Account Key for normal 1Password?
I just read through the 1Password for Teams white paper, nice work on both the system and the writeup!
I currently just use a family license for 1Password at home, and don't foresee needing 1Password for Teams. However, the Account Key feature looks like it would be a useful addition for users who use Dropbox or iCloud to synchronize their vaults, ensuring that if the encrypted vaults were obtained by an attacker, they could not (feasibly) attempt to brute force the Master Password. This addition would provide more peace of mind for those syncing vaults, and maybe provide the extra push for folks thinking about using network syncing but worried about the risks of having vaults in the cloud.
I assume the 1Password team is focused on the Teams rollout, but consider this a feature request to add Account Keys (optionally) to the standalone 1Password.
P.S. I hope the wordlist password generator makes the leap from iOS to OS X in the next release! :)
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hello foobar,
Thanks for taking the time to share your thoughts with us. I'm so happy you enjoyed reading the White Paper! Jeff, Julie, and I put quite a bit of effort into it and I'm so excited to see people reading it :)
I love the Account Key in 1Password for Teams, and in many ways, I agree with you that it would be a great addition to 1Password itself. After all, having an extra 128 bits of entropy available to combat brute force attacks is pretty awesome! The thing is, we worry a lot about data availability around here. While it doesn't happen every day, we do talk to quite a few customers who have forgotten their Master Password and it's not a fun experience. Our fear is adding the Account Key into the mix will cause a lot more people to become locked out.
One of the main reasons 1Password for Teams is able to have an Account Key is because of the Recovery Group. When an end user forgets their Master Password or loses their Account Key, they can talk to their Recovery Admin and have access restored. This is a really great feature, and the way it is done ensures that only your Recovery Admin can do this (just like in 1Password, AgileBits has no way to reset your Master Password in 1Password for Teams). This recovery is only possible in a team environment.
So while bringing the concept of Account Key to 1Password is possible, the concept of the Recovery Group is not. This curbs my enthusiasm for this feature greatly, and so at this time it is not something we're considering adding.
As for the word list generator on iOS, I'm glad to hear you're enjoying that! I'm not sure when that will make it into OS X, but it's something I'd also love to see :)
Cheers!
++dave;
0 -
OK, thanks for the reply. Too bad on adding Account Keys to 1Password standalone. I can see why novice users might shoot themselves in the foot, too bad it couldn't be added as a feature for power users.
0 -
@foobar: I hope you don't mind, but I've moved this discussion to the Mac category of the forums since it's regarding features requested for 1Password for Mac.
Indeed, and a lot of 1Password for Teams users are already losing their Account Keys, so that's certainly not a huge vote of confidence either. :(
You may be right though. That said, it's certainly something we can consider in the future. But I think it will serve us all best if we can refine the Account Key idea with power users using 1Password for Teams, as it may give us some ideas on how to improve it there (if only by learning how to 'trick' people into making sure they save it!) before we seriously consider bringing it to the 'personal' version of 1Password. ;)
0
