Unlock all / Search all vaults by default (where to vote on this feature?)

Options
0x2a
0x2a
Community Member
in Mac

I recall seeing a similar question a while back, but I can't seem to find it now. Could anyone point me to adding a vote for this feature if there's a place for it?

In case there isn't anymore, I'll present a user scenario that happens a few times a week in my role as a professor working with research students.

Scenario

I have two 1Pass plans billed separately (one personal, and one shared with students for research projects). I'm frequently accessing both (e.g. logging into the student research AWS account with the student vault, and adding a credit card with the personal vault).

User Actions

Duration of these steps is typically 3-4 seconds. The user is engaging in fast thinking.

  • 1Pass hotkey (browser)
  • fingerprint auth
  • type aws, enter, enter, done
  • add credit card
  • 1Pass hotkey
  • type visa... no results

Duration of these steps can exceed 5+ minutes. The user has involuntarily switched to slow deep thinking.

  • thinking hmm... is this a bug in the browser extension?, where'd it go, did I delete it?
  • open the 1Pass app, cmd+f, visa, nothing.. hmmm, search the archive, nothing.. hmm
  • open 1Pass website in case its a sync issue... oh wait!
  • remembered my visa is in the personal account
  • remembered 1Pass8 doesn't allow unlocking all vaults
  • back to 1Pass app, look for personal vault, see lock icon
  • click personal vault, unlock
  • back to browser
  • 1Pass hotkey
  • type visa again
  • finally it's there, enter, enter, done

Above are references to design psychology from "Applying Thinking, Fast and Slow", by Daniel Kahneman. System 1 is fast reactive thinking and System 2 is slow deep thinking, both operate simultaneously. 1Password should consider design changes to how vaults are unlocked to avoid disruptions to System 2.

With all vaults unlocked, the scenario above would be completed in System 1 (without the user realizing it). But without signifiers that vaults are partially unlocked or available affordances to unlock remaining vaults when searching, the design of 1Pass causes an interruption to the user's prior System 2 thinking (i.e. whatever they work working on). Because of the interruption, progress in the user's System 2 though can be lost -- in other words they lose their train of thought.

One recent example is working on protein folding research for cancer treatments. The user's system 2 was engaged in keeping track of variables being tested in a simulation. The user's system 1 is operating the familiar UI. The user wants to increase servers for a large simulation. The user navigates to AWS, 1Pass hotkey, nothing. System 1 tries again, nothing. At this point the user's System 2 thought process keeping track of variables in cancer research is halted, and their System 2 has now been involuntarily reassigned to troubleshooting 1Password. Five minutes later, they get it worked out. The user shifts back to what they were doing, thinks "Wait why did I open AWS? what was I doing? what variables was I working on?" The user has lost their train of thought, and perhaps any good ideas that System 2 had in mind.

With such a large user population and most academics I know of also managing multiple 1Pass accounts, how many setbacks in the advancement of humanity are being caused by a simple design problem in a password manager? Surely there are many.

1Password Version: 8.10.23
Extension Version: 2.19.0
OS Version: macOS 14.2.1
Browser: Chrome

Comments

  • Dave_1P
    Dave_1P
    edited January 18
    Options

    Hello @0x2a! šŸ‘‹

    I'm sorry that 1Password is causing friction as you and your students perform your important work, I understand the frustration. You can unlock all accounts at the same time by using the same account password for each account, we have a guide here: How to use multiple accounts

    The reason why 1Password requires that you unlock each account separately is because each account is encrypted using it's own secret: your account password. If you're using different account passwords for different accounts, or different authentication providers, then you'll need to provide each secret separately.

    If you use Touch ID to unlock 1Password then 1Password is able to store the secrets securely in the Secure Enclave (a hardware component on your Mac) so that all accounts can be unlocked at the same time once you provide your fingerprint: Use Touch ID to unlock 1Password on your Mac

    That being said, I agree that 1Password can do a better job letting folks know that some accounts are still locked. This is something that our product and design teams are looking into and hopefully improvements can be made in future updates so that we can avoid the sort of productivity loss, and increased cognitive load, that you've described in your post. I've passed your feedback along internally to the teams looking into this.

    Thank you for helping us make 1Password better. šŸ’™

    -Dave

    ref: PB-37864139
    ref: dev/core/core#12642
    ref: dev/core/core#22174

  • 0x2a
    0x2a
    Community Member
    Options

    @Dave_1P appreciate your affirming candor.

    The touchID method is partially there. It seems to work if both vault accounts were recently unlocked, but for some reason one of my vaults needs its password more than the other. I wonder if the "require password after" intervals are out of sync, or if I turned on a higher security requirement for one a while ago. The lockout occurs often (a couple times a week), so some requirement has a short interval. One vault is not used as much as the other.

    I do recall the use-same-password trick now that you mention it. Some would classify it as ironic design, where two features achieve the opposite user goal -- in this case password diversification vs unification. Sarcastically, that being said the company is called "one" password so there you have it /s. It probably isn't the most enjoyable recommendation for you to make, so I do apologize for necro'ing the workaround.

  • Dave_1P
    Dave_1P
    Options

    @0x2a

    Thanks for the reply! The "Require password" timer will reset for an account when you use your account password, instead of biometrics, to unlock that account.

    for some reason one of my vaults needs its password more than the other

    Is this when unlocking the 1Password desktop app or 1Password in the browser? When you say "vault" I'm assuming that you mean account, is it always the same account that requires the account password more often? Can you recall if there's a specific message on the lock screen when you're prompted for your account password for that account?

    -Dave

  • 0x2a
    0x2a
    Community Member
    Options

    @Dave_1P yes, sorry -- "accounts" is correct here.

    From my recollection the experience is mostly consistent between the browser extension (app integration enabled), mac app, or mobile app. Kudos for consistency!

    Of the two accounts, A and B, the B account seems to lock itself more. Hrm, some more details between the two...

    • B is typically not used on weekends, A is
    • B has far fewer credentials in it
    • B has two vaults, A has one
    • B has 2FA with several yubikeys, A does not
    • I've never seen both locked at the same time. When prompted for a password, it usually accepts the A account password, never the B account
    • Unless I proactively unlock both accounts and then select "All Accounts", 1Pass seems to select only the last unlocked account for hotkey searches.
    • 1Pass seems to lock it's search into the last selected account as well. I experience a feedback-loop here. When I can't find a password from the hotkey search, I usually troubleshoot by opening the 1pass interface (browser, app, mobile), then select the other account to make sure it's unlocked, then search. But the problem is I forget to go back and select "all accounts" on my way out -- setting myself up for more trouble on the next other-account lookup.

    When prompted for a password, it's usually account A. I don't remember well enough if both account icons always show up above the password input or not -- I'll try to watch for it next time.

  • Dave_1P
    Dave_1P
    Options

    @0x2a

    Thank you for the reply. The next time that you're prompted to unlock account B quicker than expected please gather the following information:

    1. What the "Require password" setting is currently set to on the affected device.
    2. The date that you last entered your account password for that account.
    3. The current date (when you're seeing the request for your account password).
    4. A screenshot of the lock screen asking for your password.

    I'd like to also ask you to generate a diagnostics report from the Mac:

    Sending Diagnostics Reports (Mac)

    Attach the diagnostics to an email message addressed to support+forum@1password.com.

    With your email please include:

    Please send the entire file.

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here. Thanks very much!

    -Dave