Multiple Team/Family accounts with different Master Password

sia
sia
Community Member

Reviewing discussion here:
https://discussions.agilebits.com/discussion/67007/choose-a-team-account-for-the-master-password-on-1password-for-mac
i see that Master Password for first Team/Family account is used to unlock app - which is i guess reasonable, once app was logged into, you do not want to keep re-entering all Master Passwords.

This does imply to me that app encrypts and stores locally Master Passwords for accounts other than first one - please confirm my understanding.
I guess it's a design choice, but i did not find it in the "1Password Security Design" whitepaper.
There is nothing nefarious about it, and recovery (if this first account is disabled or master password is lost) is simple (as long as you remember other Master Passwords).

I'd rather have this done more transparently, with a warning to the user; and reflect which master password is required in the UI, if there is more than one - i.e. "Enter your Master Password (local)" vs "Enter your Master Password (Team BLAH)".

Thanks! Love 1Password, and want it to be better.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    HI @sia - thanks for writing in, and even more for the kind words about 1Password. We share your view: we want 1Password to be the best it can be, as well! This post from our blog is somewhat old (from before the 1Password account days), but much of it is still relevant; it's probably the most in-depth public discussion of Master Password-handling we've got available. Long story short, we don't actually store your Master Password.

    As Brenty mentioned in the thread you referenced, however, we add additional UI elements/choices very sparingly, and only after considerable thought, because our user-base is large and wide enough that we have to always be mindful that everything we put into 1Password can and almost certainly will be seen/used by everyone from the greenest neophyte to the most seasoned geek. It's often very difficult to properly add even highly requested power-user features, because having them available to less sophisticated users and power users alike often means people can get themselves into trouble without really understanding what they did. We walk a pretty fine line to try striking the balance between keeping 1Password intuitive and simple to use and offering the power and flexibility knowledgeable, proficient users demand. When we can, we do both.

    This one? As brenty mentioned, I'm not sure how likely it is to see the light of day. In the meantime, if you don't want your next-in-line account to be the Master Password you have to remember, you can remove that account from 1Password for Mac until you get to the one you DO want to be the Master Password that unlocks your local device, and then re-add the other accounts to which you belong. That should get you where you want to be. Thanks again for your interest!

This discussion has been closed.