Secondary account does not unlock at all

I don't know if this is related to this already existing post: https://discussions.agilebits.com/discussion/82953/secondary-account-with-own-password-doesnt-unlock-anymore

For testing I have added an additional family account (1Password.eu) to my already existing 1Password.com account. The initial master password to unlock the extension is the MP of the .com account. When I want to access the .eu account, no vaults from that are displayed.
I then go into the settings of the extension, it says that the .eu account was locked. After unlocking it (or the extension pretending to unlock it) I still don't see any .eu vaults. Going back to the settings, the vault is still locked.


1Password Version: Not Provided
Extension Version: 0.9.7
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • beyer
    beyer
    1Password Alumni

    Hey @Manaburner,

    It sounds like the second account (EU) you've added has a different Master Password from your original account (US). If you lock 1Password and unlock it using the Master Password from the EU account, are you then able to see it unlocked and the vaults you expected?

    From the thread you linked in your post:

    Our recommended solution to folks using multiple accounts is to use one strong, memorable Master Password across all of their accounts.

    Another option is to use different Master Passwords, but decide what account is needed when unlocking by entering that Master Password at the lock screen.

    Let me know if that works or if I've misunderstood and you're already using the same Master Password.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • Manaburner
    Manaburner
    Community Member

    Hi @beyer

    If you lock 1Password and unlock it using the Master Password from the EU account, are you then able to see it unlocked and the vaults you expected?

    Yes, when I'm using that master password, the EU vaults are unlocked and visible

    I'm sorry, I really missed that "one master password for all accounts" part on that post.

    You're right, I'm not using one master password across all accounts. I assumed that the extension would work like the 1P application where one (or better the first used) master password unlocked the other accounts.

    Another option is to use different Master Passwords, but decide what account is needed when unlocking by entering that Master Password at the lock screen.

    Is the extension trying out the entered master password on all accounts until the first one works?

  • beyer
    beyer
    1Password Alumni

    @Manaburner: 1Password for Chrome works differently than our native applications. Currently, we locally store enough information for one account to unlock others.

    Is the extension trying out the entered master password on all accounts until the first one works?

    Not quite. Instead, when you unlock 1Password for Chrome we try to unlock any accounts you have added using the Master Password provided on the unlock screen. This means you could technically have two accounts with one Master Password and two accounts with a different Master Password. In this example, each Master Password would unlock two different accounts.

    I hope that helps, but let me know if you have any questions.

    --
    Andrew Beyer (Ann Arbor, MI)
    Lifeline @ AgileBits

  • erans
    erans
    Community Member

    In the original 1Password (before X) multiple local accounts would unlock with a single master password. How can this behavior work with 1Password X?

    I have my personal account (family) and a Team account (work) and I don't want them to have the same password, yet I do want them to unlock at the same time instead of having them all use the same master password (which is a different behavior in terms of implementation but the same desired user result).

  • Hello @erans,

    You're right, 1Password for Mac and Windows allow you to do this. This is not how 1Password X works, so the short answer to your question is you can't use 1Password X this way. That's not a very enlightening answer, however, so I'd like to write a short essay on why this is the case. 🙂

    The desktop apps were originally designed with the concept of a Primary Account. This account was the first one added and the encryption keys for secondary accounts would be stored within the primary one, thereby allowing us to unlock all your vaults when you unlocked 1Password. This worked regardless if the Master Passwords were the same or not.

    In 1Password X, there is no concept of a Primary Account, so we have no mechanism to do this. Instead, we simply take the Master Password you provide and try to use it to unlock each account that was added.

    There are many reasons we did things this way but the primary reason is it's how we believe things should be. Having different Master Passwords is hard. And in the vast majority of situations, there's no value to using different ones.

    The way we designed 1Password ensures that you are the only one that knows your Master Password: it never leaves your device, even in a team or business environment. And when combined with your Secret Keys (you'll have a unique one generated for each account), the actual Master Unlock Key that gets derived from your Master Password will be different for each account.

    This allows you to use the same Master Password for all accounts, without needing to worry that your business may find out your personal account details, or vice versa.

    Since launching 1Password X nearly one year ago I've only found one use case that stymies this approach. I heard from one user who was required to provide their Master Password to their boss "for safe keeping". I tried to explain that this was simply not required with 1Password as account owners and administrators can recover locked out accounts (without ever revealing your Master Password), and this user agreed with me entirely. But then proceeded to say his boss wasn't interested and required the information anyway.

    Other than this one use case (which I'd argue is an incorrect one), using the same Master Password works incredibly well.

    I hope that helps explain our reasoning for designing 1Password X this way.

    Take care,

    ++dave;

This discussion has been closed.