Multiple Vaults in Windows - Passwords over and over?

Seeker

This is working fine on the Mac. So I just purchased Windows.

It seems like I have to type in the password (fairly long) every time I switch between vaults. I can understand if the timing has passed, but this happens even if I flip from vault 1, to vault 2, then back to 1 again - I have to constantly enter the password.

Is there some setting I'm missing?

MikeT

Hi @Seeker,

No, you're not missing anything and we do understand why it is strange. The Windows and Mac applications works differently and they have different ways of managing your data.

On Mac and iOS, there's a single database store that manages all of your vaults at the same time. The primary vault you use will have a local-only copy of your secondary vaults' keys. This means unlocking the primary vault will unlock all secondary vaults as well.

The Windows application does not have this capability and instead, it directly manage your data files separately. This means, there is no concept of a primary vault that can unlock all secondary vaults like on the Mac/iOS platforms and no local copy of other vault keys. Each time you ask 1Password to switch to a different vault, it needs to know the password for it.

AGAlumB

@MikeT: Thanks for chiming in here with the technical details. :smile:

@Seeker: Things work a bit differently in the Mac and Windows of 1Password versions due to platform differences. If it helps, think of it this way: your 1Password data is a folder of individual files; 1Password for Windows reads and writes directly to this (regardless of location: Dropbox folder or otherwise), and, of course, in order to read it when it is opened it needs to decrypt it...which is why you have to enter your Master Password at that time. I hope this helps! :blush:

Seeker

Ok, I'm an I/T guy, I get it. You should change this, however at some point to get parity between platforms.

That said - the main issue is switching and typing passwords over and over and over and over. I understand there isn't a primary/secondary bit in Windows - but you should maybe keep a temporary "hey, he typed in Vault 2's password in the last 20 minutes" so as to at least during the time expiration frequency not ask for the Vault 2 password 3 minutes after I just typed it in.

Seeker

And yes, I also get the "your master password for that vault is at risk if something untoward happens during that 20 minutes". I'll risk it. You can throw in some safety bits. Give me a preference box to check.

RichardPayne

@Seeker I suspect that the problem is a little more fundamental. 1Password for Windows is only designed to have one set of data open at once. Changes to retain previous vault's master keys in memory past their closure would require a significant amount of analysis on the security implications and testing of the end result.
@svondutch can you confirm or comment?

If I'm right then I would rather they spent the time developing a proper multi-vault system that allowed you to have multiple vaults open at once to facilitate browsing and searching of the combined data set. The way I see it, even the Mac implementation is a little clunky and the Windows implementation is worse.

svondutch

but you should maybe keep a temporary "hey, he typed in Vault 2's password in the last 20 minutes" so as to at least during the time expiration frequency not ask for the Vault 2 password 3 minutes after I just typed it in.

@Seeker On Windows, we do not keep your master password in memory.

When 1Password is done with your master password (when your vault has been unlocked), then we immediately zero it from your computer memory. We have your master password in memory for the shortest life span as possible.

Your master password is 1Password's weakest aspect and in our experience, attackers will always go for the weakest link. Your encryption keys are strong, but not everyone's master password is.

I'm a strong believer of NOT storing your master password anywhere -- not even in computer memory.

svondutch

Changes to retain previous vault's master keys in memory past their closure would require a significant amount of analysis on the security implications and testing of the end result. @svondutch can you confirm or comment?

@RichardPaybe Absolutely correct. When you lock your vault, then we zero the encryption keys from your computer memory. Otherwise, you wouldn't be locking your vault.

the Mac implementation is a little clunky and the Windows implementation is worse.

@RichardPayne Personally, I prefer the Windows approach of opening one vault at a time, and one vault only. This concept is easy to understand, and we see fewer problems with it.

That being said, I would love to see logins from a personal and a shared vault when I click the 1Password button in my web browser.

Seeker

Ok, hey - I'm not looking at the code. But for the time the vault is unlocked, isn't there something in memory to allow the decryption (i.e. unlocking)? All I'm saying is, whatever is there to allow the vault to be unlocked during the unlocking period, just allow more than one? I didn't ask for permanent unlocking - just allowing more than one vault to be open during a timeframe, vs. "you unlocked another one" - boom the previous one is now locked!

I'm certain there is a reason you don't do it, "it's due to the design", but just suggesting a different way to look at it.

Going with the "I would love" - "hey, unlock vault 1", ok, "hey unlock vault 2". Give me 20 minutes with both of them.... ;)

Even TrueCrypt would allow you to open more than one virtual drive at the same time.

AGAlumB

@Seeker: It would certainly be nice to have the option to have each vault on a separate timer like you describe, but I can see a few concerns with that. This would increase complexity, not just from a technical standpoint, but from the user standpoint as well.

First and foremost, care would need to be taken to ensure that this is done securely. This is accomplished inherently in the current design, because 1Password uses a Single Document Interface (treating your 1Password Vault's database as the 'document'). This design goes back years, and everything else about 1Password is based around this at it's foundation. It's definitely worth rethinking as 1Password evolves though!

But if this changed, my main concern personally would be -- /facepalm -- unlocking one vault, switching to another, remembering to lock my current vault but leaving the first one open, and then wandering away from my computer long enough for someone to access the data in the first vault but not long enough that the auto lock secures it. Some might call this 'paranoid'; I call it 'scatterbrained'. :p

As more advanced users, you and I may find ourselves longing for more options -- more granular control, more features. But more personally, as a son and husband, I am regularly reminded that while our inclination may be to fiddle with preferences, many users just hit a wall with the increased complexity. So regardless of what is possible and desirable for folks like us, ultimately a balance needs to be struck between power and simplicity. Just my (scattered) thoughts . :)

svondutch

as a son and husband, I am regularly reminded that while our inclination may be to fiddle with preferences, many users just hit a wall with the increased complexity.

@brenty Amen.

Seeker

Fine, I understand your concerns, but FOR ME, this renders 1Password for Windows much less usable, given how I use 1Password for the Mac.
Do you know the process to request a refund?

Seeker

But if this changed, my main concern personally would be -- /facepalm -- unlocking one vault, switching to another, remembering to lock my current vault but leaving the first one open, and then wandering away from my computer long enough for someone to access the data in the first vault but not long enough that the auto lock secures it. Some might call this 'paranoid'; I call it 'scatterbrained'. :p

You could always set "Lock Vault" to "Lock All Vaults", if you are explicitly locking a vault, it could be assumed you want them all locked. I think your scenario does over-complicate the issue, but that's just my opinion.

AGAlumB

@Seeker: I think you just agreed with me without knowing it: we all have our own particular workflows and usage needs, which is why there isn't going to be a one-size-fit-all solution. To you, my scenario seems to 'over-complicate' matters. It's kind of a cool irony. :)

And in that vein, 1Password isn't going to be a perfect fit for everyone. If it truly doesn't meet your needs (and, granted, no software is perfectly suited for anyone...unless perhaps they write it themselves!) definitely send an email to support+license at agilebits dot com and they will do what they can to make things right! :blush:

RichardPayne

as a son and husband, I am regularly reminded that while our inclination may be to fiddle with preferences, many users just hit a wall with the increased complexity

And if the configuration screen is done right then the normal users never need to see the underlying complexity; the defaults handle everything as you'd expect.

Personally, I prefer the Windows approach of opening one vault at a time, and one vault only. This concept is easy to understand, and we see fewer problems with it.

That being said, I would love to see logins from a personal and a shared vault when I click the 1Password button in my web browser.

Aren't these two paragraphs fundamentally contradictory?

svondutch

And if the configuration screen is done right then the normal users never need to see the underlying complexity; the defaults handle everything as you'd expect.

@RichardPayne I'm a strong believer in "defaults handle everything as you'd except". However, I'm also a strong believer in keeping the number of settings down. Some of the configuration screens out there are embarrassing. Yes they hide the more complex settings under an "Advanced" button, but they still overwhelm (and intimidate) the new user.

Aren't these two paragraphs fundamentally contradictory?

@RichardPayne Not necessarily. It might be possible to have Logins from multiple vaults in the web browser without the primary vs. secondary vaults concept in the application.

RichardPayne

Yes they hide the more complex settings under an "Advanced" button, but they still overwhelm (and intimidate) the new user.

Since when do new users go poking around in the advanced settings? And if they do, how many of them panic rather than rapidly hitting the Close button? ;)

Not necessarily. It might be possible to have Logins from multiple vaults in the web browser without the primary vs. secondary vaults concept in the application.

Ah, so you're treating the app and web different here? I think that would be confusing. Have multiple vaults open at once, sure, but do it in the web and the app.

AGAlumB

@RichardPayne: I, for one; the first thing I do when opening a new piece of software (application, OS, you name it!) is poke around in the settings. Before anyone gets alarmed, I am the first to admit I have a problem, and am working on it day by day!

But in all seriousness, I installed Windows 10 the other day and headed immediately to Control Panel. I have to stop myself from fiddling most of the time, and give the defaults a chance at least -- not only so I don't mess anything up right away, but to allow myself to get a feel for how the designers expected/intended it to be used, which is something at least worth experiencing...even if I end up tweaking everything later on. And I know I am not alone in this regard. ;)

I guess my point is, changing settings (especially those labeled 'advanced') is, in my experience, exactly the thing most likely to be done by the folks most likely to try new software in the first place. It's hard not to think mainly of the two extremes -- the novice and the power user -- and apply those stereotypes across the board. But the truth usually lies somewhere in between: the true novice may never even hear of 1Password, much less dig around in menus unless directed to by the friend who told them to try it in the first place; and similarly, the real power users do their homework, or just plain know better than to meddle with powers they do not fully comprehend.

Those who require the greatest measure of attention and vigilance are those who are neither novice nor power user, but who know just enough to be dangerous. "There but for the grace of God go I." :blush:

Not necessarily. It might be possible to have Logins from multiple vaults in the web browser without the primary vs. secondary vaults concept in the application.

Ah, so you're treating the app and web different here? I think that would be confusing. Have multiple vaults open at once, sure, but do it in the web and the app.

And this is why these discussions (whether public, private, or thinking aloud in the shower :angry: ) are important. Any change will have ripple effects. Better to give it time and let it stew than to fail to anticipate them. 8-)

RichardPayne

Those who require the greatest measure of attention and vigilance are those who are neither novice nor power user, but who know just enough to be dangerous. "There but for the grace of God go I."

Firstly, I suspect that you're projecting slightly. The vast majority of users that I've dealt with would not touch an advanced settings page even if they would be happy changing options at all.
Just to be clear, when an option would have an "unsafe" setting then I see value it not making it an option. However, forcing user behaviours which no security implications just to avoid options seems wrong to me.

And this is why these discussions (whether public, private, or thinking aloud in the shower :angry: ) are important. Any change will have ripple effects. Better to give it time and let it stew than to fail to anticipate them.

In this case though, there's no need. To Mac line is using has been using a different model for a long time and it seems to be lot more popular than the Windows model. I'll take @svondutch's word for it that the Windows model causes less sync problems but it also causes usability problems. It's swings and roundabouts.

I think that the key thing here is for the product line to behave in the same way, unless there's a strong platform specific reason not to (quick look at attachments for example). So move the Mac/iOS/Android lines to a separate vault model or shift Windows to a localdb model but leaving the current disparity is just confusing for cross-platform users as is evidenced by the large number of forum threads about it.

AGAlumB

@RichardPayne:

Firstly, I suspect that you're projecting slightly.

Probably. :(

The vast majority of users that I've dealt with would not touch an advanced settings page even if they would be happy changing options at all.

I hear you, and for a long time this was my experience, too. But, man...the things I've seen... :'(

However, forcing user behaviours which no security implications just to avoid options seems wrong to me.

This is really pretty subjective, I'd argue. I appreciate your position. Ultimately, the path 1Password is on is about being simple and powerful. The details of what that means will continue to evolve over time, and 1Password will follow.

I think that the key thing here is for the product line to behave in the same way, unless there's a strong platform specific reason not to (quick look at attachments for example).

Well said! Philosophically, I think that is spot-on, but in practice what a user expects also relies on assumptions that have less to do with specific technologies and more to do with the way a user is accustomed to interacting with a library of software by various vendors going back a decade or more.

I remember the debate about whether or not 1Password on OS X should terminate once the window is closed. Many Mac users would still say no. Many PC users would be baffled by the question. And, while there is no technical platform justification one way or the other, I can see both sides of that argument. Traditionally, OS X apps don't terminate unless you actually Quit them. But today 1Password terminates when the last window is closed. On both Mac and PC. Uphill. In the snow. Both ways. And everything is alright.

But ultimately these things need to be decided on a case-by-case basis. No one is perfect, but part of what AgileBits (and everyone else who designs software) does is make these kinds of decisions. Fortunately, passionate folks like yourself offer no shortage of guidance -- from multiple perspectives. Customer feedback is taken into account, but someone has to make that (often tough) final call. But every little bit helps. :)

svondutch

I think that the key thing here is for the product line to behave in the same way, unless there's a strong platform specific reason not to (quick look at attachments for example).

@RichardPayne You're right. By the way: we do have this feature on Windows now.

I remember the debate about whether or not 1Password on OS X should terminate once the window is closed. Many Mac users would still say no. Many PC users would be baffled by the question. And, while there is no technical platform justification one way or the other, I can see both sides of that argument. Traditionally, OS X apps don't terminate unless you actually Quit them. But today 1Password terminates when the last window is closed. On both Mac and PC.

@brenty This is a bad example :) because 1Password for Windows does not terminate if...

1. your vault is unlocked, and
2. the 1Password tray icon is enabled

Seeker

I think that the key thing here is for the product line to behave in the same way, unless there's a strong platform specific reason not to (quick look at attachments for example).

This.

One comment made was that "the software doesn't work adequately for me, and in fact, in some sense, no software will work perfectly for anyone".

Not exactly - I'm an I/T professional (an advanced user!) - I can make software do cartwheels, I can sing and dance, and I can figure out compromises to make the software work properly for me. And so I did - I got 1password for Mac, analyzed it, and came up with a methodology that, at least works, if not perfectly.

Then I get 1password for Windows - suddenly, those things I figured out, manipulated, and so on (in this case multiple vaults, and the ability to move freely between them - and yes, dominoes from that), don't work the same. And in fact, it is enough different to be a major inconvenience (I won't cry unusable, but definitely a big enough problem to make me not want to use the windows version - GIVEN I've figured out how to make the Mac version work for me.)

AlexHoffmann

I find making assumptions about default parameters and generalising user expectations problematic.
One user will see the default settings as correct, the other will find them not optimal because they don't align with the learned usage patterns.
The same goes for UX across the app.

We aspire to make our products idiot-proof — which is the highest possible praise for any piece of software, in my opinion.
And while it is desirable to have familiarity between platforms, apps shouldn't be identical because then one risks not being able to optimise for an OS and the needs of users of this OS.

Seeker

Of course apps shouldn't be identical - that's absurd. But they should work similarly to a cross-platform user, otherwise we're back into platform wars.

MikeT

Hi @seeker,

Of course apps shouldn't be identical - that's absurd. But they should work similarly to a cross-platform user, otherwise we're back into platform wars.

Functionally, we do try to make 1Password identical between platforms as much as technically and humanly possible. We didn't set out to make 1Password work differently, we want to build the best consistent and native experience we can provide to our users, regardless of what platforms they use. It will keep getting better as we continue to work on 1Password.