To protect your privacy: email us with billing or account questions instead of posting here.

Separate password and vaults for less trusted devices

13»

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @bkh: If you don't have to enter another password, whether that be for a vault or account, to access it, where's the compartmentalization? It really sounds like you're trying to have it both ways: you're asking to have a separate place to store passwords that is protected by another password, which is possible using separate accounts, but at the same time you don't want to have to enter the password in order to access it? That seems contradictory to me. I think that privilege elevation is a great example, but unfortunately it illustrates the complexity inherent in what you seem to be asking for, which is problematic for most users. Otherwise everyone would be using Unix. But again, even if we explicitly go that route (implicitly this is already supported with multiple accounts) isn't the point that you'd need to enter another password to access something else? Yet you say, and rightly so, that it isn't user-friendly.

  • AGAlumB
    AGAlumB
    1Password Alumni

    You have stated that you, a 1password Team Member, do not believe in (or use) a one password solution:

    @stenico: No. :lol:

    It would be brilliant if you could advocate for 1password to facilitate a context-specific security model within a single membership.

    We do: 1Password Families, 1Password Teams, and 1Password Business.

  • stenico
    stenico
    Community Member
    edited August 2018

    @brenty

    No he did: please see Ben's earlier comment:

    There is a way to do what you’re asking. It can be achieved by using multiple accounts / guests within a membership and/or separate memberships. To loop back to your example of sensitive work information... I don’t store that in my personal 1Password membership. I have a separate work membership for that. Even with my avocation (volunteer fire department) I have a separate membership to maintain the information for that context.

    Ben, who is a 1Password Team Member, is clearly therefore relying on different passwords (i.e. more than one) to secure information in a context-appropriate manner. Like any rational person would/should.

    My comment (which you have mis-quoted) was in reference to a single personal membership:

    "It would be brilliant if you could advocate for 1password to facilitate a context-specific security model within a single personal membership"

    IMO no responsible security company should be advocating for individuals to store all of their confidential information behind a single password.

  • Ben
    Ben
    edited August 2018

    Ben, who is a 1Password Team Member, is clearly therefore relying on different passwords (i.e. more than one) to secure information in a context-appropriate manner. Like any rational person would/should.

    I’m actually not, and didn’t say that I am. My (one) Master Password unlocks all of these memberships. But that is my use case.

    I really think the appropriate solution here is multiple memberships (and that is what I’m doing; as you mentioned). But we can certainly take your feedback into consideration.

    Ben

  • stenico
    stenico
    Community Member
    edited August 2018

    @Ben

    Brilliant thanks - making it easy/cost-effective for individuals to do this would be fantastic. Would love to be able to adopt and to recommend 1password to others.

  • AGAlumB
    AGAlumB
    1Password Alumni

    IMO no responsible security company should be advocating for individuals to store all of their confidential information behind a single password.

    @stenico: Then why are you using an app called "1Password"? :lol: In all seriousness, there is nothing wrong with using a long, strong, unique Master Password. It's actually a better option than using multiple passwords in most cases because you can use a stronger one by virtue of not needing to remember and type more than one. A single 20 character password will be harder to crack than two 10 character passwords. I'm not saying this is the best solution for everyone, but it is for most people. It's totally your prerogative to use different passwords for different accounts if that makes sense for your situation. For example, some folks need to store their account credentials in a company vault as part of emergency planning, and in that case it would probably be best not to use that same password for personal stuff. But some of the sweeping statements you're making don't stand up to scrutiny in a general sense, even if they may be a good fit for you personally.

  • Brilliant thanks - making it easy/cost-effective for individuals to do this would be fantastic. Would love to be able to adopt and to recommend 1password to others.

    :+1: :)

    Ben

  • stenico
    stenico
    Community Member
    edited August 2018

    @brenty

    I'm not using it, but only for the sole reason that personal memberships do not allow for context specific security credentials.

    Ben has context specific credentials, if not context specific passwords, which amounts to the same thing (although it would be much more secure for him to have different passwords for his different accounts!).

    I'm advocating for this because I would very much like to subscribe and support 1password. Please do try to focus more on enabling good security and less on the name of the App.

    Please see my first comment which explains why there is in fact a lot that is very wrong with using a single set of credentials (which Ben clearly agrees with).

    IMO you really, really do not need to advocate the literal interpretation for 1password to be successfull. It is successfully because (1) it is a good security model (at least encryption wise) (2) it is good software and (3) it has good support!

  • stenico
    stenico
    Community Member
    edited August 2018

    @brenty.

    Also please note that in your comment above you have [edit: apparently inadvertently, see below] mis-quoted me. My comment actually reads:

    "It would be brilliant if you could advocate for 1password to facilitate a context-specific security model within a single personal membership".

  • Thanks for the kind words and for the continued feedback on this. :)

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @stenico: Oh that's not fair. I copied the text directly from your post. You must have changed that after the fact. I don't think that counts as misquoting you. :tongue:

    Anyway, thank you for your passion and dialogue on this subject. While we do believe that this is the best solution for most people based on thousands of messages every day, certainly there are others as well and we recognize that there is no one-size-fits-all solution. So it definitely helps to get other perspectives — even if we're not always able to accommodate everything explicitly. :chuffed:

  • stenico
    stenico
    Community Member
    edited August 2018

    @brenty

    Apologies if that is indeed the case (last edited time of my post 6:17, time of your post 6:19, but I guess you can have started writing your reply before then).

  • stenico
    stenico
    Community Member
    edited August 2018

    @brenty

    I also encourage you to consider that "thousands of messages" does not necessarily mean "best solution".

    Just because people were happy driving cars before the invention of seatbelts, it does not mean that seatbelts are not a good idea.

  • I also encourage you to consider that "thousands of messages" does not necessarily mean "best solution".

    Of course, which is why we don’t decide which features or concepts make it into 1Password democratically. Certainly customer feedback is important and is one of the primary factors we consider, but it isn’t the only one. :)

    Ben

  • bkh
    bkh
    Community Member
    edited August 2018

    If you don't have to enter another password, whether that be for a vault or account, to access it, where's the compartmentalization?

    @brenty,

    I was thinking that elevating privileges in 1Password would require me to give another master password. (I don't find it burdensome to remember 3 different master passwords.) So I guess that's more like su than sudo, if that's your meaning.

    But my current 1Password arrangement seems to require that I use the OS to log into a different user account, where the more privileged 1Password secret key is stored (because I don't want to have to type that in) and then enter the master password there. Maybe it would be possible instead to launch a completely different browser, but that's clumsy in a different way. And that elevated privilege family member account needs a different email address, because 1Password families doesn't permit multiple accounts to have the same password; this is considerably more burdensome than just needing to provide a different master password.

    If 1Password would store a few secret keys on the device, within one OS account and browser, it could be possible for 1Password to try them in succession to find the one that works in combination with an entered master password. The presence of 3 secret keys in this OS user and browser means that this device and user are allowed to present the master passwords for vaults of 3 different sensitivity levels. That's just thinking aloud, it's not a well-considered design or anything.

  • 1Password X does that. Might be worth checking out.

    Ben

  • bkh
    bkh
    Community Member

    Thanks for the tip.

  • prime
    prime
    Community Member

    That said, you could create separate accounts within 1Password Families for different things if you really want to. For example, I know @prime mentioned using a guest account for data that needs to be accessible on a family (media center?) computer, so that a compromise there won't compromise stuff in any individual's account. Adding this kind of additional complexity by default for all 1Password users is not a solution: remembering multiple passwords is what most people came to 1Password to get away from. But you can do this yourself if you wish.

    Yup, I did this and it is a big help! It has Netflix and other passwords that the whole family uses on a computer that the whole family uses. A guess account that I (or my wife) can control from our main 1Password accounts, but my daughter can also access these too. Using a guess account for this makes stuff so easy.

  • You're most welcome bkh. :)

    Ben

  • Thanks for sharing @prime. :)

    Ben

  • stenico
    stenico
    Community Member

    @prime

    Adding this kind of additional complexity by default for all 1Password users is not a solution: remembering multiple passwords is what most people came to 1Password to get away from.

    Nobody has asked for this to be added by default. Rather, we would simply like the possibility to be able to add an additional layer of security to subsets of (more critical) credentials. This would mitigate the "all eggs in one basket" issue that is a clear security risk. The option [to password protect vaults] used to exist and was removed, not because it was a problem for users, but because there was an issue with the technical implementation.

    But you can do this yourself if you wish.

    Yes, if you would subscribe to a team or family plan there is the somewhat "clunky" workaround of using multiple accounts. But if you would purchase a personal subscription you are stuck with all of your eggs in one basket, and hence a single-point of failure.

    It is clear from the comments from @Ben and @Brenty that 1password (quite-rightly) encourages separation of different sets of passwords into different accounts (that are accessed with different credentials and hence mitigate against a "single-point of failure").

    It would simply be nice if they, in their infinite kindness, would enable similar good practise for personal subscriptions (e.g. by at least allowing 2 accounts/subscription, if not by adding back per-vault passwords) rather than using this weakness in the (already relatively expensive) personal subscription model to up-sell more security conscious individuals to purchase team/family plans.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited August 2018

    @stenico: It looks like you're replying to prime, but I believe you're actually quoting me.

    It is clear from the comments from @Ben and @Brenty that 1password (quite-rightly) encourages separation of different sets of passwords into different accounts (that are accessed with different credentials and hence mitigate against a "single-point of failure").

    Actually our general recommendation is to use a single long, strong, unique Master Password. But certainly there are some cases where using separate accounts with different Master Passwords is beneficial.

    It would simply be nice if they, in their infinite kindness, would enable similar good practise for personal subscriptions (e.g. by at least allowing 2 accounts/subscription, if not by adding back per-vault passwords) rather than using this weakness in the (already relatively expensive) personal subscription model to up-sell more security conscious individuals to purchase team/family plans.

    Sarcasm notwithstanding, kindness is not a sustainable business model (or you would be purchasing all of the plans we offer out of the kindness of your own heart ;) ). We're happy to offer kindness for free when helping people, but the only reason we're able to spend our time responding here is because we have customers who pay us for our products, which allows us to not work full time somewhere else. Would you be willing to pay more for a special "personal" subscription that offered you the ability to use different Master Passwords, etc?

  • stenico
    stenico
    Community Member

    @brenty

    If you use 2 accounts with the same master password then it is my understanding that you are in fact using a different set of credentials. This is because your mandatory second password (the “secret key”) will be different - I think I’ve read somewhere that it is automatically generated per-account and cannot be user set?

    Given that one well-known competitor currently offers somewhat similar functionality as your personal subscription gratis - i.e. one secure syncable basket - it could be considered smart buisness to add a meaningful differentiating feature. I, for one, would then be happy to subscribe to it.

    I would not spend time advocating this to you if I did not think (1) that 1password is a company that makes an excellent product and is worth supporting, (2) that there is a clear gap in the market for this, (3) that most importantly, such a feature - an [optional] “top-secret” basket within the basket - would significantly improve online security for many people. It would be analogous to having a safe inside your house. If the house keys get stolen, your most valuable documents have a far better chance of remaining secure.

    Anyhow, thanks to you and Ben for the replies, I’m ducking out at this point but will watch with interest to see how the product develops.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @stenico: I don't see where I said anything about different credentials, only that some people use different Master Passwords for some accounts, but you're not wrong. I think the Secret Key is beside the point though because it's not something people really use on a day to day basis, and its function is to protect users against attacks on us.

    We have no intention to compete with free since that isn't sustainable without getting the money somewhere else: whether that be selling ads, selling user data, or selling out, we're not interested. And, as you mention, there are options in that space already.

    I disagree with the house/safe analogy because someone can just break the door or window, but I sympathize with how hard it is to come up with a good analogy for this stuff! ;)

    Anyway, switching to a family or team plan would allow you to do what you're saying you want to, and yes, that would cost you money to use it because it costs us money to build and maintain. It's either important enough to you to pay for it or it isn't. I don't think it's reasonable to expect us to build a custom solution for you for free. I'm sorry that isn't the answer you're hoping for, and I appreciate your passionate feedback on this topic, but we do feel that it's important for us to charge sustainable prices for our products so we can continue to improve and support them. And if 1Password isn't a good fit for you right now, perhaps in the future we'll be able to offer other benefits that will make you feel its of value to you. :)

  • klaas
    klaas
    Community Member

    I really would love to see 1Password offer an easy solution for at least two kinds of security levels.

    I'm not sure which is easier for me to teach to my brother (who's a doctor btw, but not interested in how computers work):

    a) You have to be really really careful with the devices where you use 1password on, because your banking information might leak.
    b) There are two master passwords (one for really important stuff like banking and the other one for Facebook and alike).

    I really like 1Password and I am a long time customer, but I would never recommend my brother to store any banking details in it. He only does banking at home, but he uses 1Password on a lot of different devices and in a lot of different places.

    What I'm currently doing myself is storing manually encoded AES+base64 encoded secure notes (e.g. my private GPG, but still with it's passphrase set). But that would be way to complicated for my him.

  • AGAlumB
    AGAlumB
    1Password Alumni

    a) You have to be really really careful with the devices where you use 1password on, because your banking information might leak.

    @klaas: What do you mean? The data is encrypted on disk unless you decrypt it by entering the Master Password and accessing a specific item. And 1Password never fills into a webpage without user interaction. That's very intentional. How would it "leak"?

    b) There are two master passwords (one for really important stuff like banking and the other one for Facebook and alike).

    Then people have to remember two Master Passwords. That kind of defeats the purpose of 1Password's existence: having only a single long, strong, unique Master Password to remember and type. One good password is easier to deal with than two, and having to remember and type more than one will result in most people using weaker ones which are easier to remember and type. Taking two not-so-great passwords and combining them into one will be more difficult to guess than each of them separately. Food for thought.

    I really like 1Password and I am a long time customer, but I would never recommend my brother to store any banking details in it. He only does banking at home, but he uses 1Password on a lot of different devices and in a lot of different places. What I'm currently doing myself is storing manually encoded AES+base64 encoded secure notes (e.g. my private GPG, but still with it's passphrase set). But that would be way to complicated for my him.

    I'd really like to understand your reasoning behind this. Maybe there's something specific to your use case that I'm missing. What is the specific threat you're trying to defend against which you don't believe you can using 1Password?

  • klaas
    klaas
    Community Member

    @brenty: We don't have to open up the discussion, I can see the rationale behind the current 1Password product and the use case for many customers. I just wanted to voice my opinion as a long time customer.

    [... your banking information might leak ...]

    What do you mean? The data is encrypted on disk unless you decrypt it by entering the Master Password and accessing a specific item. And 1Password never fills into a webpage without user interaction. That's very intentional. How would it "leak"?

    I did not say that the architecture or implementation of 1Password causes the leak. I does leak because he is actually not careful enough while using 1Password. Eventually co-workers will know his one master password and they will get access to his computer, because he does not always lock his computer.

    Neither does 1Password force him to use a strong master password. I just created a new 1Password account and was able to use 123123123123 as the master password. I'm quite sure his master password is not ideal.

    I used the term "leak" because he will not be able to see that someone had a look at his passwords.

    Then people have to remember two Master Passwords. That kind of defeats the purpose of 1Password's existence: having only a single long, strong, unique Master Password to remember and type.

    I don't think people can only remember one password.

    (Not the use case of an average customer: Importing a standalone vault requires the master password that was chosen at creation time.)

    I'd really like to understand your reasoning behind this. Maybe there's something specific to your use case that I'm missing. What is the specific threat you're trying to defend against which you don't believe you can using 1Password?

    I'm afraid of someone hiding a GoPro in a shelf next to my computer, capturing my master password and then using it the one time when I did not lock my computer. An easy attack that needs no special skills or root level access to my machine.

    Again: I really like 1Password as a product and I'm glad to be a customer. I don't want to restart this thread. Just giving my vote on this topic.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Ah, I see. Thanks for elaborating, and for taking the time to share your perspective. :)

This discussion has been closed.