Vault switching: Master Password required [individual vaults are completely separate on Windows]

Urda

I just started using a second vault (setting one up for my parents). On iOS and OS X I can just switch between vaults, but on my Windows PC at home I'm always prompted to key in the master password for each one. Is this the expected behavior, and if so is Windows on track to ever not do this?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

AGAlumB

@Urda: Good catch! Indeed, that is expected behaviour. 1Password for Mac and Windows are different in this regard. I'll explain (perhaps in more detail than you're looking for, but still...) ;)

On OS X, the primary vault is effectively a 'parent' to secondary 'child' vaults — i.e. you only unlock the primary to access all of them. On Windows, there is no notion of primary and secondary vaults; rather, only a single vault is in use at any given time, and of course you'll need to enter your Master Password in order for 1Password to decrypt the data so you can access another vault when you switch to it.

A vault in 1Password for Windows are simply an .agilekeychain on disk which is read and written to; whereas 1Password for Mac keeps an internal monolithic database with all 'mounted' vaults (which is why you can unlock them all at once), and only ever writes data to a separate .agilekeychain for purposes of syncing.

As you can see, there are pros and cons to both approaches, and what these are will vary depending on how you use 1Password. We have folks on both sides who prefer one system over the other, both within AgileBits and our customer base, which is part of the reason why we haven't 'settled' on a one-size-fits-all approach across the board.

Multiple vaults was new to 1Password 4 for Mac, and that was the solution we came up with at the time, as there was no precedent otherwise. 1Password for Windows, on the other hand, has always allowed you to load different vaults, so it is simply using the existing method that it always has, which many of our customers are accustomed to. For those that want completely discrete vaults that unlock separately, this is ideal; but in other cases where ease of use is favoured (such as your case, since it's your parents' data and not that of a business) faster switching is preferred.

All of this is to say that we would like to add greater flexibility to vault management in the future, on all platforms, and bring them more in line with each other; but currently there isn't a clear 'winner', so we'll wait until we can come up with a solution that can satisfy the majority. I'm sorry that this is a bit of a hassle for you in your current situation in the mean time, but just know that we're aware of the limitations in both cases and we'd like to provide a better solution in the future, both for you and the rest of our awesome customers — and also for us as well. :)

Urda

No that's a great reply! I love technical details and specs.

Well, hopefully users will have a choice in the future. I am currently lucky to have an OS X device I can do the bulk of my work on for setting up a second vault, but I wouldn't mind being able to quick switch between the two in Windows one day :)

AGAlumB

No that's a great reply! I love technical details and specs.

@Urda: Haha, thanks for saying so! It sounds like I've found my target audience. My wife just falls asleep when I carry on like that! ;)

Well, hopefully users will have a choice in the future. I am currently lucky to have an OS X device I can do the bulk of my work on for setting up a second vault, but I wouldn't mind being able to quick switch between the two in Windows one day :)

Agreed. That sounds like that will at least facilitate your current project, and ours will be to improve vault management across all platforms. Thanks so much for the feedback! :)

cbeams

@brenty, thanks for your explanation as to why the Mac and Windows 1Password clients behave differently with regard to vault switching. I'd like to weigh in here in favor of providing an option to make Windows behave more like the Mac client—that is, supporting multiple "mounted vaults" as you describe on Windows, such that the user does not need to deal with entering multiple master passwords when switching between regularly-used vaults.

I'm a Mac user, so this issue does not directly affect me, but I'm also something of an evangelist for 1Password, and have gifted Windows versions of the product to multiple family members. Because we are family, it is often the case that we want to share certain passwords, and it's here that secondary, shared vaults are (in theory) a perfect feature. However, the Windows users they find it prohibitively difficult to remember and type in multiple master passwords multiple times throughout the day. I must say that if I were forced to do this on OS X, I probably would shy away from using secondary vaults as well.

I understand that this is a nuanced topic without an obvious "best" path forward. Perhaps it will help the Windows 1Password team to know that the status quo is essentially preventing the Windows users in my family from taking proper advantage of secondary vaults—which means in turn that I cannot fully take advantage of them either. I imagine we are not alone in this experience.

Thanks!

LauraR

@cbeams - thanks for your feedback on the use of multiple vaults within your family. We understand that different people have different preferences and this feedback is very useful.

AGAlumB

However, the Windows users they find it prohibitively difficult to remember and type in multiple master passwords multiple times throughout the day.

@cbeams: The primary drawback we encounter with this is that people then forget their secondary vaults' Master Passwords. They will be needed at some point, and there isn't anything anyone can do to 'reset' or 'recover' them. While it's certainly more convenient on the Mac side in this regard, the flipside is that Windows users just don't forget their Master Passwords, as they use them more frequently. Definitely a dilemma. :unamused:

cbeams

@brenty, my solution here is that I create a 'Password' entry in my primary 1Password vault for each of my secondary vaults. If 1Password for Windows doesn't allow Mac-style vault mounting, my Windows-using family members are probably going to have to resort to using weaker primary and secondary vault passwords so they can remember and type them in quickly throughout the day. On balance, I'd say that a consistent approach to vault-mounting across both platforms is the better risk to take. Again, even if this is just a preference that can be switched on in the Windows client, that would be sufficient. I'm simply having a hard time defending the use of 1Password for the Windows users in my life, because it's a significantly greater hassle for them to use properly than it is for me on the Mac. Also a dilemma!

AGAlumB

On balance, I'd say that a consistent approach to vault-mounting across both platforms is the better risk to take. Again, even if this is just a preference that can be switched on in the Windows client, that would be sufficient.

@cbeams: I tend to agree. This is definitely something we're considering carefully as we develop 1Password going forward — across all platforms. No shortage of dilemmas, but we're on the case. Thanks so much for your feedback! :)

cbeams

Thank you! We'll stay tuned :)

AGAlumB

:chuffed: :+1:

edgrsanchez

Hey @brenty :)

I'm back to bug you. I've just purchased a Surface Pro 4 to use at school and while I'm traveling. I have an iMac at home, which I use for the majority of my work... and which works PERFECTLY with 1Password due to being able to access all my vaults and being to search all vaults at once.

When I have to use my Surface Pro 4 (Windows 10), it instantly becomes a hassle to use 1Password.

I have a Primary vault, a Family vault, a Business vault, and a Business Client vault. All of which work perfectly on Mac OS and I'm able to successfully share them with family members, coworkers, etc.

I use long and difficult to remember passwords for my 1Password vaults. I know my Primary vault password by memory and I have all the other vaults' passwords stored within my Primary vault.

I'm not sure what could be done to make the process of switching between vaults easier when using Windows... but at the very least allow us to save our vault passwords or allow us to use a certificate to authenticate automatically.

:chuffed: Hope to hear from you soon.

Edgar

AGAlumB

@edgrsanchez: Good to hear from your again, Edgar. Sorry for the trouble! 1Password for Windows was designed with the Desktop in mind, not tablets, so I can imagine that poses a bit of a hardship on a Surface.

But you're in luck! While 1Password for Windows isn't going anywhere, as it's a great fit for traditional PCs, we've been working on a Windows 10 native version of 1Password, which is designed for touch devices of all shapes an sizes (and it works well with a keyboard and mouse too). It actually just hit beta today, so be sure to check it out. Just look for "1Password beta" in the Windows Store. You'll find that using multiple vaults works more similarly to what you're looking for.

That said, we'd absolutely like to improve the way that vaults are handled in 1Password for Windows as well going forward, but I can't say exactly when we'll be able to do that. Thanks for letting us know you'd like that feature though! :)