PLEASE let me have 1Password not prompt for master passwords
This is sort of rather ridiculously circuitously contradictory behavior. :)
Make your mater password very long and difficult, store it in a safe place, it protects everything else.
Store all your passwords in 1Password, and don't write them down.
But now that you are prompting for master passwords, and I am part of several vaults, I have to write them down so I can remember them when I have to unlock it.
Using Version 7 I never had to re-unlock the vaults, they just stayed unlocked. Since upgrading to Version 8 on the Mac (huge mistake in my opinion, looking to see if I can revert), I keep getting prompted to unlock all the vaults.
Not to mention all the other lost functionality, like being able to do a quick "generate password" from the pop-up, etc.. But those are for other topics.
1Password Version: 8
Extension Version: Not Provided
OS Version: macOS 12.5.1
Browser:_ Not Provided
Comments
-
Hi @n9yty:
Thanks for your feedback. The short version is we weigh changes like this with our customers' best interest in minds. We made this change directly in response to a trend that we were seeing: there was a need to balance convenience with the reality that if we extend the limit too long, some customers will be unable to remember their passwords and they'll eventually be locked out out of their 1Password account. Specifically, there were a significant number of users writing to us reporting that they could no longer unlock 1Password with biometrics and had forgotten their account password. This happened for a variety of reasons, like restarting their device, updating their operating system, as well as others.
Once someone is locked out, there is nothing we can do to help them regain access to their account. Given this, we must make every effort to help users remember their passwords. With that said, we're having an internal discussion about alternative ways to meet the needs of our users, both in making sure they don't forget their account password, while also keeping it as unobtrusive as possible.
In the meantime, what I recommend is choosing a password that is strong, yet not too difficult to type on a mobile device, as well as using that same password for each 1Password account you have. Using the "memorable password" option from our password generator is a great start.
Jack
0 -
What I recommend is going back to letting the USER WHO IS PAYING FOR THE SERVICE use it the way that makes sense to them!! You make it very clear when creating the vault to store a secure copy of the recovery sheet. Your social nanny position is rediculous, and in fact makes the software unusable. Your advice is to use a weaker password. Brilliant. The one that locks ALL MY PASSWORDS has to be something trivial that I can remember and easily type. What a stellar suggestion.
I have reverted to 1Password 7 and will continue to use that until it absolutely no longer works or you fix this issue by reverting to the old behavior. I have more than half a brain and don't need you to sit behind my shoulder telling me how to manage my information. If I lose it, that is my problem, isn't it? You told me that up front, let me live with that. If you want to leave the forever pestering nanny prompts, give people that option, but don't force it on everyone.
0 -
Oh, and another of your brilliant suggestions... The point of 1 Password is to NEVER USE THE SAME PASSWORD TWICE, yet you are telling me to lock my family and work accounts with the SAME PASSWORD? Insane.
0 -
Hi @n9yty,
Thanks for your feedback on the topic, I can absolutely understand wanting more control over how you use 1Password. I've shared your thoughts in the internal discussion Jack mentioned, and appreciate your insight about the end-user's responsibility to maintain access to their account.
Your reaction to the suggestion of reusing passwords is also understandable and you're correct that it isn't our usual advice. To be clear, we do not recommend reusing passwords anywhere else and acknowledge that this instance is an exception to what we typically suggest. That said, 1Password handles passwords differently than most services. Here's a quote from one of our founders while discussing the topic in another thread:
Using the same password everywhere seems to be go against the premise of 1Password - always use unique passwords. However, in this case, it is completely safe and we recommend it. Most of the websites either store your password or a hash of it.
1Password doesn't do that. When you type the password, it is combined with the Secret Key and then processed through the derivation function to create both encryption and authentication keys. This is a one-way operation, there is no way to obtain your account password from the authentication key.
The password never leaves you device. You can use the same account password everywhere and be 100% sure that it is safe.
You can also find a more contextual and technical explanation in the same thread: Two accounts - now needs two different passwords every time you login? — 1Password Support Community
I hope these resources will help make sense of this feature, rest assured that your privacy and security are always our top priority. Let me know if you have any questions and thanks again for sharing your feedback.
ref: IDEA-I-1543
0 -
It doesn’t change anything, actually, and no amount of double talk will change the fact that if somehow that one password gets compromised somehow that the person world have access to all vaults. I don’t care about web site hashing/etc, I am talking about one password blocking one account and one account only, not giving access to both work and personal account information. It is also policy at most work locations (I am in IT and I actually make this a policy) that you can not refuse your work account password in any other location and this would be no exception. Any password that protects your work information can not be used in any other service.
0 -
Thank you for the reply. Someone would need to have both your account password and your Secret Key to access your 1Password account. Even if all of your 1Password accounts use the same password each account will still have a unique Secret Key: About your Secret Key
-Dave
0
