Two accounts - now needs two different passwords every time you login?

2

Comments

  • speed2001
    speed2001
    Community Member

    I posted two straight questions regarding two accounts with different master passwords and got a quick reply that referred me to this thread. The answer didn't help me as the thread is too long and with too many issues so, I'm sorry, I need to request your help in answering the following and I will really be grateful if someone can help.

    I have a family account with 4 sub-accounts. Two of those sub-accounts are mine (private) and I want to access both but with different master passwords.

    a) can i use both with this type (family account)?

    b) I tried and when I want to switch to the other account it is asking for the Secret Key. Will I need it every time I switch accounts? Is there a way to bypass if this (request secret key) is true?

    PS: I'm using version 8 of 1password.

    Thanks

    Speed

  • At present the quickest way to access multiple accounts that have different account passwords would be through Windows Hello (Windows) or Touch ID (Mac). Similar options are also available for Linux.

    Ben

  • speed2001
    speed2001
    Community Member
    edited December 2021

    Ben, thank you very much for your reply. Too bad it is so difficult to have it what will keep me using LastPass and dropping 1Password that is far better than LastPass. I hope 1password is able to implement something in the very near future so that I can go back to use it.
    Again, thanks for the prompt support and sorry for not being able to continue to use 1pass. Ah, the simple availability of independent vaults passwords would also cover the problem if we could keep alternate vaults open or close to access depending on the need.
    Cheers
    Speed

  • Thanks for the feedback @speed2001. I'm sorry to hear that's the outcome but hopefully we'll be able to win you back in the future. 🤞🏻

    Ben

  • speed2001
    speed2001
    Community Member

    Sure you will... 1pass is vastly superior in everything else. Thanks again for the reply and I will keep an eye to when the functionality is available.
    Happy New Year to you all
    Speed

  • Happy New Year @speed2001 :)

    Ben

  • lspeterman
    lspeterman
    Community Member

    Not gonna lie, this creates some serious cognitive dissonance for me. I do understand the reasoning with the private key but I'm still not comfortable with my corporate vault having the same master pwd as my personal.

  • Xacto
    Xacto
    Community Member

    I agree with not wanting all my employees to have access to my personal information, including investments and credit cards, for a workaround of using the same password (that seems like defeating the purpose of protection). My business has been using 1Password for years, and ever since the beta, I have started looking at other options. I would not complain if I did not love your product. Why break something that was not broken? Here is a great idea; give the user the capability to turn this option on or off as a preference item. Best of both worlds - happy customers around.

  • Hey @Xacto:

    Thanks for being with us for so long! This new behavior has a few benefits. If you're using multiple unique account passwords, it helps ensure you don't forget them. With the old approach, it would have been possible to unlock 1Password for months without ever using your second account password, and potentially being locked out of your second account. Additionally, because each account password only unlocks the account(s) it goes with, it allows for administrators to ensure that their password policies are being followed. Finally, it allows for a more consistent experience. The previous behavior unlocked using the first 1Password account added to the 1Password app, and if your accounts were added in a different order across your devices, you'd end up with different unlock passwords and not know why.

    On Mac, Touch ID or Apple Watch unlock is able to unlock all 1Password accounts that have been unlocked with an account password (even if they're different), and similarly on Windows, Windows Hello is able to do that as well. We're pretty thrilled with what the new unlock behavior brings to the table, so it's unlikely the old unlock behavior will make a return, even as an option.

    Jack

  • fieldsny
    fieldsny
    Community Member
    edited May 2022

    A few comments on this:

    1. I don't even know the master passwords for some of my subsidiary accounts... because I store them in 1Password. They're 30 character random strings for increased security. Now every time I need to enter one of them, I need to remember to copy it to the clipboard (less secure) before bringing up the unlock screen (because there's no way to access passwords in an unlocked vault while that dialog is up, and then paste it.
    2. Even if I set them all to the same (weaker) password, typing the same password over and over again to unlock them again every 10 minutes is still more of a hassle, not less. Yes, there are still people using Macs that can't authenticate with Apple Watch / Touch ID.
    3. We’ve all collectively spent decades trying to get people to not reuse passwords. This really compromises that effort.
  • fieldsny
    fieldsny
    Community Member

    "Additionally, because each account password only unlocks the account(s) it goes with, it allows for administrators to ensure that their password policies are being followed." is at counter purposes with the recommendation to use the same master password for each account.

  • fieldsny
    fieldsny
    Community Member

    "The previous behavior unlocked using the first 1Password account added to the 1Password app, and if your accounts were added in a different order across your devices, you'd end up with different unlock passwords and not know why." is easily solved by letting the user choose which account should unlock the others.

  • fieldsny
    fieldsny
    Community Member

    "On Mac, Touch ID or Apple Watch unlock is able to unlock all 1Password accounts that have been unlocked with an account password (even if they're different), and similarly on Windows, Windows Hello is able to do that as well. We're pretty thrilled with what the new unlock behavior brings to the table, so it's unlikely the old unlock behavior will make a return, even as an option."

    There are still millions of Macs out there that don't support this.

  • fieldsny
    fieldsny
    Community Member

    Here's another bad real-world use case. Someone asked me if I had a password for a shared account. I searched for it in 1Password on my Mac, and it didn't come up, so I told them I didn't have it. I realized later when I did a similar search on my phone that I did indeed have it, and it was in a shared vault that was locked on the Mac. Now, "of course", you might say, "how would it know what was in a locked vault?". Which misses the point. This is actively hostile UX.

  • HenryY
    HenryY
    Community Member

    @roustem I currently have both Personal and Work 1Password accounts logged into my client. I'm hesitant to have the vaults for both accounts share the same password because of the following scenario. Say, I am somehow coerced of forced into surrendering the password for the work account (which is the account I do not own, and do not pay for). The secrets in my personal account would then be compromised. This seems like a true security regression.

  • roustem
    edited May 2022

    @HenryY I see where you are coming from. Please note that your account password alone, without the Secret Key, won't be enough to access the account.

    It also would be very unusual for the business to demand your password. The administrators/owners of the business account already have an option of recovering access to the employee account if necessary.

    However, the business policies are different everywhere. If you believe that your company could do something like this then it may not be a good idea to keep your personal data on the work device.

  • @fieldsny

    is easily solved by letting the user choose which account should unlock the others.

    I had to help many 1Password customers and computer users in general, including my family members. In so many cases, when prompted for a password, people have trouble understanding what password they need to enter. Adding more options would not make it easier.

    And just a few days ago, we had a customer losing their data because for many months they unlocked 1Password with the password that was different from their real account password.

  • I don't even know the master passwords for some of my subsidiary accounts... because I store them in 1Password. They're 30 character random strings for increased security. Now every time I need to enter one of them, I need to remember to copy it to the clipboard (less secure) before bringing up the unlock screen (because there's no way to access passwords in an unlocked vault while that dialog is up, and then paste it.

    I had a similar issue myself for one of the accounts that is rarely used. Quick Access (⌘⇧Space) can be very useful here.

    Someone made a suggestion to let 1Password look up the account password in already unlocked account(s) and unlock it for you automatically. Perhaps that could be a solution?

  • fieldsny
    fieldsny
    Community Member

    @roustem I'd think allowing it to look up the account password in an unlocked vault would be a fine solution. I'd like to see that happen automatically upon unlocking. There could be a toggle in the vault password item for "automatically unlock this vault". Having to do it manually each time would still be kind of tedious (see my search problem above for why I want all vaults unlocked when I'm using the app).

  • wavesound
    wavesound
    Community Member
    edited May 2022

    Yes, I have multiple accounts with other families that I use to share items between. Typing in 4 passwords to get all the vaults unlocked is remarkably insane oversight. Can't we just use one account as our primary account to unlock our other accounts/shared accounts?

    Also, how come we implement the capability to unlock the app with one password on the phone app (iOS) and not the computer (macOS)?

  • TomvdL
    TomvdL
    Community Member

    Please just make a setting if you like to unlock all accounts by unlocking one account, or just to unlock the one specific account. Having the same password for my corporate and private account is just not a solution. You really missed the point here.

  • TomFors42
    TomFors42
    Community Member

    I have decided to downgrade to 1Password 7 until this changes. I understand the reasons for the change, but please consider having the option to enable the old functionality, or to mark passwords as being for other vaults to enable quick access. As a software developer myself I realize that sometimes my favorite features, even those that are "correct", may not be the ones my users want and I have to be able to adjust to the wanted functionality not just what I want to do.

  • BenJetson
    BenJetson
    Community Member

    +1 for adding the option to retrieve the password for a locked account from a vault that is already unlocked.
    This could replicate the familiar behavior from 1Password 7, while providing greater transparency about how the account is unlocked and giving users the choice about whether they want this behavior or not.

    Touch ID is a nice workaround, but I also use Mac minis or MacBooks with the lid closed where Touch ID is not available.

    I also use a different Apple ID for my work computers, so my Apple Watch on my personal Apple ID is not an option for unlocking all accounts on those computers, unfortunately.

  • Kris_Shannon
    Kris_Shannon
    Community Member

    I will also be sticking with 1P 7 for the moment.

    I currently use very long and complicated master passwords for both of my 1P accounts but also have a standalone vault with nothing important in it which has a shorter and quicker to type master password. This is currently my primary vault under 1P 7.

    I do understand the security rationale that has been put forward as to why reusing a master password across multiple accounts is OK. It does increase the need to ensure that the secret keys are not disclosed. If I ever do move to 1P 8 and a shared master password I would first have to change my procedures for keeping copies of these keys so they are not all stored together.

  • eegore
    eegore
    Community Member

    +1 for adding the option to retrieve the password for a locked account from a vault that is already unlocked.

  • PeterG_1P
    edited June 2022

    Hi folks! Thanks to everyone who has asked for this feature. I have submitted votes on behalf everyone who so requested. We appreciate your feedback on this and will continue to work to exceed your expectations. 😃

    ref: IDEA-I-866

  • valor
    valor
    Community Member

    Idea that hasn't been discussed: Use a hardware key (like Yubikey) to unlock all the account vaults.
    Example: Insert Yubikey, type master password for an account, other accounts set up with that hardware key unlock as well.

    The simpler approach is choose which account(s) get unlocked by choosing login item for that account/vault which would a broader user base

  • Thank you for this, @valor! I have submitted the idea to our development team, with thanks to you.

    ref: IDEA-I-853

This discussion has been closed.