Unlocking Primary Vault Unlocks all Secondary Vaults [Works as Designed]

pauLee
pauLee
Community Member
edited July 2014 in Mac

I have two different 1PW vaults. One for private use only and one for business cases. Both vaults are secured with different passwords.

If I unlock my private vault I can also access my business vault without entering my password. I only need to switch to the other vault. THIS IS NO SECURITY!

On 1PW for windows I always have to enter my different passwords when switching from one vault to the other. This is how it should work!

Why does 1PW for mac handle more than one vault in such a lazy way?

Comments

  • Megan
    Megan
    1Password Alumni

    Hi @pauLee,

    I sincerely apologize for the confusion here. I'd be happy to explain how multiple vaults works in 1Password 4 for Mac.

    1Password's new multiple vault feature was designed so that you still only have to remember one password, no matter how many vaults you create. Your primary vault holds the encryption keys for all of your secondary vaults. This means that unlocking your primary vault will give you quick and easy access to all of your data, regardless of which vault it is stored in.

    However, you still can unlock a secondary vault on its own. In the main app, use 1Password > Switch Vault menu. (In the 1Password mini, click on the lock image on the lock screen to select the secondary vault.) Please note that when you unlock the secondary vault alone, all other vaults will remain locked. You won't be able to copy items between vaults, and you will need to enter your Master Password to view another vault.

  • pauLee
    pauLee
    Community Member

    Why is the concept how multiple vaults work on 1PW for Mac different to the windows version?

    I don´t like the way the Mac version goes, I think the windows solution is much better. It should be an option in the preferences that you can unlock a secondary vault with the password from the primary vault.

    For me the situation with the mac version is like having two cars and I can unlock my second car with the key from my first car but not vice versa - it does not make any sense!

    We should not forget what´s the aim of 1PW. It´s a tool to secure informations in secure vaults. Each vault should only be opened with one key.

    I hope that we will see some changes in the behavior in a future version!!!

  • Megan
    Megan
    1Password Alumni
    edited September 2014

    Hi @pauLee,

    Thanks so much for providing this feedback here. I can't comment much on our future plans, but I certainly don't blame you for being a bit confused by the different handling of multiple vaults between the platforms.

    Part of the reason multiple vaults on Mac were designed this way was to avoid forcing users to remember multiple Master Passwords. We want users to choose a secure Master Password, and asking them to remember 2 or 3 or more of these secure passwords could get complicated, and we do want to keep things as simple as possible here - passwords are enough of a hassle these days! Personally, I love being able to share bits of my data with all the various groups that I need to (one vault for work, one vault for family data) and being able to access all of that data with just one password.

    We have been encouraging users to keep their personal, most sensitive data stored in their primary vaults, locked behind that nice secure Master Password. Any shared data can be stored in secondary vaults. If a secondary user wants direct access to a secondary vault on your computer, they can use 1Password > Switch to Vault (Or Command-# - you'll see the shortcut keys listed in the same menu) when 1Password is locked. The same idea works if you wanted to access your lower security Logins in the secondary vault without exposing the more sensitive data in the primary vault.

    I hope this helps to explain our decision a bit more, and give you some options for organizing your data. Of course, if you have any further questions or concerns, we're here to help!

    ref: OPM-2227

This discussion has been closed.