Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

jdwusami's avatar
jdwusami
New Contributor
4 years ago

1Password 8 Mac Electron App Experiment

Is the 1Password 8 Mac electron app experiment about over so the dev team can get back to building a quality native app for the Mac? The other option is staying on 1Password 7 till I move my family a...
betas
Jack_P_1P's avatar
Jack_P_1P
Icon for 1Password Team rank1Password Team
4 years ago

Hi @aexvir:

While the specifics of this are a bit above my head, this was a reference I was pointed to:

All sorts of things you can get wrong in Unicode, and why

As I mentioned above, we do have plans to improve search even more, but I can't share more specifics at this time.

As for the discussion of account passwords, our Principal Security Architect, @jpgoldberg, has written a much better summary of how this makes more sense and makes it obvious what information unlocks with what account password:

Suppose Patty has two accounts. One of them is her personal account and the other is with her job at the DIA (Dog Intelligence Agency). Patty does not want account PW unlocked most of the time, but she does want PP unlocked most of the time. In particular, she doesn't want the unlocking of the two accounts in lockstep. (All puns intended.) So. what does she do? She sets up a different account password for each. (Many of my examples involve my dogs Patty and Molly.)

Molly, on the other hand (paw) has a personal account, MP, and a work account, MW. She wants to unlock both with a single account password. If you (or Molly) want to unlock two accounts using a single account password it makes most sense to set the same account password for both of those accounts. This is what I meant when I said the new system makes more sense.

Suppose also that the DIA (not being as intelligent as their name claims) insists that account passwords be changed every two dog years. (Or every four months). If Patty always unlocks her work account with her personal account password she is certainly violating the intent of her employer's policy. Probably the letter of it as well. This is just one of the ways in which Patty may want to need different account password practices for her different accounts. She most certainly does not want to change her personal account password every few months.

Molly wants her account unlocking to be in lockstep with each other. The most natural and semantically coherent way to achieve that is to have the same account password for those accounts she wants to unlock as a group.

The old system

In the old system, there was a little known and poorly understood concept of "primary account." It would, on your own disk, have encrypted secrets needed to unlock other accounts. Your primary account was rarely something a user chose for that purpose, but instead was a consequence of the order in which they set up their accounts on that device. It was fairly arbitrary which account became the primary.

One difficulty with the lack of transparency to the user about what account password was unlocking what is that users could forget that they even had a different account password for their non-primary accounts. Forgetting you have a separate password for an account is a good way to forget that password. Suppose Molly was using the old system. She regularly unlocked both her accounts with the password for her primary account on her computer. Note that "primary" may not mean the one that has the information that Molly needs the most. It just happens to be the one that she set up first on that device. She is never prompted for the account password for the "secondary" account (which might contain the most important data for her). She forgets that secondary account password and she forgets that she even has a different password for that account.

Now suppose the nefarious Mr Talk (the neighbor's cat) steals Molly's computer, and there is no way for Molly to get it back from him. Molly also doesn't have good back ups. So now Molly needs to set things up on a new computer. She does have her Secret Keys for both accounts safely stored for such an event, but she doesn't have the passwords written down because she is supposed to remember them. She can set up her new computer and unlock what was in her old primary account, but she has no way to unlock what was under an account password that she'd forgotten about.

This kind of problem is the result of the old system being very opaque to users. Now having a much clearer relationship between account password and the accounts it unlocks should very much reduce that problem. If you want multiple accounts to unlock when you give a single account password there is a very natural thing to do about it. You no longer have silent unlocking of accounts.

[...] Now we make it easy for people (and dogs) to have multiple accounts, and these different accounts are part of different teams and families with their own policies. So we took the opportunity to design unlocking in a way that makes sense on their own at the expense of a substantial behavior change.

Jack