Cannot unlock a specific alone (greyed out) and primary unlocks all

Sefer
Sefer
Community Member

So I found the following thread which explains one of my two issues with 1Password for Mac: Unlocking Primary Vault Unlocks all Secondary Vaults

Problem 1: I tried to follow the advice given to change to a different vault when 1Password is locked but I cannot do this because all vaults are greyed out. And how would I do that if I want to use a specific login from my second vault without unlocking the primary vault? (1Password Mini in Browser included)

Problem 2: On windows I can unlock each vault on its own and therefore use data properly. I wanted to try this on Mac but I can only unlock my primary vault (again problem 1). What would I have to do to change this behavior? I don't want my primary vault to unlock my secondary vault because this one holds very sensible data which shouldn't be unlocked if I don't want it. What do I have to do to unlock them separately? If this is not possible, what do I have to do instead to use the secondary vault (which holds website logins only) for 1Password Mini (browser)?

It may be more convenient for most users so they only have to remember one master password, but not for all. An option which you could tick/untick (ticked by default) would be better. And it doesn't even make sense to create another master password for the other anyway then...


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @Sefer - I'm sorry for the trouble here. Part of it stems from the fact that you're using advice and instructions from a thread that's over 3.5 years old; that's quite a long time indeed, in computer software (and even hardware) terms. At the time those instructions were given, version 4.4.1 was the current version of 1Password for Mac. We're now at version 6.8.5 and things have changed.

    When you say "on Windows I can unlock each vault on its own..." I have to assume you're referring to 1Password 4 for Windows, since anything later than that (including all versions of 1pw6) now work essentially the same as the Mac versions do. The upcoming 1Password 7 will resemble the way 1Password for Mac does it, across all platforms, not the way 1Password 4 for Windows does it, for various reasons, some of them security-related. In short, this behavior isn't going to be changing or reverting to the way it was done several years ago in 1Password 4 for Windows and 1Password 4 for Mac.

    I can understand considering one's bank account login to be more sensitive and important than, say, one's account at catpix.com (not a real site). I would certainly consider some of my own data in 1Password to be more sensitive than others. But because 1Password provides the same level of security to all its contents, I'm not sure I understand the use-case for segregating data into a "high sensitivity/importance vault" and a "low sensitivity/importance vault." I can certainly understand having separate vaults for work and home, or volunteer work, or items you share with the family/colleagues, but can you maybe explain a bit more about your use-case or your perspective so I can maybe offer some alternative solutions, given that separate unlocking of secondary vaults isn't going to be returning in its current form? Thanks.

  • Lars
    Lars
    1Password Alumni
    edited January 2018

    @Sefer You're certainly not the first person who's lamented this unintended feature's demise; there were a few others at the time who had incorporated it into their workflow also. Nevertheless, it's one I feel pretty comfortable saying won't be returning anytime soon, for a number of reasons.

    The scenario you're imagining is one we hear relatively frequently: what if my computer is compromised? Although 1Password provides you with multiple measures to defend your data, if an adversary is able to gain the ability to execute arbitrary code running as root on your system, whether through brute force or socially engineering you or exploiting hardware or software weaknesses in your system or network, there is little we (or even you) can do that will prevent them from doing what they want. They can change config files, leave behind malware of virtually any kind, and much more. In such a scenario, your computer can for all practical purposes no longer be considered yours, and the ability to unlock different vaults with different passwords wouldn't be enough to keep you safe.

    In most other scenarios (i.e. - where your computer has NOT already been compromised by an adversary), 1Password keeps you quite safe indeed, presuming you've used a long, strong Master Password that you don't share with anyone else. That, coupled with an aware and sensible defense in other regards (not clicking on links or opening files you don't know the origin of, not installing untrusted software) provides the best defense against attackers.

This discussion has been closed.