Multiple Vaults: Do not unlock all at once?

jwvdm
jwvdm
Community Member

Hi all,

I just upgraded to 1Password 4 in order to be able to use multiple vaults. For me, the main reason to use this feature is that I'd rather not have a primary vault unlocked all the time, if this vault contains sensitive information, such as bank login details and my credit card info. I realize that someone would have to snatch my laptop (while it is open), which is obviously an unlikely scenario. However this is a low probability high-risk type trade-off for me (given my banking login details, it is possible to empty out my account, for example).

For this reason I would like to use a setup where I have a general purpose vault, for low-security unimportant stuff, a medium-security vault, for things like e-mail passwords, and a high-security vault, which holds things like my credit card info, SSN, passport info, banking logins, etc.

I just finished splitting up my login details over 3 vaults. When creating each vault, I used my original master password (to make sure I would not forget it, thinking I could always change it later). Unfortunately I am am now finding the master password unlocks all 3.

I can see how this is a desirable behavior for some users, but naturally this entirely defeats the purpose of having 3 tiers of security. I've tried changing the master password after selecting one of the secondary vaults, but I receive a message

"Cannot change master password when a secondary vault is active. Please switch to a primary vault."

Is there any way I can set up multiple vaults in such a manner that avoids un-locking all at once?

Many thanks!

Comments

  • fabianfabian
    fabianfabian
    Community Member

    I also created a second vault to store more sensitive data.

    I'm worried about having all my password in 1 vault. I type my master password in several times a day, if my system is infected with malware or key logger I would be screwed. When I heard about multiple vaults I thought this would be a perfect solution, I don't need to unlock the second vault as much so the risk is much lower.

    Unfortunately this is not how 1Password works, as I found out today, unlocking the primary vault unlocks all vaults, I was surprised by this and I think this behavior should be made more clear when making additional vaults.

    I hope AgileBits can add a feature to not unlock all vaults in a future version.

  • Megan
    Megan
    1Password Alumni

    Hi @jwvdm and @fabianfabian,

    I would like to apologize for the delay in responding to you here but we have been a bit overwhelmed since the launch of 1Password 4 for Mac. We're all working hard and putting in extra hours to get back to our usual snappy responses and we really appreciate your patience.

    The Master Password of your primary vault will unlock all your secondary vaults. This was done to prevent you from having to remember multiple Master Passwords. However, if you would like to unlock a secondary vault (while leaving the primary vault locked) you can switch to it prior to unlocking by selecting 1Password > Switch to Vault.

    I've tried changing the master password after selecting one of the secondary vaults, but I receive a message

    Unfortunately, it is not currently possible to change the details of a secondary vault after it has been created. This is something that our developers would certainly like to improve in the future. If you are keen to change the details of an existing vault, we have a support article on how to Edit a vault's details the 'hard' way.

    I hope this helps to answer your questions, but please let me know if I can be of further assistance!

  • jwvdm
    jwvdm
    Community Member

    Many thanks for the response Megan!

    I had not realized one can switch vaults before unlocking. I now notice you can switch vaults by clicking on the lock in the browser plugin, but initially failed to discover this feature as does not work it does not work in the main GUI for some reason. I also think it might provide useful visual feedback if the lock display where to change color when a different vault is selected.

    Unfortunately, this feature is not quite what is needed in this particular case. One could of course set up the system so that the primary vault is the highest security vault, but this seems a bit of a kludge, and is inconvenient as one would always have to remember to select a lower security vault before unlocking.

    I do understand your design trade-offs of course. It seems reasonable that many users may find it inconvenient to have to remember and type multiple passwords for each vault. However, I do think there are many instances where this behavior is precisely desirable. For instance, there is the case where you have a shared household computer, and you may want to give access to the netflix account to your children, without also giving them your credit card and banking information.

    Is there any chance that unlocking all vaults with the primary password could be made optional?

  • Megan
    Megan
    1Password Alumni

    Hi @jwvdm,

    Thanks for the feedback on multiple vaults. This is one of our biggest new features, and believe me when I say that this is just the tip of the iceberg when it comes to what we'd like to do with this feature, and we're listening to all user suggestions when we design the future of multiple vaults.

    I now notice you can switch vaults by clicking on the lock in the browser plugin, but initially failed to discover this feature as does not work it does not work in the main GUI for some reason.

    You're not the only one who has found this to be less-than-intuitive. We'll see what we can do to make this more user-friendly in the future.

    I also think it might provide useful visual feedback if the lock display where to change colour when a different vault is selected.

    The vault's colour can be set during the vault creation process - you can even add a photo for even more customization options! Using the instructions above to 'edit a vault the hard way' will give you access to those options again.

    For instance, there is the case where you have a shared household computer, and you may want to give access to the netflix account to your children, without also giving them your credit card and banking information.

    Don't worry, we certainly aren't suggesting the little ones should have access to your credit card! But If I'm understanding the situation correctly, a family secondary vault might be a reasonable solution here: simply give the family the password for the secondary vault, and then they will not have access to your other vaults. It does require that you set the lock settings on 1Password so that it will lock quickly when the computer becomes inactive, and the secondary vault users will have to use 1Password > Switch to Vault > "Family" to activate that particular vault. It's an extra step for them, but on a shared computer, this is probably the way to go.

    Is there any chance that unlocking all vaults with the primary password could be made optional?

    I will certainly pass this feedback along to our developers, but I can't make any promises here. As I mentioned above, this decision was made to make life easier for the primary user (that would be you!): you hand out the passwords to the secondary vaults, but keep the 'master' keys to yourself. However, we never say never ... anything is possible in future versions!

    Thanks again for your suggestions here, if I can be of any further help, don't hesitate to ask :)

This discussion has been closed.