I want to back-up my password database

Lars Townsend

I have 2 vaults.

I know where the main vault is located, I just want to make sure that my second vault is backed up. Also is there any way to make it so that I need a password to enter the second vault (and that it has a different password than the "primary" vault.

Also is there any way to set up 2 factor authentication. Especially to get into the second Vault.

littlebobbytables

Hi @Lars Townsend‌

So you have a couple of questions in there.

1. The backups 1Password creates cover all vaults. Here's an example of one of mine 1Password 2014-11-20 15_52_23 (3 profiles, 305 items, 4 folders, 14 attachments).1p4_zip The profiles refers to vaults and the items, folders and attachments are the totals over all those vaults. So any secondary vaults are backed up automatically.
2. On the Mac there isn't a way to require a secondary vault's password if the primary vault has been unlocked. With your vaults locked you can enter just the password for the secondary vault and only have access to that but there isn't a way to allow access to just the primary vault at the moment. It has been requested but I don't know what the future will hold.
3. Any secondary vault will use the password it is created with. For example, if you sync both your primary and secondary vault with Dropbox each can only be unlocked and synced with if you know its particular password. You won't be requested to re-enter it repeated though under most normal circumstances.
4. Regarding your question on two factor authentication. I feel Mr Goldberg is much better than I to explain this. I'm sure there is a better page but for now here's a link to a blog post of his on 1Password users should wait a bit before trying Dropbox’s two-step verification. The important bit is quoted below.

A note on multi-step authentication and 1Password

>

Multistep authentication has clear and obvious security benefits. So it is more than natural for people to ask why 1Password doesn’t employ it. I’m planning to write a more detailed explanation of our developing thoughts on that, but I would like to take this opportunity to discuss the difference between authentication and decryption.

>

When you connect to some service, like Dropbox, you or your system has to prove that it really has the rights to log in as you. That process is called “authentication”. It is the process of proving to the Dropbox servers in this case that you are really you. You can do this through a username and password; you can do this through a username, password, and code sent to your phone; you can do this by having a particular “token” stored on your computer. Authentication always involves (at least) two parties talking to each other. One party (the client) is under your control; the other (the server) is under someone else’s control.

>

1Password, however, involves the 1Password application (under your control) talking to your 1Password data (under your control) on your local disk (again, under your control). This is not an authentication process. So 1Password doesn’t even do one-step authentication. It does no authentication at all. 1Password doesn’t gain its security through an authentication process. Instead the security is through encryption. Your data on your disk is encrypted. To decrypt it you need your 1Password master password.

>

There are great advantages to this design: Your data and your decryption of it doesn’t require our participation in any way once you have 1Password. But one disadvantage is that the kinds of techniques used for multi-step authentication are entirely inapplicable to 1Password. Those techniques are designed to add requirements to an authentication process, but unlocking your 1Password data is not an authentication process at all. Because there is no 1Password server, there are no (additional) steps we can insist on as part of a (non-existent) login process.

>

There are approaches that we could take which would approximate the effect of multi-step authentication for what is actually a decryption process. But I will save discussion of those for another day.

>
If that doesn't help clear up secondary vaults please do post back here and we'll do what we can to explain in more depth.