Signing in with no device access.

rctneil
rctneil
Community Member

Just signed up to a 1Password for Families account and had a thought:

If I for some reason had no access to any devices (phones or computers) and I was at another persons machine and went to my 1Password account online. Could I manage to access my account? I obviously would not know my account key but would know my Master Password.

I thought this was a massive benefit to the 1Password Accounts but if I have to memorise my Account Key then it seems like it won't solve this particular use case for me.

Thanks,
Neil


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • danco
    danco
    Volunteer Moderator

    If you are concerned about this situation, the best solution is to keep a copy of your account key with you.

    Even if the account key were stolen, a thief would have no access to your data without the master password. In addition, any thief would need to know the name of your account (1PW for Families) or your email address (1PW for Individual) before knowing where to look.

  • rctneil
    rctneil
    Community Member
    edited August 2016

    Well it seems to defeat the object of having the account online? I'm a massive fan of 1Password but this seems a very big mishap in the online access (especially in my eyes).

    If I didn't have my account key at all but know in my head, my URL, email address and master password then surely I should be able to access my account.

    I'm getting a bit concerned about what reason i've actually signed up to the online version now as there doesn;t seem a major benefit to me.

    By the way. I do fully understand the reasons for the Account Key to be there but do feel it defeats the object of allowing web based access without memorising that large account key.

    Please correct me someone!

  • rctneil
    rctneil
    Community Member

    I've also moved a few items over to the 1Password account vaults and the attachments show up as individual items themselves and not attached to the items like they were locally. Is this how they are meant to work?

    If move them back to a local vault, will the files reattach to the items again?

  • There is always a trade-off between security and convenience. The account key may not be super convenient in the scenario you've described but it does add a great deal of security.

    One possible solution would be to keep a laminated card with just your account key on it in your wallet. It doesn't have to have any other identifying information on it. You know what it is for. If it were stolen an attacker would have to know or guess that it is a 1Password account key. Even with that, they would still need to know your URL, email, and Master Password in order to get at your data.

    FWIW we wouldn't recommend logging into any of your accounts from a computer you cannot trust (e.x. a friend's computer -- who know what malware they have).

    Ben

  • Ben
    Ben
    edited August 2016

    If move them back to a local vault, will the files reattach to the items again?

    No, you would need to download your Documents and attach them to the items they were previously attached to.

    I've also moved a few items over to the 1Password account vaults and the attachments show up as individual items themselves and not attached to the items like they were locally. Is this how they are meant to work?

    Yes. At present Documents are first class citizens with 1Password accounts. They live independently of any other items.

    Ben

  • rctneil
    rctneil
    Community Member

    Can we attach documents to an item as I have documents that are related to certain items and they shouldn;t live on their own. Is this possible?

  • Not in the same sense that attachments work in standalone vaults, currently. You can link a Document to another item, though, using the Related Items section of an item.

    :)

    Ben

  • rctneil
    rctneil
    Community Member

    I realise it's a balance between security and convenience but I feel the whole point of having web based access is defeated by having the enter something that's hard to remember, but on the other hand I see the point and security advantages of the Account Key and the benefits it provides.

    If (after the free trial) I decide to drop back to local (Dropbox synced) vaults, is any of this going to change in the future. Is support or compatibility being deprecated or dropped or is it 100% going to continue to be developed, enhanced and expanded in the future?

    I realise the web based version is what you are pushing now and in the ongoing future but as stated, the dificulty of accessing directly and quickly through a browser turns me against it and as that was pretty much the sole factor of me trying a 1Password Account, it seems pointless paying monthly for it in my opinion.

    I (honestly) don't wish to constantly sound negative in this thread but am just trying to find out what the Account can and cannot provide for me. I am a loyal and happy 1Password customer.

    Kind regards,
    Neil

  • Did you see my comment here, Neil?

    One possible solution would be to keep a laminated card with just your account key on it in your wallet. It doesn't have to have any other identifying information on it. You know what it is for. If it were stolen an attacker would have to know or guess that it is a 1Password account key. Even with that, they would still need to know your URL, email, and Master Password in order to get at your data.

    As for going back to the license, vs subscription:

    If (after the free trial) I decide to drop back to local (Dropbox synced) vaults, is any of this going to change in the future. Is support or compatibility being deprecated or dropped or is it 100% going to continue to be developed, enhanced and expanded in the future?

    We're not depreciating or dropping support for licensed products. We plan to continue along with those as we have been all along. :) The subscription services are additional offerings, not replacement offerings, though we do feel in most cases they are the better option.

    Thanks!

    Ben

  • rctneil
    rctneil
    Community Member

    Hello Ben. Yes, I did see that comment and it is a solution but it's still "something" else to carry around.

    Anyway, I'll try the trial and i'll see how I get on. I just wanted to let you guys know that my main issue with the local vaults synced with DropBox setup was that I had no online access to the vault and thought that was a great reason to try the account option, I use the trial and it gives me the online access but with awkward sign in options. Ah well.

    In regards to the attached files. Is the new system of files being first class citzens being brought down to the native client apps along with relationships between items. I can see the benefit of this and it would be nice if this was the default method?

    Also, it would be nice if moving items back to a local vault the documents could either still be related in the new style or be reattached to their existing item as in the old style.

  • rctneil
    rctneil
    Community Member

    Continuing from above. I thought one of your main selling points was the fact that you only had to remember ONE password and that's it. With the new Accounts, you have TWO things to remember to get access to your vaults. Maybe a name change is in order? I know you call one a "key" but there we go.

    Joking aside. Do you see where I am coming from?

  • @rctneil I hear you, mate. The Account Key is not something I've even considered memorizing, and if I did have to get emergency access to my account from someone's computer without it, I would probably be in trouble. I usually carry a printed copy of my Emergency Kit when I travel and that helps. You could also write your Account Key a few random places and carry it with you. It's not like people will know what it is right? :wink: That is security through obscurity, though, and it's not the best.

    In regards to the attached files. Is the new system of files being first class citzens being brought down to the native client apps along with relationships between items. I can see the benefit of this and it would be nice if this was the default method?

    Indeed there is. They're called Document items, and they can be linked to items, which is the same as attachments you were used to before but they are also a separate item if you'd like to store a document by itself.

    Also, it would be nice if moving items back to a local vault the documents could either still be related in the new style or be reattached to their existing item as in the old style.

    We're getting there, one item at a time. Moving things to an account was the main priority, and moving things back will make its way here soon enough.

    Continuing from above. I thought one of your main selling points was the fact that you only had to remember ONE password and that's it. With the new Accounts, you have TWO things to remember to get access to your vaults. Maybe a name change is in order? I know you call one a "key" but there we go.

    True, true. You don't have to remember the Account Key, though, because it's saved once you sign in the first time. The only reason you would need to remember it is if you don't have any of your devices. We don't really want to remove it from the equation because it's what makes the security of 1Password accounts so good. Your Account Key strengthens your Master Password, whether that's weak or super strong, and makes it impractical to access your account without both in hand. It's better than two-factor authentication, too, because it's working with your Master Password to decrypt your data, not authenticate you. Learn more about the Account Key.

    Thanks again for the feedback about this — we're always thinking of ways to make the process smoother so I really appreciate you taking the time to write out some thoughts and I hope you enjoy your account too! :)

  • rctneil
    rctneil
    Community Member

    @Jacob I'll do a full reply a bit later as i'm a little strapped for time right now.

    Your reply about Document items is great but can't figure out if you are stating that this is upcoming or if this is available right now? If it is right now then I can't seem to figure out how to create a new Document Item?

  • @rctneil Sounds good. :) Documents are available right now — sorry if that wasn't more clear. We introduced Document items with 1Password Teams back in November of last year. You can create one from the Mac and web app so long as you are in an account vault. The others will be getting this capability in the future.

  • rctneil
    rctneil
    Community Member

    @Jacob Excellent. Found it now. I like that feature but can't see how to create a relationship between a document and another item?

    Looking forward to seeing this functionality coming to local vaults!

    In regards to all these features and small tweaks which you say your devs are working on. Is there some place we could have them noted down so we can see when they are ready rather than us constantly asking for updates in here? The changelog is possible but some of the features seem a bit too small to include in there etc?

    Some items I would like to know when done are:

    • Documents reattached when moving from Account to local vaults. (Maybe this is no longer required though if Docs are full citizens now?)

    • Documents as full time citizens in local vaults.

    • Relationships in local vaults

  • @rctneil Ah, that part is a little more hidden. If you are editing any item that isn't a Document, there are "Link Existing" and "Add New File" buttons where the attachment field used to be. Link Existing will bring up a window where you can search for existing items to link:

    Looking forward to seeing this functionality coming to local vaults!

    It's funny, no one says that. :lol: They usually request attachments as they used to be. Item linking is certainly a cool thing though.

    In regards to all these features and small tweaks which you say your devs are working on. Is there some place we could have them noted down so we can see when they are ready rather than us constantly asking for updates in here? The changelog is possible but some of the features seem a bit too small to include in there etc?

    Actually we include all the new features, improvements, and fixes in the changelogs:

    1Password for Mac
    1Password for iOS
    1Password for Android
    1Password for Windows
    1Password.com

    You can also view the beta changes there, which will eventually make it to the stable ones. :)

    Documents reattached when moving from Account to local vaults. (Maybe this is no longer required though if Docs are full citizens now?)

    You're right. Since Documents are separate items, they won't be re-attached automatically when you move them back to a local vault. As I mentioned in my previous post, this is something we may add in the future. If you need to move these to a local vault you can download the Document and add it as an attachment to local vault.

    Hope that helps!

  • rctneil
    rctneil
    Community Member

    Do you have an ETA on when Documents and Relations will be available for local vaults?

    I'm assuming i'm going to get the standard 1Password does not comment on future additions line back. ;-)

    Well, if you don't ask you don't get! :-D

  • Do you have an ETA on when Documents and Relations will be available for local vaults?

    There are no plans at this time to implement that. It would require a re-work of the OPVault database scheme, which would likely create an incompatibility between versions. That isn't to say that we won't ever do it, but it isn't on the table right now.

    I'm assuming i'm going to get the standard 1Password does not comment on future additions line back. ;-)

    Well, that, too. :)

    Well, if you don't ask you don't get! :-D

    :+1:

    Ben

  • rctneil
    rctneil
    Community Member

    @Ben Ah that's a shame. I hope the two products don't drift too far apart in their functionality over time. It would be nice to keep them in sync as far as functions go so please add a +1 for local relationships and Documents on my behalf.

    Thanks

  • We definitely don't want things to drift too far apart – there is only one 1Password after all :)

    There's some things that will need to be done differently with local vaults verses hosted ones – for example, given there's no single source of truth with local vaults will necessitate that Attachments be treated differently than Documents –  but we're doing our best to keep that to a minimum.

    Our current plan is to make the Documents UX closer to the Attachments one as we found it a better experience in many ways. So this may become moot a few updates from now :)

This discussion has been closed.