To protect your privacy: email us with billing or account questions instead of posting here.

master password prompt for selected password or secure notes

ikeshab
ikeshab
Community Member
edited December 2022 in Memberships

I would like to request if this is architecturally viable to add another layer of security as an option to enable the master password required to view some passwords or secure notes or credit cards or identities etc. It would be very helpful to avoid accidental access which is a very likely scenario. Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

«1

Comments

  • Hi @ikeshab, 👋

    At the moment, a person can access items within a vault in their 1Password account as long as they:

    1. Unlock 1Password on their device using their account password to decrypt their data.
    2. Have access to a vault (either their Private vault or one that is shared with them).

    There isn't currently a way to add a second layer of decryption to an item requiring your account password. May I ask if you're wanting to restrict your own access to an item to protect it from being accessed or seen by others in your physical area? Would you rather keep team or family members your sharing 1Password with from accessing an item accidentally? Or something else entirely?

  • ikeshab
    ikeshab
    Community Member

    If unattended access is made to the physical device (non-shared scenario) i.e., within the idle timeout, such a breach may result in disaster. What I am asking is, if we can just toggle the required master password to view info of any specific login (saved in the vault) or for any specific secure note in the vault would be a great feature. It should be the user's discretion to configure logins to prompt the master password; maybe a checkbox required the master password. With this, unattended access might not be able to view the info as it will prompt again for the master password for that specific login. It's understood that such scenarios may be rare or shouldn't occur at all but this is nonetheless a very viable scenario. It's sort of fail-safe or "poka-yoke" in Japanese. The criticality gets magnified when we use it for logins like for financial institutions or banks which will have additional layer protection or fail-safe.

  • Thanks for sharing more details about your use case, @ikeshab. I've passed on your feedback to the rest of the team for consideration.

    For now, aside from configuring the auto-lock settings to lock 1Password more frequently, I recommend manually locking 1Password before leaving your desk. I realize this isn't always ideal and it can be tedious, though this is the best way to keep your sensitive data secure in these situations.

    Thanks for taking the time to share this and let our team know if we can be of any help going forward. 👍

    ref: IDEA-I-577

  • ikeshab
    ikeshab
    Community Member

    Thanks @ag_max, appreciate it!

  • You're very welcome, Ikeshab.

  • ikeshab
    ikeshab
    Community Member

    Any updates on this!

  • Hello @ikeshab,

    I don't have any updates regarding this feature request. I can confirm it's on the teams radar, but don't have any information regarding if, or when, it may be implemented.

    Let me know if you have any questions.

  • q3moondog
    q3moondog
    Community Member

    This would be a very welcomed option! I'm new to 1Password and used another pwd mngr that had this option. It was nice and comforting to know certain passwords would require the master password to be revealed if I choose for them to have that extra layer of security. I'm not saying you need the master password to use the password but only to reveal it. Give the user the option.

  • WilmaH
    WilmaH
    Community Member

    Hello
    Could the re-prompt be a 2FA request instead of typing the master password again?

  • @q3moondog and @WilmaH

    Thank you for your feedback! I've passed it along to the product team. 🙂

    -Dave

    ref: IDEA-I-577
    ref: IDEA-I-463

  • tkpp
    tkpp
    Community Member

    I also would like this. This is a feature of another password manager, by the way. It's very helpful.
    -Todd

  • @tkpp

    Thank you for the feedback. 🙂

    -Dave

  • JuanFC
    JuanFC
    Community Member

    I'm on the 1Password trial period after the recent incidents on LastPass, this is something that is supported in LastPass as well as other passwords managers. Besides the use case for unattended device, the other use possible use case is biometric access (bypassed or non-voluntary).

    This would be used for a few and really important entries, say the 1Password entry itself, banking, crypto and similar. As others have said, this is about rechecking that it is truly you before revealing or allowing use/access/modification of the protected entries (logins, notes, etc) whether that is via the master password, a different password or a YubiKey or similar, I don't mind that much. A bit less sure about regular 2FA as this would be unlikely to help in the case of bypassed biometrics, as the 2FA is likely to be in the same device protected by biometrics, but at least it would cover the unattended device use case.

  • marksu
    marksu
    Community Member

    +1 from me also to this! As with others i'm planning on moving from Lastpass and there are handful of notes and passwords I would like to add this extra layer of security.

  • mpgmsp
    mpgmsp
    Community Member

    +1 from another new user from LP. i am more concerned from the risk of using FaceId for mobile devices as the only verification for the more sensitive passwords. 2FA helps but would rather a password as a re-authentication prompt. Five year old children know how to point a phone at a parents face to unlock it....

  • taran177
    taran177
    Community Member

    +1. My use case would be to leave 1Password unlocked for convenience, but to have certain high security financial accounts always require the Master Password in case my machine is ever stolen from my house.

  • moblo106
    moblo106
    Community Member

    +1 Just moved over from Lastpass and I was very irritated that this function does not exist with 1Password. I would also like to leave 1Password unlocked for convenience, but to have certain high security for important accounts etc. always require the Master Password.

  • ag_tommy
    edited March 2023

    Thanks folks I'll get your feedback before the team.

    ref: PB-31384415
    ref: PB-31384511
    ref: PB-31384601

  • iandrabedin
    iandrabedin
    Community Member

    +1 I also migrated from LastPass and I'm missing this feature. It would be great to have another layer of protection for specific items that I choose in case my account is hacked. It could be to re-prompt the master password or 2FA or add a new password. I'm sure the team will decide for the best way possible. I hope this feature will be prioritise considering how many new users have migrated from LastPass.

  • Thanks @iandrabedin, I have passed on your feedback.

    ref: PB31708137

  • threadlock
    threadlock
    Community Member

    As yet another new user who is migrating from LastPass I want to add my +1 as well. This is the feature I miss the most and would love to see added to 1Password.

  • U03062023
    U03062023
    Community Member

    +1ing this. I moved from Dashlane to 1Password because the product is just so superior but this is the one missing feature that's preventing me from making maximum use of 1P.

    A lot of the item types, like bank accounts, medial records, passports, and select accounts and notes are all things that I should or must protect much more compared to others (like random logins to e-commerce websites). Being able to mark specific items as requiring an additional lock would solve this pain point and allow me to make maximum use of the 1P product while maintaining high security requirements.

  • Thank you @threadlock and @U03062023, I've passed on your feedback as well.

  • aoaoaoao
    aoaoaoao
    Community Member

    I also need to protect certain logins (bank, taxes, passport information) with extra layer of security. I have them all in dedicated vault and am disappointed to learn that there's no way to configure a vault for password re-prompt. Please consider this feature request.

  • Hi @aoaoaoao,

    Thank you for the additional feedback, I've also passed it on.

  • gmartinez
    gmartinez
    Community Member

    +1 vote, coming from LP this is the only important missing feature. Thanks.

  • Blake
    edited August 2023

    Thanks for sharing your voice here @gmartinez! I've passed it along to our team. 🙂

    ref: PB34709162

  • iqno
    iqno
    Community Member

    Hi team, very disappointed to see that this has been a thread for already 1 year. I'm currently on the 1Password trial period coming from LastPass. I'd really like to continue using 1Password, it's been a great platform, but at this point of time, this feature is a dealbreaker for me.

    I'm happy to re-evaluate this decision and make the switch in the future once this feature is added, please reach out to me.

  • lazynooblet
    lazynooblet
    Community Member

    I've just recently started evaluating 1Password from Bitwarden and this is a feature I would miss if I migrated.

    I've used this for things like bank logins, like others have above, however I have another use-case that is much more important and gives me pause before I transfer this data to 1Password.

    I store the serial number and secret key for my Yubikey 5 NFC (in case the device is lost/stolen), and I keep it doubly secured by requiring the master-password to reveal. If this data was compromised, access to multiple sites would be compromised.

  • kheyse
    kheyse
    Community Member

    I like 1password, but currently I'm keeping some bits of data out of 1password because of this missing feature. That does feel a bit backwards.