Two accounts - now needs two different passwords every time you login?



  • speed2001
    Community Member

    Sure you will... 1pass is vastly superior in everything else. Thanks again for the reply and I will keep an eye to when the functionality is available.
    Happy New Year to you all

  • Happy New Year @speed2001 :)


  • lspeterman
    Community Member

    Not gonna lie, this creates some serious cognitive dissonance for me. I do understand the reasoning with the private key but I'm still not comfortable with my corporate vault having the same master pwd as my personal.

  • Xacto
    Community Member

    I agree with not wanting all my employees to have access to my personal information, including investments and credit cards, for a workaround of using the same password (that seems like defeating the purpose of protection). My business has been using 1Password for years, and ever since the beta, I have started looking at other options. I would not complain if I did not love your product. Why break something that was not broken? Here is a great idea; give the user the capability to turn this option on or off as a preference item. Best of both worlds - happy customers around.

  • Hey @Xacto:

    Thanks for being with us for so long! This new behavior has a few benefits. If you're using multiple unique account passwords, it helps ensure you don't forget them. With the old approach, it would have been possible to unlock 1Password for months without ever using your second account password, and potentially being locked out of your second account. Additionally, because each account password only unlocks the account(s) it goes with, it allows for administrators to ensure that their password policies are being followed. Finally, it allows for a more consistent experience. The previous behavior unlocked using the first 1Password account added to the 1Password app, and if your accounts were added in a different order across your devices, you'd end up with different unlock passwords and not know why.

    On Mac, Touch ID or Apple Watch unlock is able to unlock all 1Password accounts that have been unlocked with an account password (even if they're different), and similarly on Windows, Windows Hello is able to do that as well. We're pretty thrilled with what the new unlock behavior brings to the table, so it's unlikely the old unlock behavior will make a return, even as an option.


  • fieldsny
    Community Member
    edited May 2022

    A few comments on this:

    1. I don't even know the master passwords for some of my subsidiary accounts... because I store them in 1Password. They're 30 character random strings for increased security. Now every time I need to enter one of them, I need to remember to copy it to the clipboard (less secure) before bringing up the unlock screen (because there's no way to access passwords in an unlocked vault while that dialog is up, and then paste it.
    2. Even if I set them all to the same (weaker) password, typing the same password over and over again to unlock them again every 10 minutes is still more of a hassle, not less. Yes, there are still people using Macs that can't authenticate with Apple Watch / Touch ID.
    3. We’ve all collectively spent decades trying to get people to not reuse passwords. This really compromises that effort.
  • fieldsny
    Community Member

    "Additionally, because each account password only unlocks the account(s) it goes with, it allows for administrators to ensure that their password policies are being followed." is at counter purposes with the recommendation to use the same master password for each account.

  • fieldsny
    Community Member

    "The previous behavior unlocked using the first 1Password account added to the 1Password app, and if your accounts were added in a different order across your devices, you'd end up with different unlock passwords and not know why." is easily solved by letting the user choose which account should unlock the others.

  • fieldsny
    Community Member

    "On Mac, Touch ID or Apple Watch unlock is able to unlock all 1Password accounts that have been unlocked with an account password (even if they're different), and similarly on Windows, Windows Hello is able to do that as well. We're pretty thrilled with what the new unlock behavior brings to the table, so it's unlikely the old unlock behavior will make a return, even as an option."

    There are still millions of Macs out there that don't support this.

  • fieldsny
    Community Member

    Here's another bad real-world use case. Someone asked me if I had a password for a shared account. I searched for it in 1Password on my Mac, and it didn't come up, so I told them I didn't have it. I realized later when I did a similar search on my phone that I did indeed have it, and it was in a shared vault that was locked on the Mac. Now, "of course", you might say, "how would it know what was in a locked vault?". Which misses the point. This is actively hostile UX.

  • HenryY
    Community Member

    @roustem I currently have both Personal and Work 1Password accounts logged into my client. I'm hesitant to have the vaults for both accounts share the same password because of the following scenario. Say, I am somehow coerced of forced into surrendering the password for the work account (which is the account I do not own, and do not pay for). The secrets in my personal account would then be compromised. This seems like a true security regression.

  • roustem
    edited May 2022

    @HenryY I see where you are coming from. Please note that your account password alone, without the Secret Key, won't be enough to access the account.

    It also would be very unusual for the business to demand your password. The administrators/owners of the business account already have an option of recovering access to the employee account if necessary.

    However, the business policies are different everywhere. If you believe that your company could do something like this then it may not be a good idea to keep your personal data on the work device.

  • @fieldsny

    is easily solved by letting the user choose which account should unlock the others.

    I had to help many 1Password customers and computer users in general, including my family members. In so many cases, when prompted for a password, people have trouble understanding what password they need to enter. Adding more options would not make it easier.

    And just a few days ago, we had a customer losing their data because for many months they unlocked 1Password with the password that was different from their real account password.

  • I don't even know the master passwords for some of my subsidiary accounts... because I store them in 1Password. They're 30 character random strings for increased security. Now every time I need to enter one of them, I need to remember to copy it to the clipboard (less secure) before bringing up the unlock screen (because there's no way to access passwords in an unlocked vault while that dialog is up, and then paste it.

    I had a similar issue myself for one of the accounts that is rarely used. Quick Access (⌘⇧Space) can be very useful here.

    Someone made a suggestion to let 1Password look up the account password in already unlocked account(s) and unlock it for you automatically. Perhaps that could be a solution?

  • fieldsny
    Community Member

    @roustem I'd think allowing it to look up the account password in an unlocked vault would be a fine solution. I'd like to see that happen automatically upon unlocking. There could be a toggle in the vault password item for "automatically unlock this vault". Having to do it manually each time would still be kind of tedious (see my search problem above for why I want all vaults unlocked when I'm using the app).

  • wavesound
    Community Member
    edited May 2022

    Yes, I have multiple accounts with other families that I use to share items between. Typing in 4 passwords to get all the vaults unlocked is remarkably insane oversight. Can't we just use one account as our primary account to unlock our other accounts/shared accounts?

    Also, how come we implement the capability to unlock the app with one password on the phone app (iOS) and not the computer (macOS)?

  • TomvdL
    Community Member

    Please just make a setting if you like to unlock all accounts by unlocking one account, or just to unlock the one specific account. Having the same password for my corporate and private account is just not a solution. You really missed the point here.

  • TomFors42
    Community Member

    I have decided to downgrade to 1Password 7 until this changes. I understand the reasons for the change, but please consider having the option to enable the old functionality, or to mark passwords as being for other vaults to enable quick access. As a software developer myself I realize that sometimes my favorite features, even those that are "correct", may not be the ones my users want and I have to be able to adjust to the wanted functionality not just what I want to do.

  • BenJetson
    Community Member

    +1 for adding the option to retrieve the password for a locked account from a vault that is already unlocked.
    This could replicate the familiar behavior from 1Password 7, while providing greater transparency about how the account is unlocked and giving users the choice about whether they want this behavior or not.

    Touch ID is a nice workaround, but I also use Mac minis or MacBooks with the lid closed where Touch ID is not available.

    I also use a different Apple ID for my work computers, so my Apple Watch on my personal Apple ID is not an option for unlocking all accounts on those computers, unfortunately.

  • Kris_Shannon
    Community Member

    I will also be sticking with 1P 7 for the moment.

    I currently use very long and complicated master passwords for both of my 1P accounts but also have a standalone vault with nothing important in it which has a shorter and quicker to type master password. This is currently my primary vault under 1P 7.

    I do understand the security rationale that has been put forward as to why reusing a master password across multiple accounts is OK. It does increase the need to ensure that the secret keys are not disclosed. If I ever do move to 1P 8 and a shared master password I would first have to change my procedures for keeping copies of these keys so they are not all stored together.

  • eegore
    Community Member

    +1 for adding the option to retrieve the password for a locked account from a vault that is already unlocked.

  • PeterG_1P
    edited June 2022

    Hi folks! Thanks to everyone who has asked for this feature. I have submitted votes on behalf everyone who so requested. We appreciate your feedback on this and will continue to work to exceed your expectations. 😃

    ref: IDEA-I-866

  • valor
    Community Member

    Idea that hasn't been discussed: Use a hardware key (like Yubikey) to unlock all the account vaults.
    Example: Insert Yubikey, type master password for an account, other accounts set up with that hardware key unlock as well.

    The simpler approach is choose which account(s) get unlocked by choosing login item for that account/vault which would a broader user base

  • Thank you for this, @valor! I have submitted the idea to our development team, with thanks to you.

    ref: IDEA-I-853

  • Peter Agocs
    Peter Agocs
    Community Member

    +1 for hardware key support

  • Thanks again for your feedback, @Peter Agocs. I've added a vote on your behalf and appreciate you taking the time to explore this thread. 😊

    ref: IDEA-I-853

  • cjcodes
    Community Member

    To add a little bit to this discussion: I think we're all anchoring on a solution and the discrepancy between 1P7 and 1P8 behavior. Instead, if we think of this as a UX problem, I think we can address the security needs and reduce the toil of having to enter multiple passwords.

    I, too, agree with not using the same password across my personal and corporate accounts. However, I would propose that we can make the lives of those living in this world easier. Sure, hardware keys and Touch ID help, but my work laptop is hidden away from my main desk.

    So instead, I would propose that y'all consider this to be a UX problem. The main issue I run into is that, once I enter a password to log in to one account, 1P8 thinks I'm done. It's not until I need a password from another account that I then realize I haven't logged in yet, and that UX is clunky. Instead, I would prefer the option to enter all of my main passwords at once when 1P launches for the first time. This UX pattern already exists: y'all do it when migrating from 7 to 8: there was a popup box that let me log in to both accounts before clicking "Done."

    This, while clunkier than 1P7's approach, still solves for the "why are my credentials not showing up? oohhh, because I'm not logged into that other account yet."

  • FWest98
    Community Member

    I would be in favour of all three suggestions posted here:

    • Allowing 1P to unlock other accounts based on stored credentials in the first account. This solves the "client" issue
    • Allowing 1P to unlock all accounts using a hardware security key; I would very much be in favour of that
    • Having an option to force me to unlock all accounts when Hello is not available, to improve the UX of getting all accounts unlocked.
  • LongTime1Puser2022
    Community Member

    Hello everyone,

    I have been a long time 1Password user, from the standalone vault days, through Dropbox sync and currently use
    The service and application has been outstanding up until version 8.

    I am still at a loss as to why I cannot unlock multiple vaults using a single password.

    I am a user who has multiple separate paid accounts setup in my 1Password applications. These are not a family/shared account.

    Let's call them John and Mary accounts.

    • I have read through these posts and understand the premise of what used to be a "master vault" and the confusion that caused and the technical reason outlined as to why it has to go. I completely agree, and had concerns about this approach when initially using this feature in previous versions.
    • I don't think using the same master password across vaults is a good idea, this is a decision by users ultimately, but not a robust long term solution.
    • As I see it, the whole idea of 1Password is to (1) improve security, and (2) streamline the "login" experience, be it using an App, a website, or whatever

    I fail to understand how there is not a feature and associated UX element which allows me to:
    1. Install a 1Password v8 client and initially add/login as John
    2. Store the details for Mary's 1Password account in John's account, including email, secret key, master password and 2FA for Mary's account - all formatted correctly
    3. Add Mary's account to my 1Password v8 clients, initial setup being completed by manually entering all account info or scanning the QR code
    4. Instead of 1Password asking me to unlock Mary's account by manually every subsequent Application restart by entering Mary's master password, it takes the fact I store Mary's account credentials in an already unlocked account and proceeds to unlock Mary's account

    To me, this solution embodies the very underpinnings of 1Password - taking complex password information which has been previously securely unlocked and presenting it to applications to fast authentication.

    F*@^ing fix it already.

This discussion has been closed.