Want to switch from LP to 1P, but hit a deal breaker. Solutions?
I've decided to try 1Password after using Lastpass Families for about 1 year. I really like the idea of password managers and using a unique complex password for every website. And 1Password implements it very well (though I would prefer folders setup instead of tags). I'm looking into this because those security analysts that criticize LP make some sense. The breaches themselves are annoying, but not unexpected for a large company, so having redundant security measures are the best we can do I guess. No guarantees in life.
But I've run into some annoying quirks that are likely going to be deal breakers unless there's some solution.
- Every time I reboot, I need to log back into the vault. I can see this is good for security theoretically, but it is very frustrating. More importantly, I can barely get my wife to use Lastpass, and Lastpass seems to save a temporary local cookie so you don't need to open the vault every time. I've turned off auto-lock in the 1P Windows app, but after reboot, it still requires my master password. This is worse on the phone, because for whatever reason, her fingerprint unlock just doesn't work.
So even though theoretically this is more secure, in practice, I would be in a less secure situation because my wife will simply go back to the old habit of reusing simple passwords. I wish 1P would at least make this an option for those who are willing to accept the risk have having the master password saved locally.
- We have shared computers with multiple chrome profiles for me, my wife, my kids, business, etc. And with the 1P Windows App, I can only log into my primary account. Then for each other profile, I'd still need to login to each vault separately even though the App is attached only to 1 account. This is related to problem 1. In my ideal world, yes, each of us would use a separate Windows profile. But that's just impractical for a shared living room HTPC, for instance.
I'm getting the feeling that these were intentional design decisions for I'm probably not going to get a solution. Maybe it will be feedback for the developers. 1P really seems well-made, and I would like to switch, after playing around with it for the past couple days. But these are real deal breakers, especially 1. Is there anything you guys have come up with to get around these issues?
Thanks for your help.
1Password Version: 8
Extension Version: Not Provided
OS Version: Windows 10
Browser:_ Chrome
Comments
-
Today's computers and apps are made for personal use, not shared use. It's a dilemma if you share one account (Windows) but have separate other accounts (1Password, Browser).
If you change your workflow slightly and really use different Windows logins for every family member, it would be much easier with everything that has to deal with user specific things and accounts. It's not difficult to change between Windows sessions. For each family member, create their one Windows user. Then click on the start menu, on your user icon, then switch to a different user without logging out yourself. Your session gets in the background and you get a new session for the new user. This way you can switch back and forth windows sessions without effort. Apps stay open in background. A good side effect is that any changes you make to your user environment will not disturb other customizations your family members made and vice versa. Most desktop apps are installed globally, you install once and everyone else is using the app - with his/her own settings and customzations.
Use a simple Windows Hello PIN for fast login, so it's really easy to switch. The 1Password app on Windows is also able to use Windows hello, so it's easy to unlock with it as well, so both of you can your own 1Password login and vault.
If you enable TPM use within 1Password, you will be asked for the account password only once every 2 weeks instead of on every reboot. The other unlocks are with Windows Hello.0 -
Thanks for your reply. I've been looking into this more and in theory, at least one of my issues should be resolvable. That is, I should be able to use a Windows Hello PIN to login and only need the master password as infrequently as every 30 days. I think I could sell that to the wife. The problem is that it's not working, and based on some other posts, it seems I'm not alone. I've tried everything in the 1P articles, and other posts, but still isn't working. I can't even get the Windows Hello button to show up even once.
I'm running Windows 10 Pro with MRB partition style. Not sure if that makes a difference here, waiting for a reply from support, to whom I've sent my diagnostic file.
Regarding the other issue of multiple accounts on a shared computer, I don't love the lack of choice here as a design philosophy. I've never been a fan of Apple because of that reason, with everything being locked down as if the user is going to break the system. Certainly that can happen, but it would be nice to allow users to knowingly take on some personal risk in order to use software the way the user wants, not the other way around.
I don't think I'm alone in having a shared family computer somewhere in the house. As simple as it may sound to switch to another Windows user profile, sometimes the purpose of having multiple Chrome profiles for each member of the family is that you need to share information between accounts quickly. I can copy some text from my wife's Chrome profile and paste it into mine, or my kids' profiles. You can't do that if you need to switch OS profiles. I think this is perhaps a blind spot for the developers, but I think in most families, not everyone has the same technical expertise or interest; they just want things to work.
For my case, I'm trying to decide whether I can just keep my wife's account logged into the living room HTPC. She tends to use that computer the most. And if I need to access my vault, I will need to go to the website and login. It seems unfortunate that basically the person who's logged in should be the least tech savvy member of the household, when there could be a more elegant technical solution.
All of this is a bunch of work, and it's not going smoothly. It's a real shame because 1P appears to be excellent otherwise, and this appears to be a great online community too. I'm sure other users are making the same calculation when deciding to migrate from Lastpass.
Sometimes people are willing to accept some risk in order for usability. Maybe it's easier to change your passwords periodically (which is good practice anyway), than deal with all these restrictions in the name of (possibly) incrementally increased security. Having different generated passwords for every site is already way better than reusing weak passwords, even if those passwords are generated through Lastpass, which is probably what most people do when they don't use a password manager at all.
Sigh.
1
