Suggestions for multi vault enhancements for iOS

dahanbn
dahanbn
Community Member

I really like the idead to have multiple vaults. And I think there could be many useful scenarios for separting the passwords in different vaults.

What I like

I think it was a good move to go away from the restriction that the primary vault must be named 1Password. It is possible to select any vault type (agilekeychain or opvault) with any name as the primary vault. That is great and works.

What I wish could be changed

Better naming for the primary vault

The primary vault is always named Primary in the App. For me that isn't an useful naming convention. That convention hides the real name of the vault. I would prefer if you show the vault name and maybe the keyword primary in parentheses afterwards. That would be more useful for me. Maybe you could additionally highlight the primary with bolder text and another color

Displaying the name of opvault files

Currently it is possible to add .opvaults vaults to 1Password. The only negative is that those vaults are always displayed with the name Primary. That is a bit annoying. If I add an opvault vault as a secondary or third vault than I have more than one Primary vault. And it is difficult for me to differentiate the vaults. And I am not able to choose the right vault because the all are named Primary. Please support the same behaviour as you do with agilekeychain vaults (displaying the name of the vault instead of always displaying Primary).

Disabling password saving of the non-primary vaults

Currently you somehow save the passphrases of the non-primary vaults to enable the users an easy switching of the vaults. Could you please explain your reasoning about that bevaviour. I would prefer that at least I can choose if 1Password saves the corresponding password of an additional vault.

I mainly have two reasons for vault separations:

  1. Different users or different kinds of passwords/documents
  2. Different security levels of the content

In the later scenario I want to protect the more secure data (passwords or documents) with a different and maybe longer passphrase. In those scenarios I don't like that the password is automatically saved and used by 1Password. Therefore I would like that you prompt the user to input the passphrases while switching the vaults.

Comments

  • AndyP
    AndyP
    1Password Alumni

    @dahanbn‌ Thanks for the super detailed ideas. I tend to agree with you on the naming issues you are explaining with primary vault. I have added this to our bug list and its something we'll be discussing in the future. Thanks a ton there.

    We are looking into adding more granular levels of control (similar to your suggestions) when dealing with vault passphrases and the changing of vaults. I created a bug for our team to track and added all your comments for the team to review. With your two scenarios, I tend to run into #1 often enough to want some flexibility here as well. We will look into improving the experience here!

  • Locker
    Locker
    Community Member

    I too am looking for a "more granular levels of control". See a previous post of mine. [perhaps the admins can merge similar posts, like it was used to in the past].

    I also would like to see a feature that was brought up long time ago: An option to encrypt the URL too (and perhaps even the title) in the secondary vault. Those 'higher security' vaults can now be small, so the "penlty" of more processing time can be minimal. The user can decide if he/she wants it more secure (and slower) or faster.

  • Hi @Locker,

    I also would like to see a feature that was brought up long time ago: An option to encrypt the URL too (and perhaps even the title) in the secondary vault.

    I'm not sure what you mean by this. The upcoming opvault format already encrypt everything and will be stored as such in the 1Password 4 apps.

  • Locker
    Locker
    Community Member

    Hello @MikeT,

    I guess I missed the news about the opvault format. Where can I see that information and how do I switch my data to this format?

  • MrRooni
    edited June 2014

    To switch to using opvault you will first have to set up syncing in 1Password for Mac using iCloud. Then, navigate to the ~/Library/Mobile Documents/8RS32JY83C~com~agilebits~onepassword folder and rename the onepassword_data directory to 1Password.opvault. From there you can copy the opvault file out to Dropbox and setup syncing with it on both your Mac and iOS devices.

  • Note that @MrRooni's instruction would only work if you're on Mavericks and previous versions of OS X. That no longer works on Yosemite.

  • Locker
    Locker
    Community Member

    I have 10.9.3

    will this procedure work for me?

    Is it temporarily broken on Yosemite?

    Is it safe to switch?

    Any background info what's opvault and what's going on?

  • @Locker If you're running 10.9.3 this procedure should work for you. We are currently in beta on Yosemite, and things are in flux over there, so if you jump to the 10.10 beta please be advised that things may not work the same (or at all) in the short run.

  • Locker
    Locker
    Community Member

    Almost went and converted, but:

    "iCloud syncing is available only for primary vault"

    Should I try to bypass the limitation by moving the primary vault to another location; moving the secondary to that mail location; convert, and move everything back? Isn't it too risky? Any other way to convert?

    Perhaps create a new vault? Can I create a new opvault? I can move all my secondary items (about 100) to my main (about 3500); delete the empty secondary. Convert the primary. Than what?

    Also, you mentioned somewhere that you are going to limit the new betas to OSX 10beta. Will I get stuck?

  • Hi @Locker,

    Honestly, it sounds like you should wait until we add all the stuff we need to make this hassle-free. We will likely to add a migration tool to switch over your older files to the newer ones when we finished with the opvault implementation in 1Password 4 for Mac and iOS.

    The new OS X betas are restricted to Yosemite, so you won't be able to test it until you either upgrade to Yosemite public beta or the final is released.

This discussion has been closed.