Individual unlocking of secondary vaults gone in 1Password 6

hawkboyblue

Hello MetroEast: Are you able to share all the steps for this novice on how to create a separate account? I need my assistant to be able to access the secondary vault but not my primary. Thanks in advance.

AGAlumB

@hawkboyblue: I'm happy to walk you through it! :chuffed:

1. First, you'll want to share the vault using Dropbox (sharing it with the assistant's Dropbox account means you don't have to allow them access to yours!)
2. Setup a new OS X user account on the Mac.
3. Install Dropbox on the new user account.
4. Allow Dropbox to finish syncing.
5. Install 1Password on the new user account, and choose the vault in Dropbox.*

*This is if they don't need/want their own primary vault. If they do, just create a new vault instead, and then double-click the vault in Dropbox to add it as a secondary in 1Password.

With this setup, only the data you want to share is shared. And while you cannot unshare a secret once it has been shared, you can revoke access to the vault in the future if needed, so that future changes will not be accessible to them.

I hope this helps. Be sure to let me know if you have any questions! :)

dingerdance

Plus one. Would like separate vaults with isolated logins for work and personal. I expected it to work this way (based on creating a separate password for the new vault), set it up, was really confused when my master password kept unlocking everything, and then found this thread. Thanks for keeping the discussion open.

ekontrec

@dingerdance this discussion is very quiet of late. Don't hold out hope that they will re-introduce this feature any time soon, if at all. Chances are very slim to none :angry:

dingerdance

@ekontrec It's only quiet if people stop talking about it ;) As a product owner you expect some backlash any time you change existing functionality for existing users. Just putting my drop in the bucket that as a brand new user of this functionality, it still did not meet my expectations or needs. I guess I'm not asking for this specific feature to be "fixed", "re-introduced", or "reverted", more just stating my use case so that maybe it can influence some decision in the broader scheme of the product to allow something like this to be accomplished.

AGAlumB

@ekontrec, @dingerdance: While we haven't been posting here this past month, that's simply because we don't have anything new to say on the subject. So much has been said already, but it's good to know that it's (still) important to both of you.

That said, it's absolutely something that's been on our minds as well, even if we've been silent here. And I am hopeful that we'll be able to come up with a solution that will help folks who need or want to have clearer separation between data sets. Thanks for the continued feedback. We're listening. :)

markdelliott

Just wanted to throw my name in the hat, also. This is important functionality for a lot of users, and would very much be appreciated to return.

AGAlumB

Thanks for the encouragement! I'm optimistic that we'll be able to come up with a solution in time. :)

guygizmo

Just for the added incentive, I'm posting to say I also need this feature. I'm a new user to 1Password but I've chosen to use version 5 in order to be able to unlock vaults individually.

In case my specific use case for this feature helps the development team: my situation is that, at work, I need to have three vaults: one for my personal login information that I sync with my home system (my main vault), one for my work specific login information that I don't want anyone else accessing, and one for login info that occasionally my coworkers may need access to. I've given my coworkers the password to that final vault, so it's essential that I be able to unlock it without unlocking the other two. I most especially don't want to unlock my personal vault unless I need some of the data from it.

profbiggles

Hi 1password team - just a comment to add to my original post quite a while ago so you know we're still waiting patiently (and using v5) hoping you're able to come up with a solution to this.

many thanks!

AGAlumB

Thanks for checking in! Your patience is appreciated. We don't have any news to share on this front, but we haven't forgotten. I hope we'll be able to come up with a good solution for this! :blush:

profbiggles

Thanks @brenty - is there a good way to "register" to get notified if this issue is addressed in a future release (or beta)? I've been keeping an eye out in a few of the 6.x release notes as they've come out, but suspect I could miss this depending how the feature is explained in the release notes given it could be described in a few different ways.

Cheers.

AGAlumB

@profbiggles: That's an excellent point! If we do add a new feature to cover this use case, it may not be obvious from the release notes. You can keep up with 1Password news on our blog, and we'll try to update this discussion as well — though I can't say for certain if that will work, if this is archived before then, but I've made a note of it. :)

ref: OPM-3687

nucleardog

Hey guys - just wanted to toss my use case in as well as ask a question re: how this is implemented.

My reason for the second vault is as a place to store my OTP tokens / backup codes. My thinking is that it kind of defeats the purpose of having a "second factor" if it's stored alongside the password. The only factor becomes my vault password. I've got 2FA enabled on these accounts because I want extra security because they're particularly sensitive (as far as my accounts go, anyway).

Am I correct in assuming that, by adding a secondary vault and authenticating, the password or decrypted key will be stored in my primary vault, effectively negating any additional security I might gain by using a different password on the secondary vault?

AGAlumB

@nucleardog: I think that's a fair point. Vaults are encrypted separately, but for the purposes of unlocking the 1Password app itself, all of them are unlocked at once. And while you may have some logins you feel are more important, there's no reason not to offer all of your vaults the same high level of security, so if there are adjustments you can make to your lock settings that will benefit all of your 1Password data. :)

JAnguita

That's ok, but we still think that could be A VERY GOOD IDEA a way to set a higher security level for some entries.

AGAlumB

We'll I guess it depends on the way you look at it. T's certainly something we can consider, but that sounds suspiciously like setting a lower security level for a lot of your personal data. Cheers!

billyho

@brenty Not all of my personal data needs the highest security level to access, and sometime it is even not a good idea to enter your primary password in public. Separate, I think this is the key of vault. I want to keep all my sensitive data in the primary vault and not prepare to open it in public using my primary password. Now, without separate vault password, everyday I go to work, I HAVE TO RISK COMPROMISING MY PRIMARY PASSWORD to access some data I need for work that I don't think it needs the highest security level. It is the feature I used to love most and it has been removed for over a year, I feel very disappointed. I very miss this feature.

tompave

This comment is in reply to a twitter exchange with Dave Teare.

First off, thank you Dave Teare for showing interest in users' opinions on Twitter.
For me that exchange was meant to be a simple recommendation of a specific version of the app, but here we are talking about the removed feature.
After so many months I feel like I can add something more on the subject, but I don’t think it would be very helpful to do so on Twitter.
Hopefully, here on your forum it will spur some constructive discussions with the team and other users.

The problem with your explanation is that it is not “good enough” for an app like 1Password. The reason I feel that way is that 1Password is quite an expensive app, a premium app I would say.

There are a lot of free or cheap alternatives out there with the same base functionality of password management, but 1Password has always sticked out because of its great UX, level of polish and extra features. (I want it to be clear that I am not referring to features like family or team accounts, because I have been a happy and paying 1Password user long before those functionalities were announced.)

Because of its higher quality, people have been willing to pay your app’s very high price tag (relatively to the competition): people pay for quality, reliability and trustworthiness, and 1Password has offered that for a long time.

Now, you've found an issue with a feature that customers were using, you removed the feature instead of fixing the problem, ignored the complaints and did not acknowledge that you made a mistake.
If we were talking about a free app, that would be acceptable. It would still be bad, but acceptable because “you get what you pay for”. It is not acceptable for an expensive app like 1Password.

A lot of people have come here on the forum to describe their use cases, explain that they were actually using the removed feature, or just add a “+1”. *
Your team’s responses have been helpful and polite, but the bottomline has been: “we hear you, and maybe the feature might come back in a different form, but don’t hold your breath”. The most viable alternative has been to rollback to the previous version 5.4.3 which, however, is not actively maintained.

To put things in perspective, you acted very much like Adobe did when OS X 10.7 came out. Some API changes in OS X broke some of the apps from Adobe CS 5, and they decided do just stop supporting them. Check the KB page and go to the Flash Builder section. See where they say:

Flash Builder 4.0.x doesn't work on Mac OS 10.7. Adobe does not intend to update this product for use on Mac OS 10.7.

And that was a piece of software that had been sold for a few hundreds USD till a couple of months before that.

So, what happens now?

You have a bunch of customers that paid quite some money for your app, because they preferred it over the cheap alternatives, and now you’re forcing them to use an old and unmantained version. One day, someone in Cupertino will decide to deprecate some OS APIs and that version of the app will stop working.

Apologies for the rant, but I would like to know how you feel about the situation I described.

——————————
* Since the thread is already quite long and most of those comments are old, to better make my point I’ll add my specific use case. I have a primary vault for personal use, and secondary vaults I use at work, all with different master passwords. I want to be able to unlock the work-related ones separately because, when I’m at work, I do not want to have to type my personal vault’s password in front of colleagues. You should know that human factors are always the weakest link in any security system, and the action of physically typing the password is 1Password’s weak link. With the old 1Password 5 I can confidently unlock work-related vaults because I know that, even if someone is peaking, my personal accounts are still secure. The idea of having a single password to unlock everything means that I cannot use it in the same way at work. Now, contrast that with 1Password for iOS. All vaults are “merged” together, but since I can unlock it with my fingerprint it's not an issue.

AGAlumB

@billyho: I guess I don't quite understand how your Master Password is getting "compromised" in that scenario. That shouldn't be the case unless you're using an untrusted system, which is potentially compromised itself. We'd definitely like like to come up with a cleaner, non-hack way of allowing your use case, but I'm not sure that it's ever a good idea to access sensitive information in questionable environments.

billyho

@brenty I'm sure that it's not a good idea to access sensitive information in questionable environments, the problem it how I can access nonsensitive information without my master password. For example, I need to login a website in a public wifi network, I don't think this website account is as important as my sensitive private information, but I have to unlock all my sensitive information in order to login a not so important website, which increase the chance of compromising my sensitive information.

AGAlumB

@tompave: First of all, thanks for taking the time to post here! I agree that this would be a much more difficult discussion to have on Twitter! :lol:

Now, you've found an issue with a feature that customers were using, you removed the feature instead of fixing the problem, ignored the complaints and did not acknowledge that you made a mistake.

The problem is that unlocking secondary vaults wasn't a feature; it was a bug. By definition, we made a mistake by allowing that to happen in the first place. I know that Rick mentioned this and I've reiterated it as well. And part of that is addressing the issue. That brings us up to where we are today.

Your team’s responses have been helpful and polite, but the bottomline has been: “we hear you, and maybe the feature might come back in a different form, but don’t hold your breath”. The most viable alternative has been to rollback to the previous version 5.4.3 which, however, is not actively maintained.

Actually, the only truly viable option for the majority here (since it doesn't involve using an old version of the app) is using separate user accounts to have separate user data. 1Password is a single user app and always has been. Perhaps we'll add multi-user support in a future version, which would help that particular (shared family device) use case, and also likely benefit the others here who just want their own vaults to unlock separately. Using the OS and 3rd party apps in the way in which they are intended is best, since not all edge cases or accidental "features" can or will be accounted for.

To put things in perspective, you acted very much like Adobe did when OS X 10.7 came out. Some API changes in OS X broke some of the apps from Adobe CS 5, and they decided do just stop supporting them. Check the KB page and go to the Flash Builder section. See where they say:
Flash Builder 4.0.x doesn't work on Mac OS 10.7. Adobe does not intend to update this product for use on Mac OS 10.7.
And that was a piece of software that had been sold for a few hundreds USD till a couple of months before that.
So, what happens now?

I don't even know how to respond to that, apart from saying that I don't think it makes any sense to compare 1Password to a legacy version of Adobe Flash. But I may just not see the angle you're going for here.

You have a bunch of customers that paid quite some money for your app, because they preferred it over the cheap alternatives, and now you’re forcing them to use an old and unmantained version. One day, someone in Cupertino will decide to deprecate some OS APIs and that version of the app will stop working.
Apologies for the rant, but I would like to know how you feel about the situation I described.

No way! No need to apologize. I think I'm just having trouble seeing where you're going with this "deprecated APIs" line of thought. Any given version of 1Password will continue to work the same way it always has. If you're intent on using the old version of 1Password to take advantage of the secondary unlock behaviour, we won't stop you; that's your prerogative as a license holder, after all. But it isn't something we think anyone should be doing. Otherwise we wouldn't have bothered to fix it in the first place.

• Since the thread is already quite long and most of those comments are old, to better make my point I’ll add my specific use case. I have a primary vault for personal use, and secondary vaults I use at work, all with different master passwords. I want to be able to unlock the work-related ones separately because, when I’m at work, I do not want to have to type my personal vault’s password in front of colleagues. You should know that human factors are always the weakest link in any security system, and the action of physically typing the password is 1Password’s weak link. With the old 1Password 5 I can confidently unlock work-related vaults because I know that, even if someone is peaking, my personal accounts are still secure. The idea of having a single password to unlock everything means that I cannot use it in the same way at work. Now, contrast that with 1Password for iOS. All vaults are “merged” together, but since I can unlock it with my fingerprint it's not an issue.

Ahh, gotcha. Perhaps that's the "compromise" @billyho was referring to as well. Thanks for elaborating on your specific use case! That last point there is incredibly salient, especially in this context: you can safely unlock 1Password on your iPhone without anyone seeing your "password".

To be absolutely clear, this isn't something we're happy to ignore. But you're right: we're not going to promise anything. For the time being, we have a lot of other things we're working on, but this is something we think about even as this discussion has largely died down of late. If and when we're in a position to actively work on a solution to this, we need to also consider that this is additional complexity that will need to be addressed in a user-friendly way, not just a feature to be developed. It's "easy" to add features, given the resources. But if this situation has taught us anything, getting them right is what's most difficult. So it's something we'll continue to take very seriously.

AGAlumB

@billyho: Ah, excellent! That makes sense. Thank you for clarifying that for me. :) :+1:

Mavrick3321

Just to chime in, I'm still following comments on this topic. I'm also one who had to downgrade to keep this ability and have not upgraded since. Still hoping that this might be added in the future.

AGAlumB

Me too. Thanks again for your feedback and patience on this!

tompave

Hi @brenty, thank you for the long of well thought answer.

I understand that we are seeing the removal of the feature from very different perspective. I still think that "the bug" made 1Password really stand out. It made it really powerful and versatile.

Heck, I don't even want to unlock secondary vaults from the primary one (which I understand is what caused you to see it as a security issue), or the concept of primary-vs-secondary at all for that matter. I would be happy with different independent vaults or "compartments".
Unfortunately, as long as all my vaults will be mixed up and merged together with a single password, I'll have to keep using version 5.

And switching user accounts is not a viable option.
I completely agree that is the best solution for use cases where multiple people use the app (e.g. family members, or co-workers using the same computer), but it doesn't work for me because both (all) my vaults are for personal use.
Also, for single-user scenarios it sounds like a very bad user experience (at least on OS X). Switching user to access a different vault means that I lose my browser sessions, opened apps, personal files, etc. Definitely not an option.

To reiterate, and because I haven't lost hope that you might still bring back the feature, here is a simplified example of why this functionality would be important.

Imagine that I have a primary vault with all my personal data: bank accounts (with secret codes), credit card data, health and sensitive info, website logins, etc. This vault has a password that I want to protect very carefully. Let's say it's "correct horse battery staple" (see what I did, there?)
Then I have a secondary "work" vault. There I keep RSA key passphrases, team code signing certificates, login details for things like AWS or NewRelic, DB and production system access details, etc. This data if for my personal use, but I know that all my colleagues have almost the same info. Maybe the access details for a production system are the same for everyone, or I have low access privileges to AWS, so it's not a big deal if my co-worker with admin rights sees my randomly-generated password. Or maybe everyone on my team has the same admin rights to a service, and we could all change each other's passwords if we wanted.
This vault is protected with a strong password too, but it's a password I can confidently type at my computer even if I have 3 coworkers sitting with me. Even if they see it, and could get access to the vault, the worst thing that can happen is that they either get info that they already have, or they can use my account to access a service they can already access on their own.
Then, maybe I have another secondary "secret-work" vault, where I keep sensitive info. If I am the only one with admin rights to, let's say, an HR portal where everyone salaries are reported, I'll keep it here. Same if I'm the only one with super-user access to a system. This is a vault that I'll treat like my primary one.

Now. If all these vaults are mixed together, for me using 1password becomes a problem. I might have to unlock the 2nd vault several times a day, in front of other people, and I don't want to have to type "secret horse battery staple", because I don't want to risk that people will get access to my bank account.

Can you understand where I am coming from?

AGAlumB

Hi @brenty, thank you for the long of well thought answer.

@tompave: You're very welcome! I wish I had better news to give you, but I'm glad we can have this discussion. It may not be any time soon, but it absolutely will inform how we approach this — especially given your comments later on.

I understand that we are seeing the removal of the feature from very different perspective. I still think that "the bug" made 1Password really stand out. It made it really powerful and versatile.

I can definitely appreciate that perspective, but first and foremost 1Password is supposed to help us be more secure, so we really need to focus and look at things through that lens. But you're right that there's a whole other side to this. I can't think of any examples off the top of my head, but I'm certain that I've used a number of unintentional "features" in software over the years as part of my workflow. And regardless, changes to my workflow are almost without exception unwelcome at first, so I can relate on that level.

And switching user accounts is not a viable option. I completely agree that is the best solution for use cases where multiple people use the app (e.g. family members, or co-workers using the same computer), but it doesn't work for me because both (all) my vaults are for personal use.

Also, for single-user scenarios it sounds like a very bad user experience (at least on OS X). Switching user to access a different vault means that I lose my browser sessions, opened apps, personal files, etc. Definitely not an option.

You're absolutely right, and it's good to hear a different perspective. We definitely want to take into account various use cases as best we can going forward, and this is a great example of that.

To reiterate, and because I haven't lost hope that you might still bring back the feature, here is a simplified example of why this functionality would be important. [...] Now. If all these vaults are mixed together, for me using 1password becomes a problem. I might have to unlock the 2nd vault several times a day, in front of other people, and I don't want to have to type "secret horse battery staple", because I don't want to risk that people will get access to my bank account. Can you understand where I am coming from?

Absolutely! Thanks for elaborating! Please don't lose hope. We can't promise anything at this stage, but we know you're not alone in this desire. And even if it's a slightly different use case than most(?), if we can come up with an intuitive, secure solution that covers multiple uses, that will be best, and your feedback on this is invaluable. Thank you! :chuffed:

JAnguita

I'm still very interested in this lost feature.

I would like to know if it could be restored, because my "scenario" it is the same previously exposed by other guys.

In my case, I think that the "different account system" is not a good idea. For a personal use, I don't want to pay subscriptions. I've already paid for ALL system versions.

AGAlumB

@JAnguita: Thanks for letting us know. We won't be "restoring" 1Password to the previous state since that was an unintended consequence of a bug with security ramifications, but we're exploring other options of enabling separate 1Password "profiles" or something like that.

Having to pay for a separate 1Password Account isn't something we want you to have to do, because we wouldn't want to do this ourselves. However, when the use case is separating data between people, separate accounts are appropriate, for both macOS and 1Password.