Unlocking primary vault also unlocks secondary vault? [yes; works as intended]
I created a secondary vault with a different password. I was very surprised that unlocking the primary vault also unlocked the secondary vault. In other words, I unlocked a vault without using its password!
Can you explain this to me? Is this not a potential security issue?
Comments
-
Hi @pervel,
This is how 1Password has been designed. When we introduced multiple vaults, we wanted to make sure that you could access all of your information easily, without having to remember a multitude of Master Passwords. So, your primary vault holds the encryption keys for all your secondary vaults. This means that you will be able to switch from your primary vault to any secondary vault, so that you really do only have to remember one password. ;)
If you would like to access a secondary vault only, you can do so when 1Password is locked by using the 1Password menu > Switch to Vault. Enter that vault's Master Password, and 1Password will open just the secondary vault. To switch to any other vault will require that vault's Master Password.
I hope this helps to explain things, but I'm here if you have any further questions!
0 -
I know that for me, this is exactly the opposite of how I would like it to work. I share my primary vault with my wife. I have a secondary vault of work passwords that I would like to keep secure. The way that 1Password is currently working, unlocking the Primary Vault, will unlock everything and she then has access to all those passwords. It's not that I don't trust her, but I'd like to keep my work stuff separate from my personal stuff.
With the way you've described it above, that means to set it up how I want it, I would need to move all my work passwords into the Primary Vault and then put all the shared passwords with my wife into a secondary vault. And then whenever she needs a password, she would then need to go up to the menu bar and manually select to open a secondary vault - not very user-friendly for someone who is already fighting using this program in the first place. And, so far, with the non-Primary Vaults not syncing between other computers and devices, it really means I can't make it work how I want it to anyways (that secondary vault of personal passwords won't be automatically synced anywhere).
Can we have an added setting that, if checked, will force 1Password to lock all vaults until explicitly unlocked OR maybe, if you set a Master Password that isn't the same as your Primary Vault's password, then it requires unlocking each time you visit that vault? I understand that the program is called 1Password and the goal is to keep it as simple as 1 password, but multiple vaults is an advanced thing and maybe needs to be treated differently?
0 -
Hi Ben,
Thanks so much for sharing your user experience here! Multiple vaults are still a relatively new feature for 1Password, and we're constantly learning new things about how users are managing their databases and sharing info. We are certainly looking into how to make this feature more user-friendly and functional for all users, and I'm happy to pass along your feedback. :)
0 -
This is totally counterintuitive! I will bet that 80-90% of the users who created a secondady vault expected that its password would be required to open the secondary vault, not merely the primary password. You have inadvertantly given users a false sense of security! I hope you will reconsider.
And in the meantime, until you fix this, I think you should at least create an interim update that adds a warning to the user when they create a password for a secondary vault, that the password will not be required to open the secondary vault!!!
0 -
Hi Nate,
Thanks for the feedback about this! I will pass it along to our developers for their consideration. :)
internal reference number: DOCS-104
0
