master password for multiple teams

pquimo
pquimo
Community Member
in Business and Teams

I am a longtime 1Password user, and have started using 1Password for Families. I read your recommendation to use my existing master password for my Team/Family. I will shortly be converting my work to using 1Password for Teams, so my question is: do you recommend using the same master password there as well -- so it would be the same in all 3 places? Sorry if this is answered elsewhere, I didn't see it addressed. Thanks!

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    My understanding of this recommendation is that AgileBits feels you are both more likely to choose a secure password and less likely to forget it if you stick with the Master Password you know and love. Since moving to 1Password for Teams can entail a certain amount of change for end-users, the last thing they want is for people to choose a new Master Password, forget to write it down, and find themselves irremediably locked out of their vaults as a result.

    I believe that 1Password's security model makes it actually safe to use the same Master Password multiple times, with the caveat that one compromise would compromise all three of your 1Password setups. Since classic 1Password and 1Password for Teams use different security models (the latter making use of an Account Key in addition to the Master Password), your data would end up being encrypted pretty differently depending on the installation — although the same password could decrypt it all, provided the attacker already had your Teams account key.

    Until one of AgileBits' security experts chimes in, take my words with a heaping of fine sea salt but, on the surface, I don't think what you are contemplating is likely to cause much trouble. Of course, a compromise solution would be to turn your existing Master Password into a base password to which you would add a short random string based on the 1Password installation you wish to unlock. This would effectively allow you to keep the same Master Password in mind, all the while introducing a little variety.

  • rob
    rob

    Hi, @pquimo.

    Yes, our recommendation is to pick a strong Master Password and use it for each of your 1Password accounts. You should not, however, use it anywhere else.

    @Deleted User is right about the reasoning. If you only have to remember one Master Password, you are able to make that one stronger than you could if you have to remember two or more. Rather than introduce a second Master Password to your memory, we would suggest you use that mental effort to strengthen your existing Master Password.

    I hope that helps!

  • pquimo
    pquimo
    Community Member

    Thanks @Deleted User and @rob for the thoughts. It all makes good sense, just felt a bit weird I guess to use my master password in more than one spot already, let alone 3, but yeh. I don't really want to have to remember 3 either though, so I will stick to just one, thanks!

  • rob
    rob

    You're welcome, @pquimo! I can identify with that feeling, and it's a good feeling to have when it comes to web services in general. The way 1Password operates, though, we are comfortable with our recommendation of keeping just one Master Password.

This discussion has been closed.