1P Browser Ext. only unlocks 1 account -- forces opening desktop client to unlock others
I think I may have encountered a usability bug -- for some context, I have multiple accounts configured on my laptop -- both work and personal.
When needing to login to a secured site and the browser extension is in a locked state, pressing the icon asks to unlock no problem. However, the second account does not follow the same workflow, and there does not seem to be any way to unlock the account from the browser like in prior versions.
It requires starting the desktop client, logging into the first account a second time, then selecting the locked account from the "All Accounts" drop down before it prompts to unlock the second.
This problem occurs both with v7 and v8 of the desktop client. It seems to be a problem with the new version of the browser extension?
MacOS Big Sur
Desktop client - v8
Firefox w/ Extension
1Password Version: 8.7.0
Extension Version: 2.3.2
OS Version: Not Provided
Comments
-
Hi @mdaize,
Thanks for contacting us.
May I confirm if your two accounts have different passwords, I strongly recommend changing them to the same one for convenience? Here's a helpful discussion on our community: Two accounts - now needs two different passwords every time you login? — 1Password Support Community
As mentioned in the discussion above, the 1Password 7 for Mac can currently unlock two accounts with different passwords at once. However, for our future development and safety measures. The 1Password 8 and the extension in the browser will need to unlock each account separately when they have different passwords.
Therefore, can you change your account passwords the same and test it again?
0 -
That is correct -- they are in fact different passwords. In the interest of preventing re-use (in addition to work being able to force-reset my master password), I prefer to keep separate master passwords. If it matters, one is a 1Password .com domain, the other is .ca.
My concern is that the workflow is fragmented and the extension does not even offer the ability (via button or otherwise) to unlock additional accounts.
0 -
@mdaize Thanks for your confirmation on the different account passwords.
I'd assume the 1Password in your browser is integrated with the desktop app.
As shown in the screenshot below, if you click the locked account in 1Password 8 desktop app, you should see the prompt to enter the account password to unlock. The account should be unlocked automatically in the browser as well.
0 -
Yup! That's how I unlock it presently -- the issue is that I am unable to unlock the second/additional accounts UNLESS I open up the desktop app.
It's counter-intuitive and arguably a design anti-pattern to have the browser app prompt for password of one account, but won't do it for any others.
0 -
Is it safe to assume that 1password won't address this limitation? Effectively forcing me to share my master password between multiple different 1password accounts?
It is very annoying to have to constantly re-open the desktop app in order to unlock the second account -- but I have zero desire, as a security-conscious customer, to re-use master passwords anywhere.
0 -
Hi @mdaize:
We'd recommend using your account password for any accounts you may have. The main reason password reuse is usually bad is every service you give a password to provides another opportunity for it to be exposed. The other is that the potential negative outcome is multiplied by each account you use the same password with if that password is exposed. 1Password account passwords aren't given to us, in fact they never leave your local devices, thanks to the power of Secure Remote Protocol. As such using the same account password for multiple 1Password accounts doesn't come with the same risk as using the same password for two different services that do store the password. In the case of 1Password, your password is no more likely to be exposed because you've used it with multiple 1Password accounts. Additionally, our use of the Secret Key means that while two accounts may share the same account password, their cryptographic key material will be entirely different, as each account has a unique Secret Key.
With all that said though, version 2.3.3 of 1Password in the browser now offers the ability to trigger an unlock of a locked 1Password account right from the account menu:
Let me know how you get on with that!
Jack
0
