  • cmde2022
    cmde2022
    Community Member

    @Jack.P_1P what @esquared describes is exactly what I am hoping for. If not this, a quick keyboard shortcut like cmd+alt+a or so to sequentially prompt all vaults that are still locked would be useful.

  • esquared
    esquared
    Community Member

    ... and if I may add what I forgot to say yesterday: I think, as does my company in written policy, that using the same password for multiple accounts is a bad security posture. In fact, that's pretty much the mantra of your own product. So, to suggest that we use the same master password for multiple accounts seems ill-advised and hypocritical.

    Again, I'm not opposed to requiring that I enter each (distinct) master password for each account, but let's get the UI to help us out here instead of making it painful and error-prone.

  • Hi @esquared / @cmde2022:

    You're exactly right that generally speaking, password reuse is bad, this is okay for a 1Password account. 1Password accounts are also protected by your Secret Key (as well as the fact that not even a hashed version of your account password ever leaves your device). Discovery of your account password, while definitely less than ideal, wouldn't necessarily provide someone access to your 1Password data. They would either need one of your devices, or your Secret Key as well.

    While I can't promise anything, I've shared your thoughts about some sort of "login chaining" functionality with the team.

    Jack

    ref: IDEA-I-866

  • esquared
    esquared
    Community Member

    @Jack.P_1P - I'm sure I'm "tilting at windmills" here, and I'm digressing from the main point of this topic, but I find the logic you employed seriously flawed. Yes, there are three pieces of information that are needed to do a fresh login into a 1Password account: email address, secret key, and account password. Certainly one can claim that the email address is one's "user name", and thus not expected to be privileged or secret information. But to claim that the secret key is somehow akin to a password is, in my opinion, simply false. The secret key is recoverable in clear text from either an existing login or from a recovery kit. Moreover, the secret key is embedded into a PDF that one can download, and even in the macOS keyring (for a period of time). Therefore, it's in clear text in some electronic form on a local system that does not require 1Password to decrypt.

    That is in clear contrast to the actual account password, which as you note never leaves one's computer in a non-hashed form - Ignoring the fact that I don't recall the exact hash algorithm, and assuming it's not a reversible or collision-likely hash, this is the only real secret piece of information that we as account holders have that nobody else can recover, unless they are in our heads.

    Consider the following scenario, which is actually exactly the scenario in which I work: I have both a business- and a family-account. I have to, for security reasons too detailed to enumerate, ensure that ALL accounts I use have distinct passwords. This is not an option for me. Moreover, since my recovery kit for my family account is in my safe deposit box, and the similar recovery kit is in an envelope in our business safe for my business partner to recover, either can, in the event of an unfortunate accident, get access as needed to the various accounts I have. This is a good thing. Now consider that my business partner also will have access to my computer (again, by means and requirements too detailed for this forum). He thus has access to my secret key for BOTH accounts, again in clear text, recoverable from the keyring or other means. If I were to have the same account password for BOTH accounts, my business partner would have access to my personal/family accounts as well. Now, I really do trust my business partner, but that's orthogonal. One can easily extrapolate a scenario in which someone nefarious gains access to one of the two accounts - they now have access to both. In that way, the logic of using a shared password for both accounts falls down, and hard.

    I've seen and been referred to the lengthy comment by @jpgoldberg, and I understand and agree with his logic. However, the following comments that mimic your own also actively encourage people to use the same account password for multiple accounts. I really think this not only sends a bad message to more naive users, but, give my logic and example scenario above, is actually a bad idea. This is especially for a security-focused company and application such as yourselves.

    I repeat: I totally agree with @jpgoldberg's comments and the change as was made that now requires each account password to unlock. I'm only asking that the tool reduce the friction involved in maintaining multiple accounts with separate passwords is critical, not only for people like me who don't and can't use the same password for both accounts, but also because you aught not be promoting the reuse of passwords, anywhere, period.

  • BobW
    BobW
    Community Member

    Agree with @esquared. I'm fine with the new model of requiring each account be unlocked by password. And I can live with keeping open the loophole of letting people skip part of that requirement through biometric auth by aligning the passwords.

    But I also agree that actually promoting that loophole is a terrible practice since it directly contradicts the advice of every security expert out there (including you guys), and having been the one to do security training at my company, I'd certainly not be keen to try to explain to my typical users that they should follow that advice "except in this one case" - they won't understand why, and they'll much more readily justify future "sensible exclusions" on their own, thus creating other security issues. It further creates issues for the company because you don't know who else has those personal passwords (spouses, lawyers, etc.) that could someday get access to sensitive company data. That can happen anywhere if the employee does it on their own, but for the company to suggest it is very, very problematic.

    In summary, permitting a shared password is fine, especially since they're separate accounts. But promoting a shared password is a terrible idea. In security, you either do something or you don't. And for good reason, as this approach is problematic for both companies and users.

    As has been pointed out, the security model here isn't the problem, it's the UX. It's horrible. I've been using v8 heavily since early in the beta cycle, and still, almost every time, I end up trying to auto-fill a login and get confused when it fails, only to realize I haven't unlocked one of my accounts. I then have to launch/switch to the app and do the unlock dance.

    Maybe on the login screen where you show the icons for the accounts, maybe let us check which ones (or all) we want to unlock and you can then prompt us in succession? And maybe also, if we skip doing it at that point, have some sort of reminder in the auto-fill UIs to let us know there are additional accounts that are locked, so that we're not scratching our heads for a few seconds trying to figure out why a login isn't included in the list of options. Heck, maybe the additional locked accounts could be listed with the item results to allow quick selection and unlocking right there.

This discussion has been closed.