Unlocking 2 vaults in 1Password

I have 1Password installed on my Windows PC at work with 2 1Password (online) accounts connected, my private one and the business one.

To unlock 1Password I have to enter the password for my connected business account, which then unlocks my private account/vault as well. It doesn't work in the other direction, presumably because I connected the business account first?

However, I would like to know if there's an option to have 1Password only unlock the business vaults when I enter the password for that account and not my private vault since other people in the office have the password for the business account and I don't want them to be able to see my private vault?

Thank you.


1Password Version: 7.3.684
Extension Version: 4.7.5.90
OS Version: Windows 10
Sync Type: Online Account

Comments

  • bundtkatebundtkate

    Team Member

    Others shouldn't have your password for your Business account, @undistinguished. You may already be aware of this so I apologize if I'm regurgitating things you already know, but the way Business accounts work is that each of your teammates gets their own credentials. You may each have access to different vaults, plus you'll each have work passwords only for yourselves – like your email – so this ensures that if you're on the engineering team and your friend works in accounting you don't have access to the books and your teammate doesn't have access to the code for internal apps. Plus, of course, neither of you will have access to any personal work Logins for the other, like your e-mail accounts.

    As you may have surmised, the ideal solution here would be for your teammates not to have your business account's password, so before I suggest any alternatives, I'd like to know if they need to know that password and why. That would certainly impact what might be practical in your case and I don't want to make suggestions that would necessarily break your workflow at the office. Thanks! :+1:

  • kurtdkurtd Junior Member

    Having one password unlock both business and personal accounts is the dumbest idea ever in my opinion. When I'm at work, I rarely need to use my personal vault and vice versa. To get around this issue, when I'm at work, I use the 1Password desktop app and extensions for my business account only and then I use 1Password X for my personal vault. When at home, I do the opposite, I have 1password X in case I need to access my business account vault and use the regular apps for personal vault.

    Although, we don't share the password here, we each have our own business account, you still never know when a company will demand your passwords... I wouldn't want them to have my password if it unlocked both accounts and I wouldn't want to be given a password for another user's personal data.

    In addition, it's less secure to constantly be unlocking both vaults when you only need one.

    Thirdly, if you're giving a presentation or simply sharing your screen, and need to use 1Password, if both get unlocked, all can see all the personal sites you have saved into 1password while you search for the correct business login with the browser app.

    When will 1password give us the option to unlock personal and business vaults separately with their individual passwords?

  • bundtkatebundtkate

    Team Member

    We've designed this experience around the typical use-case, @kurtd, and in our experience this falls into two categories – folks who aren't using their personal accounts at work at all and those who want easy access to both at once at work, just like at home. That said, this isn't going to fit everyone's security needs and some of us will need to adjust how we use 1Password to fit those needs. To provide a personal example of how this has required me to adjust how I use 1Password, I want my folks to be able to access my data should anything happen to me. I can't share my Master Password because that would unlock my work data as well. To make sure they can access my account in an emergency without also giving them access to my work data, I've shared the password for the e-mail account I use with 1Password so that they can recover my account and set a new Master Password for it to access my personal data only should the need arise. This did present a challenge as I didn't want to give access to my regular e-mail account and had to create one for this purpose, but it's done now and it works.

    To the extent it may impact your choices when using 1Password at work, it's worth noting that your app unlocks with the Master Password for the account you added first. If you add your personal account to your app at work first, someone who knows your business account Master Password (and your Secret Key) would be able to access your work data on the web, but would not be able to unlock your 1Password desktop app (and thus your personal data) because your personal Master Password would be needed to do so and they don't have that. Another option would be having separate Chrome profiles for work and personal on you devices. This would allow you to use 1Password X in each with only your work account added in your work profile and only personal on the other. As I've shifted towards using 1Password X more than my desktop app, this is something I've found works well for me (though I use two different browsers for work and personal, rather than separate profiles).

    Finally, I'd be interested to know more about the concerns you're addressing with this setup. At work, I think I understand – you don't want work and personal available in the same app on a device your employer may reasonably access – but given you're doing the same thing at home, I feel like your concerns may run deeper than that. It's a challenge designing 1Password for people with such vastly varied security needs for sure and there are undoubtedly thing we could do better. Feedback like yours is a great help in meeting that challenge and knowing more about your security needs and what threats concern you would be a great help in considering how to manage those improvements if you have the time and are willing to share.

  • kurtdkurtd Junior Member

    I would like separate accounts to always have separate 1passwords. I would never want to unlock my work account with my personal password and my personal account with my work password. Luckily there's two browser extensions so I've been able to avoid the issue for now.

    In addition to the three issues I mentioned above, another problem is when you have logins for the same sites in both vaults. When you unlock 1password, it will show all your accounts to pick from. That means you'd have to sort through multiple email accounts, multiple social media accounts, etc which makes logging in more time consuming. In addition, the risk of posting to the wrong social media account increases if you're in marketing....

  • bundtkatebundtkate

    Team Member

    I work on our social media team, @kurtd, so I definitely feel you on that concern. I'm not too fussed on my desktop and laptop as I can easily see usernames and am okay so long as I'm careful, but I all but refuse to ever sign in to our 1Password social accounts on any mobile device. I've done it once or twice when it was absolutely necessary, but it does make me cringe.

    It sounds like your concern is, at least in part, what information you see in what context. This is essentially irrelevant for you since you want more physical separation between those accounts anyway, but for those of us who use both of our accounts in a single app, All Vaults can solve that problem. On my device used primarily for work, I hide my personal vaults and on those used more for personal stuff, I hide my work vaults, which is a huge help. For you, I think separate Chrome profiles (or your current strategy with different extensions) is likely the better bet, but I figured I'd mention this just in case it might help refine your setup as well.

    I don't think I have any better ideas for you beyond what's been shared now, but I do appreciate your feedback and particularly your willingness to expound on your needs. Thanks for taking the time and I'll be sure to pass what you've shared along to our development teams. :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file