Two accounts - now needs two different passwords every time you login?

With the old version, I was able to have a personal account and a business account. Once I connected them, I only had to use my personal password going forward. Now it looks like I have to enter a password for each account every time I restart my computer?

Is there an option to go back to how it used to deal with accounts? Or am I missing somenting?

«13

Comments

  • Hello @capsule,

    At the moment, we can unlock all accounts at once using touchID. If we use the master password, 1Password indeed only unlocks the account with the correct master password.

    I can't tell if the final release would allow users to unlock all accounts at once using one master password or for security reasons. The Security team decides it would be best to allow users to unlock only one account at a time. However, I would be happy to know your preference to send to the dev team for further consideration.

    Best regards,

    Nhat Nguyen.
    https://support.1password.com/

  • To add to what my colleague Nhat said, our official recommendation here is:

    When you’re invited to join a team, you’ll be asked to create a Master Password. Because you already use 1Password, enter the Master Password you already use.

    Then you’ll be able to unlock the 1Password apps with your one Master Password to see the information in all your accounts.

    If you signed up with a different password, you can change it.

    (from https://support.1password.com/multiple-accounts/#use-your-master-password-for-all-your-accounts)

    I hope that helps!

    Ben

  • capsule
    capsule
    Community Member

    I have a long password for my personal account and our company has a long password for our main account. This sounds like a major step backward as far as usability. When I am online, I need access to both accounts. When my computer sleeps, that means I am forced to re-log into my accounts two times - again and again.

    I have been a 1Passwrod user for so long and having dual accounts worked flawlessly. It is one selling point that I recommend to many people. Why change something that was not requested by your userbase? Why not at least give the user the OPTION to turn this "feature" on or off? Let the user have a choice and let them balance security with convenience - just like you do with password recommendations or auto-lock toggles?

    @Ben, the link goes to the current version - not the beta. I am a little confused, will the new one eventually have the abilitiy to have two accounts or will we be forced to enter multiple passwords? What is the difference between an invite and entering all the account info?

  • ShakataGaNai
    ShakataGaNai
    Community Member

    @Nhat_Nguyen This is absolutely unacceptable.

    That is a BIG freaking nope. Give us the choice, not your security team. They do not know all our individual use cases or our risk preferences. Heck it may be individual per computer.

    Not being able to unlock all accounts, at least as an option, is a deal breaker for myself and my companies. There is absolutely no purpose to 1password offering free family accounts for business if you make it so difficult to use. I encourage all my users to setup their own account so they can store their secrets securely and be a good internet citizen - AND its so easy, right? They open up 1password with ONE Password, they can access their company secrets and their personal.

    If you make this change, then please rename your branding to something like PolyPassword, because it will require MANY passwords to use. The users will continue to use it for business because they have to, mostly, but they most certainly will not unlock it twice in a row just to get at their personal stuff too. That means either they'll stop using it for their personal stuff, or they will start storing that stuff in their business private vault - which will absolutely suck for them when they leave the company and lose access.

    Also for users like myself that have access for a half dozen or more 1password accounts, this is absolutely game breaking. It's my desktop computer, in my office, in my house. It's freaking secure. Don't tell me it's not secure enough that I have to enter 6 or 12 different password to access all the data I may need to access.

    I don't care about the electron drama, or the search sucking. But this absolutely is a hill worth dying on. I've been a loyal 1password customer for long enough that I've still got "Early Earl" launch special pricing (for my personal account, all the business accounts I pushed to get setup pay full price). But I'll toss that all of those go to another service if you tell me I need unlock my 1password with six different passwords.

    PS. TouchID doesn't help Windows.

  • topher1078
    topher1078
    Community Member

    Yeah - I'm really confused by this as well. I opened up 1P8 (I have a personal and business account). I entered my personal master password, as I have done for years in 1P7, expecting to see everything. With 1P8 - I only see my personal information, not the business account. Moreover, there's no indication I'm only seeing my personal account. If I try searching for an item in my business vault I know to be there, there's no indication I won't find it.

    This carries over to the Safari extension as well - I start searching for items I know should be in my business account, and nothing appears. The only indication I can see that shows I'm not logged into both is clicking the "All Accounts" dropdown from the main 1P8 window and seeing that there's still the lock icon over the business account.

    Is that what is supposed to happen? If so - that seems like a huge regression? I will often go for a long while without opening the 1P app, and just use the browser extension. I don't see any option to log into both my personal and business account from the extension and no indication that I'm not logged into one. For example, I'm trying to autofill items I know are in my business account and the extension is just not finding them. And as far as I can tell, there is no way to actually log into the business account from the extension without going into the extensions settings.

    I can't imagine this is the intended behavior - if there's any logs or some such I can send over please let me know.

  • @capsule

    The recommendation of using the same account password for all 1Password accounts is the same in v7 and v8. It hasn't changed. The difference is that 1Password 7 will unlock all accounts, even if they have different passwords, whereas 1Password 8 selectively unlocks accounts based on the password entered.

    @ShakataGaNai

    You can still unlock all of your accounts simultaneously in v8 by using the same password for all of them. They will each still have their own unique Secret Key to protect against the normal threats caused with password reuse. "Touch ID" may not be a thing on Windows, but we do support Windows Hello and the various unlock methods that exposes, including fingerprints.

    @topher1078

    That is the intended behavior. If the accounts have different passwords then the only one that will unlock is the one with the password you entered. As mentioned above you can limit or expand which accounts are unlocked by setting their account passwords to be the same or not.

    There are a few things you alluded to that I think we can look at more closely:

    1. How to unlock additional accounts after initial unlock
    2. Showing which accounts are locked/unlocked

    I hope that helps!

    Ben

  • capsule
    capsule
    Community Member

    Set up the SAME password for multiple accounts? Sorry, I think I am totally missing something. That would give every sing employee access to all my personal passwords and confidential information. I am surprise that is was even suggested.

  • ShakataGaNai
    ShakataGaNai
    Community Member

    @Ben
    I'm sorry, I can't tell if your suggested workaround is supposed to be a joke or not, I know things are fairly tough in here these days. What you've suggested is that we use a single password for multiple accounts. One of the very terrible security practices that 1Password is supposed to solve, is the re-use of passwords. In fact one of the features you advertise repeatedly on the website is "(1Passwords will) Identify weak or duplicate passwords,"

    Your suggested "workaround" goes blatantly against this and I'd never recommend it to my users. I have a number of 1password accounts, as previously stated, and all of them have unique passwords.

    The Biometrics are handy, but not a solve all. I cannot tell you the number of times I have had to manually unlock 1Password on my iPhone. At least once every day or so. Very annoying, but I'll consider it the price of security. Now entering 6 passwords every day? Heck no.

    Again I repeat my statement.** Let myself or my business admin decide what our companies risk tolerance is for account unlocks**. Your security team is great, I'm sure. But they will always suggest things be done in the most secure way possible - that's their job (I know, I work in security). That doesn't mean it's user friendly. Or necessarily even the most secure in the grander scheme of things. If I want to allow my users to unlock their personal vault from the business password, that should be my choice - not your security teams. Or if I want them to use any of their passwords to unlock the business vault - same thing. If you're going to change how it works, give us the tools to decide and make good choices for our user base.

    Along with a number of other things in 1Password 8, you've made a huge unilateral change that wildly effects a large number of users. With seemingly no desire for input from the community.

  • Could you help explain further how using the same Account Password would give your employees access to your data @capsule?

    Each account still has its own unique Secret Key, which would rule-out anyone but yourself being able to access your data, even if they knew your Account Password.

  • Ben
    Ben
    edited August 2021

    Set up the SAME password for multiple accounts? Sorry, I think I am totally missing something. That would give every sing employee access to all my personal passwords and confidential information. I am surprise that is was even suggested.

    Are you sharing an account with your employees? The recommended solution here is to have each employee have their own unique account, with their own account password and Secret Key, within the 1Password Business membership. This guide may help:

    Administrators: Get started with 1Password

    And then employees can also have their own entirely separate membership, at no additional cost, to store their personal data:

    Get a free 1Password Families membership when you use 1Password Business

    These accounts can have the same password, and doing so wouldn't expose any risk of the business having access to personal data.

    Ben

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    I understand that what is happening in 1Password 8 is a big change for some people and will take some getting used to, but it is a good change. What exists for versions of 1Password prior to 8 is a bit of a mess. (It is slightly different for different platforms, but I will use 1Password 7 (and prior) on Mac as my reference example.

    In the beginning there was one vault

    When 1Password was first designed more than a decade ago, it supported one vault. This one vault design persisted through the Agile Keychain and OPVault formats. Accounts didn't exist back then, and so in that context "vault" and "account" were really the same thing.

    And it was good. Well it was good until people wanted to share certain items with family members or colleagues. But it turns out that people do want to securely share sets of items among colleagues and family members. Who knew?

    Some users found ways to cobble together some sharing techniques. These were expert users, who had a strong sense of how data synchronization worked and where data was located and how to get 1Password to read data from different locations. We cobbled together some things to support these expert users, and supported multiple vaults being unlocked at the same time.

    The Primary Vault

    There were no Secret Keys in these days, so there were more reasons to have different master passwords for different vaults. But most of the people who were doing this multiple vault thing, just wanted to unlock 1Password once. So what we did was designate one of their vaults as their "primary vault". Unlocking the primary vault, decrypted keys that could be used to unlock the other vaults. So for secondary vaults, you only needed to give their master password when you first set of synching to that device.

    For a while we even had some UI controls so that people could select which vault would be their primary vault. This just created user confusion and didn't last long. So instead we had a complicated set of instructions that involved removing vaults and setting them back up again to switch primary vaults for the few people who wanted this. Getting master password changes to propagate in a sane way was a tricky thing for primary vaults; it it was even worse for secondary vaults.

    Anyway, this worked for expert users. They might even sync some vaults over different channels than they synced other vaults. They understood the relationship among their various vaults.

    1password.com

    For reasons that should be clear from the above and many others, that system of synching and sharing just wasn't going to scale. It didn't have the security properties that we and our users expected and it was simply hard for people who didn't understand synching in some detail to manage. We launched the 1password.com service beta in late 2015, with full launches for families, teams, individuals throughout 2016. To make the transition as seamless as possible and support a mix of 1Password.com accounts with all of the other ways people were synching their data, we kept the notion of primary vault.

    The notion of primary vault doesn't make sense when we move to well-defined accounts. And with the mix that people had, the primary could be a primary account or it could be a primary "local" vault. This was getting less coherent by the day. But we couldn't change it, given the mix of accounts and vaults that people had. Using one set of rules for accounts and another for vaults would have been more confusing.

    Account password policies

    Some of our customers needed to have password strength and complexity requirements on the account passwords for the members of an account. Often times, those requirements were imposed by auditors, insurers, regulators; but whatever the source and wisdom of such policies, those customers very correctly wanted to know that people were unlocking those accounts with passwords that conforms to their policies instead of through whatever people do with unlocking their primary accounts.

    Even without that need, the whole notion of primary account had to die. The 1Password 8 scheme is the right approach.

    No account is unlocked without its account password

    Suppose you are a member of five different accounts. No account is "primary". No account contains keys that can be used to unlock the other accounts. Suppose also that you use the same account password for A, B, and D, but you use a different account password for C and E. Should C and E unlock when you only use the account password for A, B, and D? Should A, B, and D unlock if you give your account password for C? Should unlocking keys for E be buried in account A? Should we tie ourselves to a design decision that was made ten years ago for experts who were setting up tricky synching situations?

    Obviously, I think that the answer to all of those rhetorical questions is "no." Just as obviously, some people who will be reading this will disagree. But if you disagree, I'd like you to think about what would make the most sense for multiple accounts if we were starting from scratch and did not have a history of unlocking through a mysterious primary account.

    Making a change

    Whether or not what we did with primary vaults ten years ago was a good idea at the time, it is simply not appropriate today. But yes, this does mean real changes in some people's habits and workflows. And that will be annoying. But come back after three month of using the new system and look at this discussion again. I hope that we will all find that the new behavior makes a lot more sense and feels natural and comfortable.

  • Using the same password everywhere seems to be go against the premise of 1Password — always use unique passwords. However, in this case, it is completely safe and we recommend it. Most of the websites either store your password or a hash of it.

    1Password doesn't do that. When you type the password, it is combined with the Secret Key and then processed through the derivation function to create both encryption and authentication keys. This is a one-way operation, there is no way to obtain your account password from the authentication key.

    The password never leaves you device. You can use the same account password everywhere and be 100% sure that it is safe.

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Thank you @roustem. I see that in the course of the long history lesson, I forget to actually answer the question about the safety of using the same account password for multiple 1Password accounts.

    Do not use a password that you use for something other than 1Password else as an account password, but the kinds of attacks against typical login passwords doesn't apply to 1Password. The (analogue of) the hash that we store is truly uncrackable (your Secret Key takes care of that) and no secrets are transmitted during sign-in (SRP takes care of that). So it is perfectly fine to put all of the accounts that you want to unlock together under the same account password.

    Mixed messages

    Quite honestly we would much rather not have to say, "never do X. Do X in our special case." But the alternative would have been to continue with the whole "primary vault" business, which introduces its own problems. We also try to make 1Password sign-in look familiar to people, and that means obscuring how radically different it really is from signing into a typical service. So thank you to everyone who has asked whether we are giving mixed messages and for the full story. It is an excellent question.

  • shadcollins
    shadcollins
    Community Member

    This seems like a really stupid decision on Agilebits' part. My wife has my 1password account in case something happens to me but I can't go through and set up all my clients' accounts to use the same password as it would violate my contracts with them.
    I think the development team really didn't think this through.
    It is also impossible to explain to a Board how this is secure. I always recommend 1password when I go into a new client but with the advent of version 8, I really can't do that.

  • shadcollins
    shadcollins
    Community Member

    The other issue is just the fact that 1password recommends using the same password across accounts will make people question the competency of the architecture. If you guys recommend this one bad practice, what did you do in the code that no one can see?

  • shaywood
    shaywood
    1Password Alumni

    @shadcollins In your case, our recommendation would be for you to use the same password across all of the 1Password accounts you own, while each of your client's would set their own unique password for their account, which they could reuse with any other 1Password accounts they have. As @jpgoldberg discussed earlier, this is safe because each account has a unique Secret Key that is combined with the password, effectively making each password unique. In addition, our use of SRP means we do not store a representation of your password on our server, like most other companies, so an attacker cannot crack your password if they were to compromise our server.

    1Password goes to great lengths to demonstrate the security of our product including providing a white paper that details how our system works and documents the shortcomings of our system. In addition, we conduct routine third-party penetration tests and regularly publish the results. You can read more about how we handle security here.

  • shadcollins
    shadcollins
    Community Member

    There is no way I can justify using a single password for all my clients, There is no way I could explain to a client that oh it isn't awful practice because you see 1password does this unique thing you have never heard of that uses a secret key and.... do you see how ridiculous this sounds?

  • shaywood
    shaywood
    1Password Alumni

    @shadcollins I think I may be misunderstanding your particular use case. Are you creating and managing 1Password accounts for each of your clients?

  • shadcollins
    shadcollins
    Community Member
    edited December 2021

    @shaywood I have clients that I have put 1Password into and I have an account into their systems. I don't understand why Agilebits changed this functionality, didn't call it out as a huge red-flag related to a major change. I also don't understand how you guys/gals think telling people to set their passwords to the same thing is going to fly with an IT audit.
    Before my fingerprint or Hello(Windows) would unlock things and now it doesn't. I have to log into everything individually. This is a nightmare to manage. I think the team didn't think this through at all before they decided to change everything.

    I have been using this product for 11 years and I have never seen a build like this come out before.

  • Hi @shadcollins:

    Touch ID or Apple Watch on macOS, or Windows Hello on Windows will still be able to unlock all of your accounts, but that does require that each account is unlocked first with an account password prior to being able to unlock that account using Touch ID / Apple Watch / Windows Hello after starting 1Password.

    Jack

  • shadcollins
    shadcollins
    Community Member

    @jack.platten I'm not seeing that behavior on Windows. I had a company account manually. I had no idea it was even locked. I couldn't find a password and then went to the vaults and it showed a lock beside it. I was like what the heck is this?? Then I clicked it and it prompted me for the password. It didn't do that before.

  • shadcollins
    shadcollins
    Community Member

    @jack.platten It also doesn't help that there has been zero justification of why this was changed. It feels like development just decided to change it with no thought as to how it would impact anyone.

  • Jack.P_1P
    edited December 2021

    @shadcollins:

    As I mentioned, if you're using multiple account passwords for various accounts, unlocking all of them at least once with your various account passwords will then allow you to use Windows Hello to unlock all these accounts.

    In this example, my Jack Platten account, and my Platten Family account use the same account password, while the Wendy Appleseed account is using a separate account password. When I initially unlock 1Password, using the account password for my two actual accounts unlocks both of them, with the Wendy Appleseed account needing to be separately unlocked before I can use Windows Hello (in this case just a PIN, but a Hello fingerprint or face device would work just the same) to unlock all three accounts simultaneously. This behavior would be the same using 1Password 8 for Mac, just with Touch ID or Apple Watch unlock instead of Windows Hello.

    Jack

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    It also doesn't help that there has been zero justification of why this was changed. It feels like development just decided to change it with no thought as to how it would impact anyone.

    The main reason for this change is that this new way makes sense. It isn't what we've grown used to, but it really is far more coherent than the sort of kludge that evolved over time with "primary accounts.

    Suppose Patty has two accounts. One of them is her personal account and the other is with her job at the DIA (Dog Intelligence Agency). Patty does not want account PW unlocked most of the time, but she does want PP unlocked most of the time. In particular, she doesn't want the unlocking of the two accounts in lockstep. (All puns intended.) So. what does she do? She sets up a different account password for each. (Many of my examples involve my dogs Patty and Molly.)

    Molly, on the other hand (paw) has a personal account, MP, and a work account, MW. She wants to unlock both with a single account password. If you (or Molly) want to unlock two accounts using a single account password it makes most sense to set the same account password for both of those accounts. This is what I meant when I said the new system makes more sense.

    Suppose also that the DIA (not being as intelligent as their name claims) insists that account passwords be changed every two dog years. (Or every four months). If Patty always unlocks her work account with her personal account password she is certainly violating the intent of her employer's policy. Probably the letter of it as well. This is just one of the ways in which Patty may want to need different account password practices for her different accounts. She most certainly does not want to change her personal account password every few months.

    Molly wants her account unlocking to be in lockstep with each other. The most natural and semantically coherent way to achieve that is to have the same account password for those accounts she wants to unlock as a group.

    The old system

    In the old system, there was a little known and poorly understood concept of "primary account." It would, on your own disk, have encrypted secrets needed to unlock other accounts. Your primary account was rarely something a user chose for that purpose, but instead was a consequence of the order in which they set up their accounts on that device. It was fairly arbitrary which account became the primary.

    One difficulty with the lack of transparency to the user about what account password was unlocking what is that users could forget that they even had a different account password for their non-primary accounts. Forgetting you have a separate password for an account is a good way to forget that password. Suppose Molly was using the old system. She regularly unlocked both her accounts with the password for her primary account on her computer. Note that "primary" may not mean the one that has the information that Molly needs the most. It just happens to be the one that she set up first on that device. She is never prompted for the account password for the "secondary" account (which might contain the most important data for her). She forgets that secondary account password and she forgets that she even has a different password for that account.

    Now suppose the nefarious Mr Talk (the neighbor's cat) steals Molly's computer, and there is no way for Molly to get it back from him. Molly also doesn't have good back ups. So now Molly needs to set things up on a new computer. She does have her Secret Keys for both accounts safely stored for such an event, but she doesn't have the passwords written down because she is supposed to remember them. She can set up her new computer and unlock what was in her old primary account, but she has no way to unlock what was under an account password that she'd forgotten about.

    This kind of problem is the result of the old system being very opaque to users. Now having a much clearer relationship between account password and the accounts it unlocks should very much reduce that problem. If you want multiple accounts to unlock when you give a single account password there is a very natural thing to do about it. You no longer have silent unlocking of accounts.

    Somewhere above I gave a bit of a history lesson. The old system was never designed for a world in which lots of users have multiple accounts. Instead it was the result of hacks and patches to a system that was originally built for individual users who would have a single vault/account. The people who started playing with multiple vaults were expert users who had to do additional tricks to synchronize data from multiple vaults. It also wasn't even consistent across platforms. Now we make it easy for people (and dogs) to have multiple accounts, and these different accounts are part of different teams and families with their own policies. So we took the opportunity to design unlocking in a way that makes sense on their own at the expense of a substantial behavior change.

  • adamjb
    adamjb
    Community Member

    So maybe have an "App Master Password" for the app itself and we can choose which vaults/accounts the app master password unlocks?

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    So maybe have an "App Master Password" for the app itself and we can choose which vaults/accounts the app master password unlocks?

    @adamjb, can you let me know what that does for you that setting all of the account passwords the same doesn't?

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    It appears that I failed to read to read carefully enough what people have written, I apologize for that.

    Sharing an account password?

    If I understand correctly (and I may still be failing to understand), some of you have a workflow in which you actually share account passwords with some clients. That is, you may be consulting for Alice and fully managing her account to the point where you, the consultant, has Alice's account password. Naturally, you would want to unlock a whole bunch of such accounts at once, but you don't want to let Alice have your account passwords for your other accounts,

    If that is what is going on (for some of you) then, yes, the new system really does break that workflow, and badly. It is easy for me to say that you shouldn't have a shared account password (and I do say that), but when a client just asks you to take care of things and doesn't want to deal with anything more complicated for them, you are kind of stuck.

    Possible work-around

    I think that there is a work-around, but it isn't pretty. On the other hand, having two people use the same account password is inherently ugly anyway. The work around is also more expensive. (This isn't some plot to get your clients to send us more money, but it may have that consequence.)

    Each of your clients need to have their membership in a non-Individual account. Individual accounts are simply not set up for sharing. Whether that is a team that you are the owner of, or whether you direct your clients to set up a non-individual account will probably depend on your client's needs. But let's suppose it is a separate account "owned" by Alice, even though you set everything up. You make yourself a co-owner of Alice's account. And you create your own membership on her account. You then set up a shared vault (or several) on that account between you and Alice. Alice keeps her own individual account password (although you will know it, you will rarely need it beyond setup). For your membership on Alice's team or family you can use the same account password that you use for all of your clients. So you can get all of those vaults to unlock with a single account password of your choosing without giving Alice and other clients a password that is used for anything other than their own account.

    Setup is a bit more complicated, and it won't really work if each of your clients only have Individual accounts, but it makes the flow more coherent. There is not going to be a pretty solution to multiple individuals using the same membership, and thus the same account password. But perhaps this work-around will work for you or at least help you come up with solutions that don't go so much against the grain of what Individual accounts are for.

This discussion has been closed.