Individual unlocking of secondary vaults gone in 1Password 6
Comments
-
I didn't even realize this was possible with multiple vaults in the Mac version (I've been hoping for the Windows version to have an All Vaults view like Mac and iOS where they all unlock) but having the ability to have vaults with different passwords could be useful in some cases. I do like both options, now that I know it was an option I want it, but don't count my vote for it as much as others... :-) (I use all three platforms)
0 -
I think your assumption is correct. We have it installed on shared workstations and everyone knows the password to the secondary vault where we keep all the logins needed on a day to day basis. No one puts any personal information or logins in this vault. In the primary vault we store more sensitive logins and only a few people who need these logins have the password. Sort of like the key to the executive washroom. If direct login to the secondary vault is not possible we'll have to figure out another structure. Any suggestions would be super helpful. Thanks.
0 -
Hi,
I am trying to achieve something similar to what kev79 wanted.
I however do not know if i understood littlebobbytables correctly because i cant seem to get it to work the way i think it should.
My understanding may be wrong though so please correct me if I am.
Based on the response my understanding is that
1. The master password that i have set for the primary vault will give access to all other vaults.
2. I can set passwords on other vaults i create that should give me access to only the contents of those vaults
To put this in practice i created a new vault with a password different from that of my primary vault (master password). The problem is that I am unable to log into 1password with the new password i have created. It only accepts the master password which in essence opens all the vaults because it is the one for my primary vault.
I would be grateful if you could let me know how the different passwords for different vaults work.
Thanks0 -
@afarikofi I have merged the new thread you started with the existing thread on the same subject.
Stephen
0 -
Hello,
I've been burdened with the exact same issue everyone else describes here. With 1Password 5 I could choose which vault to open with cmd+1 or cmd+2 but this isn't possible anymore with 1Password 6 which for me is a huge drawback on the multi-vaults feature.
I have a personal vault and a professional vault and I want to be able to decide which one to open.
To be honest I've never understood either why the master password allows to open all vaults (which means that secondary vaults can be opened with more than one password). While this can be convenient, I believe that in terms of security it would be better to have completely independent vaults / passwords, though I can live with that.
Anyway long story short I've upgraded one of my computers to 1Password 6 and now regret it. While multi-vaults was a great feature of 1Password 5 the new version makes it useless and this is really disappointing. I really hope you fix this quick, the way I see it 1Password 6 is a major downgrade from 1Password 5 why regards to the multi-vaults management. And the team vault doesn't compensate for the loss of the previous behavior.
Thanks
0 -
Hi,
as many I use a strong master password for my sensitive information and other vaults with less strong passwords for every day internet stuff.
This also pretty much kills 1password for me, because now i have the choice of two hardly acceptable options:
1. Staying with 5 and accepting a known critical bug or
2. moving to 6, switching to a short master password and removing all sensitive information from 1password.:+1: to getting this feature soon into 6 and ios (see https://discussions.agilebits.com/discussion/48723/change-vaults-before-entering-code-on-non-thumbprint-device?) as well.
0 -
Hi All.
@p6ril: You made a specific point that I want to address if I may. Each vault has a single password that will decrypt the contents. The way secondary vault support works in 1Password for Mac is the encryption keys for your secondary vaults are stored inside your primary vault in a way invisible to the interface. When you unlock your primary vault it allows 1Password access to the encryption keys that decrypt your secondary vaults. If you sync a secondary vault to Dropbox for the purposes of sharing you will find its password, and only its password will unlock it when somebody else uses it. So a vault doesn't have multiple passwords that will unlock it. Now I'm writing this not to belittle anything you've said, I just wanted to inform you of how it works under the hood. Please keep reading the rest
@afarikofi: 1Password 5 used to allow you to switch vaults while in the locked state. To learn more about why this has been removed in 1Password 6 I'd like to point you to a post by Rick, one of our developers.
@afarikofi, @p6ril, @bearahu & @vincebhh.
We're making a note of every person's feelings on the matter and we will be communicating all of this with the developers. Please don't forget, the developers aren't insensitive to your situations and the decision to remove wasn't taken lightly. We do genuinely want our users to be happy (but secure of course) and it makes us sad when you're not.
0 -
Add my name to the list of reverting back to v5 behaviour where I was able to open secondary vaults independently of the primary. Would be much appreciated.
0 -
Please add me to the list of people who want to be able to maintain multiple separate vaults that are unlocked independently. The main use case for me is sensitive information in one vault and less sensitive in another.
0 -
@littlebobbytables Thanks for the clear detailed explanation. I didn't express myself right about "opening the vaults with 2 passwords" even though from a user standpoint it looks like it is :-).
My point is: if my personal (master vault) password gets compromised, the attacker automatically also gets access to my other (professional) vaults and I'm sorry but it feels "less secure" whatever the technical reason behind it.
It could be a preference to let the user decide wether or not using the master password automatically opens the other vaults (doesn't really help with the security point I was trying to make though which is inherent to the encryption keys being accessible with the master password) or which vaults it opens. I suppose it's addressed with the all vaults feature of 1Password6 (but again this is only about what is visible in 1Password).
Long story short: I'd rather have completely independent vaults and not being able at all to open all vaults with the master password. It's more secure but in a way contradicts the "1 password" paradigm ;-)
0 -
@p6ril: That's certainly something we can consider for the future. Just keep in mind that we've got a lot of folks on the other side of that debate: 1Password for Windows works the way you describe, and having vault work "like the Mac version" is one of the most popular requests. Can't please everyone I guess! :lol:
0 -
@brenty @p6ril As a Windows (primarily) and Mac user, I can definitely say I'd love to see the Mac behavior on the Windows side to match the iOS and Mac where all vaults are unlocked at once. The idea of some vaults that are not automatically unlocked and require a separate password is actually not a bad one and I support it, but it would be secondary to having Windows match the Mac's functionality :-)
0 -
Like Campo Please add me to the list of people who want to be able to maintain multiple separate vaults that are unlocked independently. The main use case for me is sensitive information in one vault and less sensitive in another.
I think that it is not cool to delete, without notice, a so important feature0 -
+1!
0 -
Hi @JJacques27 and @spantalo ,
I've added your votes to the request in our internal tracker.
I think that it is not cool to delete, without notice, a so important feature
I suppose it could be said that the best way to determine a feature's importance is to remove it. Speaking for myself here, I had no idea that so many people relied on this feature. I just want to reiterate that we are listening to everyone's feedback here and investigating ways to improve this. We really appreciate your patience as we search for a solution.
OPM-3687
0 -
Was it tracked in the change log?
0 -
I'm just here to add a +1. I used the multiple vaults feature while it existed. I'm not sure I understand the value of having multiple vaults if a single password unlocks both of them.
0 -
For what it's worth, the app is called 1Password for a reason and that was a big part of why the Master Password is used to unlock all vaults. The whole concept of the app is that it's supposed to be the one password you ever need to remember. That's why when there was the ability to use separate passwords on vaults they were all also unlocked with the Primary vault’s Master Password.
Now that being stated, there are a lot of good use cases talked about in this thread that we are looking into and thinking about the best ways to make it work going forward. Really appreciate the feedback and descriptions of how and why you use it the way that you do. For me, as the designer, the why is particularly helpful going forward so thank you very much!
0 -
@danvpeterson Will be any future update to revert the ability to open secondary vault without unlock Primary vault ??
If NO the I must return and I will stay on v5
0 -
We don't have any news on the subject, at least nothing more up-to-date than what's in this thread. We're noting down what everyone here says to weigh the feedback on the decision. littlebobbytables' previous post expresses things quite well, and the reality at the moment is that adding back this functionality with the current structure of vaults in 1Password for Mac would be quite the task. We're up for the task if it's necessary, but we're still looking into things and figuring out what is best for folks. I'm sorry it's not available right now and I'm sorry that I can't give you any updates on unannounced plans, but that would change the definition of them. If you must return to 1Password 5, that's perfectly fine. If we bring this feature back in the future then :+1: and you can join the 1Password crew. No hard feelings. :) I hope that helps.
0 -
Add my name to the list. I am using it is much the same way as everyone in this thread. One vault for personal, one for professional. I have already downgraded to v5 and will stay there until this feature comes back.
@danvpeterson said "..thinking about the best ways to make it work going forward". It was working just fine for me until it was gone. That seems to be the general sentiment from all the comments. Don't reinvent the wheel, just make it round again.
0 -
It was working just fine for me until it was gone. That seems to be the general sentiment from all the comments. Don't reinvent the wheel, just make it round again.
@SecondMile: I know this isn't foremost on your mind right now as you're coping with the loss of familiarity, but we need to consider not just the needs and wants of you and others in this thread, but all 1Password users. So we also need to take those who prefer that it works this way (and are therefore not here arguing that it should be changed) into consideration along with your own feedback as we develop future versions.
We hear you. And we'll have to see what we can do to make 1Password better for everyone. If we just think "working just fine", 1Password will never get better. "Better", of course, is subjective, but the only way we'll do "better" by anyone's standards is by trying. So that's what we'll keep doing. :)
0 -
@Brenty I find your reply very condescending. Please don't misinterpret my comments as anti-progress. I have been using 1Password since 2007. Every update and upgrade has been great and I have gladly given money for each one. This update however took a piece of what many, not just me coping with my loss of familiarity (really?), consider core functionality and deleted it. That is not progress, that is regression. I understand that setting up vaults and sharing them is difficult as pointed out by Dave in his blog post comments (on 1Password for Teams for families) and I am all for making the synchronization of multiple vaults easier but not at the cost of functionality that I have integrated into daily workflows. Progress would have been to add the search functionality of all vaults when using the 'Primary Vault Password', which I think is great and much needed. Why did this addition of this functionality have to remove having separate passwords for separate vaults. Why could the two not co-exist?
The way you describe it this was done for the greater good and I should consider the feelings of others. This isn't social welfare. It is software that helps perform daily tasks.
And while I hate trolls, I wish I could find a link to the comment where you stated "It's named 1Password for Teams not for families"... classic. :)
0 -
+1 for restoring this functionality somehow as soon as possible. I've been hit with this as well as per my comment in another thread. For now I've reverted to 5.x and the Agile Store (was on App Store) for the time being.
cheers,
https://discussions.agilebits.com/discussion/comment/271218/#Comment_271218
0 -
@SecondMile I think what @brenty and I were trying to say is that all you're seeing right now are the people in this thread with problems with the change. He definitely didn't mean it in a condescending way. But, along with the potential issues that Rick brought up a few posts ago on this thread, we also see a lot of emails and issues with the old way of handling it (being confused, not sure what's happening). For both of these reasons it's not a simple "just bring it back" kind of thing.
If you missed it, here is the earlier post from Rick on the first page of this thread: https://discussions.agilebits.com/discussion/comment/269801/#Comment_269801
0 -
Thank you for the reply @danvpeterson. I did see Rick's explanation and while he doesn't go into detail, I can guess about the scenario he is talking about.
I believe he is eluding to a situation where you have a primary vault with the 1Password to rule them all, and then you have several secondary vaults with their own password. When do you show the lock screen and when do you allow the person to switch between the vaults without reentering a password?
The way it is in v6, you enter your 1Password and you have access to everything. Simple. Makes sense. But... if you have private items (read above threads) that you want a wicked long nasty password protecting (your 1password), but less secure items, or work items, or vaults for the kids, with an easier password for quick access, that is not possible in v6.
The way that it works in v5 makes sense in my mind and maybe that just needs some tweaking and explanation. The 1Password unlocks everything. If you used ANY secondary vault password to gain access to that vault and you switch vaults, you must re-enter a password for the vault you are entering.
The irony is that the way that v6 works is less secure due to the fact that you are forced to use your 1Password at all times which gains access to everything. I don't want all my personal information exposed on my laptop when I am at the coffee shop or even at work. But I don't to type my 30 character password to gain access every time either (yes, lazy but I use a lot of logins and move away from my desk often).
I set up the president of my company's 1Password this way. He has his personal vault as his primary vault and then we have a vault we share that contains company log-ins. I am on his computer a lot and can access the "Operations Vault" without issue in v5. Now I will need his master password, and to be honest, I don't want it for security reasons. The way I understand 1Password for Teams, it will not even help this scenario. It assumes that everyone is always on or with their own device (I may be wrong).
I understand this is not a "just bring it back" by flipping the magical switch. I am a developer and I am sure some chucks of code were discarded and reengineered to make v6. I am sure hundreds of meeting were held and many votes taken. At the end of the day, you can let those of us that are not happy with the decision kick and scream (this will be last post on the topic) and eventually we will all shut up once we have mourned our loss of comfort. Or you can pull and Apple, and tell the 10% of your users that actually used this feature to take a hike because you are going after the bigger market. I just hope there is a middle ground (without paying $60/year).
0 -
Hi @SecondMile,
We hear you. Your use case is a super interesting one, and one that weighed heavy on us when we finally made the tough decision that it was better to do the rebuild of the unlocking mechanism.
There are other cases that are similar to that with 1Password for Teams where it would definitely be good to have some type of UI available prior to unlock to decide what exactly gets unlocked.
I don't think any of us here have written off bringing this feature back. We need some time to re-think it, both from a technical stand point and from a UI stand point. The old UI was undiscoverable and led to a lot of confusion. We need to do better from both angles.
Rick
0 -
@rickfillion I agree that the UI (and the multiple vaults feature in general) was undiscoverable and difficult to setup. But once it was set up, it was great.
I thank you for all the work on 1Password. As I mentioned I have been using it for 9 years. I have recommended it to countless people. It is amazing how many people still use 'password123'. Not after I chat with them :)
All the best and thanks for listening.
0 -
Thanks for reading, and for sticking with us. :)
0
