1Password 5.1 multiple vaults sharing same password?
I'm new-ish to 1Password and I'm a little confused how multiple vaults works.
I have a primary vault and a secondary vault. Both vaults have different master passwords.
In my primary vault, I store all my passwords. In my secondary vault I store backup keys. The idea is that if someone ever accessed my primary vault and got my Google password; that same hacker wouldn't be able to access my secondary vault where the 2nd factor backup code exists. Apple, Dropbox, Google, etc all give you a backup key when you enable 2 factor.
However, I discovered today that switching to my secondary vault doesn't require a password. How do I get 1password to prompt me each time I'm switching vaults. Also.. did the secondary vault get re-encrypted with my primary key's vault? I'm really confused how this is working, and wondering if I need a different and more secure solution.
Comments
-
Hi @ebcsilmack,
When we introduced secondary vaults in 1Password for Mac it was designed in such a way that you still only needed one password to access everything. The primary motivation was the ability to share a selection of passwords without giving away access to the entire vault. As the goal wasn't completely isolated vaults the decision was to store the encryption keys for your secondary vault inside the encrypted sqlite database file that locally represents all of your vaults. So your secondary vault hasn't been re-encrypted with the encryption keys for your primary vault but they are stored in the same file.
So if your goal is two completely separate vaults in a single user account, then at the moment 1Password for Mac isn't a single solution that will meet your needs.
Do you own an iOS device that you also use 1Password on? You could use 1Password for Mac to create a secondary vault on your iOS device that your Mac doesn't access after the initial creation. That way your vault would be stored only on your iOS device but like the Mac it would be accessible if you unlock the primary. It might be 1Password just doesn't match your particular needs at the moment. Let us know what you think.
0 -
@littlebobbytables thanks for the info
I'm thinking the best solution might be to use a second service to segregate this data. If there's a way to submit a feature request, I would love the option to have to re-enter my password for each vault.
Thanks again and love the username!
0 -
Hi @ebcsilmack,
I've added your vote to the existing request (you're not alone).
I think I confuse some people with the username but I don't think I could give it up now (and xkcd is brilliant!) :lol:
ref: OPM-2227
0
