Password Confusion: Master Password vs. Secret Key

Buadhai
Buadhai
Community Member
in Mac

When I log in to https://my.1password.com/ I am asked for my Master Password. But, I can actually enter either my Secret Key or my Master Password. Why is that?

When I open 1Password7 on my Mac, I have to enter the Master Password from my 1Password Emergency Kit. But, when I open 1Password on my iOS devices, I have to use my old 1Password password. My Master Password doesn't work. Why is that?

I thought that once I had a subscription, I would have the same Master Password across all devices.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Ben
    Ben

    Hi @Buadhai

    When logging in to your 1Password account both your Master Password and your Secret Key are required. In most cases your browser or 1Password app are going to remember your Secret Key for you after the first login.

    It sounds like you still have a Primary vault. Here is how 1Password handles unlocking:

    • If a Primary vault (standalone vault) exists the Master Password for the Primary vault will unlock 1Password
    • If a single 1Password membership has been added then 1Password unlocks using the Master Password associated with that membership account
    • When multiple 1Password memberships have been added 1Password unlocks using the Master Password of the first added membership

    1Password only ever acccepts one Master Password. All memberships / vaults are unlocked when 1Password unlocks. I hope that helps!

    Ben

  • benfdc
    benfdc
    Community Member

    Let me be sure that I understand this, @Ben, before I take the plunge to 1Password 7.

    Suppose on my first run of the app I put in my 1Password for Families password.

    Then I go into preferences and add my old Dropbox-synced .agilekeychain primary vault. And maybe a secondary vault or two as well.

    Then I quit the app.

    The next time I open 1Password, what password unlocks it?

    —Other Ben

  • Ben
    Ben

    Hi Other Ben 👋

    This actually hasn’t changed with 1Password 7. But in your example the Master Password for the first added standalone vault (which would become the Primary vault) would unlock 1Password. Please note that one thing that did change is that 1Password 7 no longer uses the Agile Keychain sync format. Any keychains using Agile Keychain will be upgraded to OPVault. This format is compatible with 1Password 6. You can actually upgrade these keychains in 1Password 6 prior to upgrading if you’d like to smooth the transition process:

    How to switch to the OPVault format from Agile Keychain | 1Password

    I hope that helps!

    Ben

  • Buadhai
    Buadhai
    Community Member

    Thank you.

  • Ben
    Ben

    You’re very welcome. If we can be of further assistance, please don’t hesitate to contact us.

    Ben

  • benfdc
    benfdc
    Community Member
    edited June 2018

    It helps more than you could know, @Ben. My wife's Late 2006 MacBook is stuck on 1Password 3.8 because it can't be upgraded past OS X Lion. I have a user account on her laptop and she has one on mine. Neither is used all that often, but it's good to have the option, so that means sticking with .agilekeychain vaults.

    Putting 1Password 7 on my MacBook Pro will be asking for trouble until my wife does a long-overdue hardware refresh. (Or until y'all force my hand by dropping .agilekeychain support on iOS.)

    Although if you have instructions for running 1Password 6 on a Mac in some user accounts and 1Password 7 in others I suppose it'd do no harm for you to send me a link.

    —Other Ben

  • Ben
    Ben

    @benfdc

    I’m glad the info was helpful.

    Although if you have instructions for running 1Password 6 on a Mac in some user accounts and 1Password 7 in others I suppose it'd do no harm for you to send me a link.

    I don’t believe this is possible. With some tinkering it may be but it certainly adds a layer of complexity and unfortunately we’re not in a position to support that kind of a setup. I have to imagine that you’d run into conflicts with the browser extension helpers.

    until my wife does a long-overdue hardware refresh.

    Soon, I hope? :) Lion hasn’t been receiving security patches for quite some time now (5 years).

    Or until y'all force my hand by dropping .agilekeychain support on iOS.

    I’m sure that wasn’t intended as a suggestion, but I would imagine when the adoption rate of 1Password 7 reaches a certain level we’ll be looking at that seriously. Agile Keychain doesn’t encrypt all meta data. It was a great format for it’s time, but that time has passed. People are concerned with privacy and meta data now more than ever.

    Ben

  • benfdc
    benfdc
    Community Member
    edited June 2018

    Not a suggestion, just a recognition of the validity of the factors that you note: OPVault is a more secure format than .agilekeychain and operating systems which are too old to support OPVault are inherently insecure. Dropping .agilekeychain support on iOS isn't something I'll be eager to see but I can offer no legitimate objection. Once my wife gets a new Mac, our five-user 1Password for Families license will let her run 1Password 6, which supports primary and secondary OPVaults, iCloud sync, and 1Password.com subscriptions. How can I complain?

    I'll tell you how I can complain—I wish that there was a way to upgrade our 1Password for Families license to 1Password 7. But I'm not holding my breath.

    I still miss some of the old "wallet" data types that disappeared with OPVault, but they are not displayed properly in newer versions of the app even though they are still in the .agilekeychain database. Alas, that ship sailed a long time ago.

    Again, I appreciate the info and the perspective, Ben

    —Other Ben

  • Ben
    Ben

    I'll tell you how I can complain—I wish that there was a way to upgrade our 1Password for Families license to 1Password 7. But I'm not holding my breath.

    Not to take this thread too far off course... but the recommended upgrade path here is 1Password Families membership. Apologies if we’ve already had this discussion, but what is keeping you from that?

    I still miss some of the old "wallet" data types that disappeared with OPVault, but they are not displayed properly in newer versions of the app even though they are still in the .agilekeychain database. Alas, that ship sailed a long time ago.

    Hmm. I don’t remember them. What were they? We’ve talked for a long time about wanting to have custom categories... just haven’tyet found enough hours in the day. In the mean time this (older but still relevant) blog post may help:

    Secure all the things in Secure Notes - AgileBits Blog

    Again, I appreciate the info and the perspective, Ben

    You’re welcome, and likewise.

    Ben

  • benfdc
    benfdc
    Community Member

    1Password 3 had categories called Accounts and Wallet, and there were various sorts of account items and wallet items.

    In later versions of 1Password the hierarchy was flattened. I misspoke when I referred to old Wallet data types, because I think that they all survived the transition. Several of the Account types did as well (e.g., Databases, Email Accounts, Servers), but other Account types like Instant Messenger, FTP, iTunes, and ISP were converted to generic Logins, often with empty website fields.

  • Ben
    Ben

    I see. Thanks for the reminder. I do vaguely recall that now. :)

    Ben

This discussion has been closed.