1Password Account username, password and secret key stored in shared vault issue

I am storing my kid's 1Password Account username, master password and secret key in a shared vault.

When I try to use 1Password to fill in the credentials when signing into 1Password.com, it picks up the username and master password correctly, but it always gets my secret key rather than my kid's. Of course, I manually copy the secret key from the 1Password item and paste it into the browser, the sign in works fine.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:fill secret key family

Comments

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @BLD,

    I hope you don't mind but can you help me with a couple of questions please.

    1. When you first load the sign-in page, are all three fields empty?
    2. When you view the Login item in the shared vault you will see a visible username and password at the top of the Login item. For the secret key, is it visible when you first view the item or do you have to click a button titled something along the lines of View Saved Form Details, Web form details or similar?
  • BLD
    BLD
    Community Member

    Trying again with a Chrome Incognito window (for a clean slate).

    1. Yes, all three fields are empty on the browser form.

    2. Yes -- the Secret Key is immediately visible (and correct) in the Login Item within the 1Password app. But what you wrote caused me to check the "Web Form Details" of the Login Item that I hadn't noticed before. The "account-key" listed there was wrong -- I have no idea how that happened. Now the correct details get filled.

    However, another issue is that "Command-\" never works smoothly with these 1Password credentials. If I have signed into multiple 1Password accounts in the same browser, I have to be careful to click "Sign into a different account" at the bottom of the page, presumably to clear a cookie containing the current secret key. It's only then that I get a form with three blank fields. Clicking "Command-\" then reveals the 1Password Login Item in 1Password mini -- but I have to search for it, it does not appear to be matching the "website" in the Login Item correctly to bring it up as "Suggested." Once found, I have to explicitly select "Fill" before I finally get a form populated with the correct data.

    I can understand tracking the last secret key used with a cookie (the "Sign into a different account" requirement), but it does seem like there are two bugs here:

    1) "account-key" in Web Form Details is getting populated incorrectly (presumably with whatever account was used on the browser first), and

    2) "website" in the Login Item, even though properly set to "https://my.1password.com," is not being used to offer the Login Item as a Suggestion in 1Password mini.

  • littlebobbytables
    littlebobbytables
    1Password Alumni

    Hi @BLD,

    As the Login item's saved form details contained a field for the secret key there is one of three ways in which it was created.

    1. The Login item was saved in the browser, most likely using the steps detailed on How to save a Login manually in your browser.
    2. The Login item was created when the member joined the 1Password account and completed the sign-up process. The item would have appeared in that member's Private/Personal vault.
    3. The Login item was duplicated from an existing Login item for the same 1Password account.

    In 1. the secret key recorded would have been the one present on the screen at the time, 1Password will only record what is present. In 2. the item was generated in the browser when the user finished the sign-up process. As the browser generates the item is based on that member. In 3, not only are the visible custom fields duplicated but so are the saved form details, it is a complete copy of the original item. Altering the visible custom field wouldn't also change the field in the saved form details. As it stands 1Password does not use custom fields for filling so its presence is more just so you can see you have a record. As I've hopefully helped clarify, it's the saved form details that are critical for filling.

    You are right that if you wish to access either multiple 1Password accounts or switch between members in a single 1Password account that neither open-and-fill or attempting to fill the form that just asks for the Master Password will allow you to switch and you will need to manually navigate to the blank sign-in page first.

    Once at that page though the ⌘\ should work, I've personally never had any problems. As more often than not I have multiple matching items 1Password mini will appear and prompt.

    The following is very dependent on how confident and comfortable you feel in being able to create a screenshot but more importantly ensure nothing personal or sensitive is revealed by doing so. I would be very curious to see what 1Password defaults to showing you when you first access 1Password mini if it isn't displaying the correct match and what 1Password mini looks like after you've managed to get it to display the correct item. Our support forum is public and anybody can view it so you definitely don't want any of the actual account credentials visible. That would be true if we were conversing via email but at least there any mistake we can warn you about without you worrying that the entire internet might have seen something before we said something.

    Here's an example of what I'm trying to convey.

    Here I can see the URL, the empty fields and what 1Password is matching when first accessed. As the items have the same titles it's displaying the username and that's something you wouldn't want visible. As these are example items I'm risking nothing by it being displayed. You would need to scrub out the details from any screenshot but still leaving enough so that I understand any description you add to go along with it.

    If you feel uncomfortable doing this in the forum but would feel happier if we moved to email that's perfectly fine and we can do that. If you feel uncomfortable about making the screenshot at all that's also an acceptable position, at no point do I want you to do anything you feel unsure about and certainly nothing that could put any account of yours, 1Password or otherwise at any kind of risk. We are here after all to help you safeguard stuff, not create stress :smile:

This discussion has been closed.