Primary Vault? Or not?

instanttim
instanttim
Community Member

I'm curious, I was noticing that if I have a primary vault, then I can have a crazy long, super strong, password for Families. But without a primary vault, then I need to remember and enter the Family account password every time.

So this got me thinking... from a security standpoint, is it any better to have a primary vault so that your password for Families can be stronger? Does it matter? If i have to remember it and enter it a lot, I tend to make a password not as strong of course. So I had removed the primary vault and now have a much longer password to enter each time I use 1Password.

Hmm... any thoughts?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Pilar
    Pilar
    1Password Alumni

    Hi @instanttim,

    Could you please elaborate on what you mean by:

    if I have a primary vault, then I can have a crazy long, super strong, password for Families. But without a primary vault, then I need to remember and enter the Family account password every time.

    You can have a long, strong password for your Family account, no different than if you're using 1Password by itself. Actually, if you already were using 1Password when you created your Family account the your Master Password should be the same. I'd like to hear some more details about what exactly you're doing so you can get the best out of 1Password! :chuffed:

  • khad
    khad
    1Password Alumni

    @instanttim,

    I would also add that, while it is important to have a strong Master Password, the encryption on family (and team) accounts is also hardened by your Account Key. It is impossible to decrypt the data without the Account Key — even if someone knows your Master Password. They would need to not only have a copy of the data somehow, but they would also need your Account Key.

    In short, if you use the same Master Password for a local vault that you use for your family account, your family account is better protected in many ways. I encourage you to read the aforelinked security article if you are curious about the details.

    Of course, if you have any other questions, don't hesitate to let us know.

  • instanttim
    instanttim
    Community Member

    I used a shorter, easier-to-type, medium level password for my local vault. I suppose because I have to type it a million times a day. I knew that password was not stored anywhere and didn't travel over the network, so for some reason I convinced myself I was making an appropriate trade-off. Maybe that's not right.

    My families account asked me for a NEW password when i set it up. Then I entered that password in the app thinking it was cool that i didn't have to enter the key and families password but could just unlock my local primary vault and everything worked.

    Then I did the geeky procedure outlined somewhere in your knowledge base about how to remove your primary local vault -- if you were exclusively using Families or Teams. At which point I suddenly released I need to type in the much longer stronger password.

    What all that said, I've gotten pretty fast at entering it.

    General Idea for you... why does the vault password screen have such a narrow entry field? In fact, why have any field at all? I bet one could develop some other visualization of key-entry, even that supports backspace, which doesn't make assumptions about the length of my password. How about every time I press a key i get a matrix-like garble of characters flashing on screen and fading out. I dunno, i just feel weird when i'm typing into a box and it am going off the right side and the bullets are either scrolling across or getting smaller to all fit... just seems like an old-school model developed when passwords were 4–8 chars long.

  • khad
    khad
    1Password Alumni

    @instanttim,

    I used a shorter, easier-to-type, medium level password for my local vault. I suppose because I have to type it a million times a day. I knew that password was not stored anywhere and didn't travel over the network, so for some reason I convinced myself I was making an appropriate trade-off. Maybe that's not right.

    Someone would need to (1) get ahold of your local data and (2) know (or guess) the Master Password to unlock it in order to be able to get at the data in your family account. So in one sense, you made a very reasonable choice.

    My families account asked me for a NEW password when i set it up.

    We'll have to improve that then. (Depending on when you signed up, we may have already improved the language we use during the sign up process.) We generally encourage folks to use their ONE Master Password for all of 1Password.

    What all that said, I've gotten pretty fast at entering it.

    It's amazing what we are capable of when we have to be. :)

    You have a very interesting idea about the Master Password entry. I'll mention it to the developers. Who knows what the future holds?

This discussion has been closed.