Browser extension does not prompt for unlock when using multiple accounts

flozza
flozza
Community Member
edited July 4 in 1Password in the Browser

The 1Password browser extension will not prompt to unlock an account/vault if there are multiple accounts connected and one has already been unlocked.

I use two accounts, on two separate browsers. Each browser is configured to only show results from one of the two accounts. Both connect to the 1Password Mac Desktop app.

So:

  • Firefox -> 1Password extension configured to only show vaults in account "Personal"
  • Chrome -> 1Password extension configured to only show vaults in account "Work"
  • Desktop running 1Password app, signed into both accounts. The accounts have different passwords.

Today, I got prompted to enter my password again after 2 weeks. This happened while in Firefox, so on the "Personal" profile, so I entered my personal password, the vault unlocked and everything was great.

Then, on Chrome, 1Password reported being unlocked, but had no entries to auto-fill. I went into the desktop app, manually selected the "Work" vault (which had a lock next to it in the list), entered my work password and then everything was unlocked again and auto-fill worked.

Ideally, 1Password would only prompt for the personal password from Firefox and then for the work password from Chrome since it can infer from my extension settings which accounts are selected for auto-fill, so why unlock or even consider the other vaults?

Less ideal, but still better: Prompt for all passwords to unlock all vaults.

1Password Version: 8.10.34 (81034040)
Extension Version: 2.25.1
OS Version: macOS Sonoma 14.5
Browser: Chrome & Firefox

Comments

  • david.m_1P
    david.m_1P

    Hi @flozza,

    Thanks for reaching out and sharing this feedback! I've passed it along to our Product team for further consideration and I apologize for any confusion caused by the current unlock process when you're prompted to enter your password again.

    Let me know if there's anything else I can help with!

    -David

    ref: PB-40803516

  • flozza
    flozza
    Community Member

    Hi David,

    Thanks for passing on the feedback :)

    Cheers,
    flozza

  • david.m_1P
    david.m_1P

    @flozza

    You're most welcome! Let me know if I can help you with anything else! 🙂

    -David

  • Roukanken
    Roukanken
    Community Member
    edited July 10

    Ideally, there would also be some shortcut to unlock other accounts, even if it's from one browser.

    I have 2 accounts on my 1password, a Business one paid by my employer, and one Family account that was created from this one, so this should be a fairly common setup as they are included together. My setup is to use a reasonable subset of vaults from both accounts, as I need to log in to some of my personal accounts even at work, from the same browser.

    But whenever one of the accounts gets locked and needs the master password, I have to do the same process as was described above: go to desktop app, change my vaults to one account only, to trigger password prompt, unlock it, not to forget to change the vaults back to my preferred ones, then go back to browser and autofill.

    A decent solution would be to put an "unlock account" option near password fields (in autofill as last option? Another button near the "open autofill one"?) if an account is locked, which would just trigger the default password login screen for filling a master password and unlocking another account (of course, not a biometrics or OS login one)

    Note that this issue also goes deeper, as this wouldn't fix passkeys, or desktop fill-ins, which would too require this. Notably passkeys, as they would instead propagate to OS sign in for hardware keys, if no passkey is found in 1pw (because it's in a locked vault)

  • Dave_1P
    Dave_1P

    @flozza and @Roukanken

    I'm sorry for the frustration. The best way to make sure that all accounts are unlocked, and available for saving and filling in the browser, is to use the same account password for all accounts: How to use multiple accounts

    Once both accounts are using the same account password, they'll unlock at the same time. Your account password never leaves your device and each account still has a unique Secret Key.

    Let me know if that improves the situation for you. 🙂

    -Dave

  • gerhard498
    gerhard498
    Community Member

    @Dave_1P

    use the same account password for all accounts

    How does this relate to the best practice to never reuse a password?

  • Dave_1P
    Dave_1P
    edited September 5

    @gerhard498

    It's true that you should never reuse passwords across other services and you definitely shouldn't use a password that you use for something else as your account password for 1Password.

    The reason why you can use the same account password for all of your 1Password accounts is because 1Password isn't vulnerable to the sorts of login attacks that other services are. Unlike most other services, we don't store your account password on our server and it is not transmitted to us. Rather your account password is combined with your Secret Key, and each account has a unique Secret Key, and then processed using a derivation function to create the keys that authenticate your account and decrypt your data.

    Beyond technologies such as Secure Remote Password, each 1Password account continues to be protected by its own unique Secret Key even when you use the same account password for all of your accounts. An attacker would need both your account password and the unique Secret Key for a given account in order to access that account:

    image

    Other services just use a single user generated password for authentication/encryption, 1Password uses a dual-key system that includes a unique 34-character and 128-bit Secret Key to protect each of your accounts.

    -Dave