master password vs. account password

dbreiserdbreiser Junior Member

1Password7 Preferences offers both Security>Change Master Password and Accounts>Change Password.
Thinking I had seen somewhere that setting the familyname.1Password.com account password to the organizer's Master Password was a good idea, that's what I did when first establishing our account online.
Seeing separate options for these two passwords suggests it's possible/easy to get the two passwords separated into different values.
Should I want to do the separation? Should I want to avoid the separation?
The reason I wonder is that I used my old standalone master password initially because I wanted to be sure it would be easy to move my standalone primary vault to the online account. 1P says that my old master password is only Good, so I'd like to improve it's security. I have a candidate password that 1P reports as Fantastic. So now, what steps should I use to best establish the new candidate in the most reasonable way?


1Password Version: 7.0.2
Extension Version: 4.7.1
OS Version: osx 10.13.4
Sync Type: Not Provided

Comments

  • JacobJacob

    Team Member

    Hey @dbreiser! That's a great question. Changing your Master Password in the Security area of 1Password's preferences changes the password for the first account you have in 1Password for Mac. Changing the account password changes it for that specific account. This is for folks who have a team, family, and maybe individual account on the side. If you use 1Password with multiple accounts, you can always use the same Master Password, but changing it in the app will behave differently based on where you do it, since one is more focused than the others. :)

  • On a similar note - how do I change password to unlock the app without changing the first vault master password? My master password is rather long (and prone to typos), which makes daily use very unpractical.

    I have 2 laptops, each with 1P installed. The older one has a legacy installation with a previously installed local vault, the newer only with 1P cloud accounts. The legacy installation unlocks with the local vault password (the local vault no longer exists), the newer with the first vaults password.

  • BenBen AWS Team

    Team Member

    @najlos,

    Here is how 1Password handles unlocking:

    • If a Primary vault (standalone vault) exists the Master Password for the Primary vault will unlock 1Password
    • If a single 1Password membership has been added then 1Password unlocks using the Master Password associated with that membership account
    • When multiple 1Password memberships have been added 1Password unlocks using the Master Password of the first added membership

    1Password only ever acccepts one Master Password. All memberships / vaults are unlocked when 1Password unlocks. I hope that helps!

    Ben

  • @Ben,

    Thanks for explanation. This is pretty clear. I wanted to ask, if I can change the 1P unlock password without changing the primary (membership) vault's password. I'd like to make unlocking a bit easier, but without compromising my online vault password.

    If I understand things correctly, it would require following steps:

    1) remove all vaults from my 1P installation
    2) add a new local vault with the desired password
    3) add all online vaults
    4) remove the local vault

    Correct?

    Thanks, Ondra

  • BenBen AWS Team

    Team Member

    @najlos,

    No, that won’t work, as you’ll end up in this situation after remving the standalone vault:

    When multiple 1Password memberships have been added 1Password unlocks using the Master Password of the first added membership

    If you want to do something like that the only way is going to be to create a Primary vault (1Password > Preferences > Advanced > Enable creation of vaults outside 1Password accounts) and set the Master Password you want to unlock 1Password for that Primary vault. You’ll then be in this situation:

    If a Primary vault (standalone vault) exists the Master Password for the Primary vault will unlock 1Password

    You’ll need to keep that vault for as long as you want that password to unlock 1Password. You can remove it from the All Vaults view though in 1Password > Preferences > All Vaults > Uncheck Primary and make sure Vault for Saving is set appropriately.

    Ben

  • I am also interested in a simple unlock password for everyday use, but did not understand your solution.
    Using 10 digits to be unlocking during the day is cumbersome, i easily mistype and have to retype. I can have an empty primary vault and the other vaults can have a shorter password. Would i be able to unlock the other vaults that way?

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @bensasso! We can't really recommend you intentionally try to defeat requirements for your Master Password. AES256 encryption is very secure, but not if you give it an easy-to-guess (or derive) Master Password. Here's some tips on creating a strong Master Password, if you'd like them.

    Ben's solution was to create a local, standalone vault (which would then serve as the Master Password for your entire 1Password for Mac setup). Once you've done that, the Master Password for your 1password.com account would remain as it is, but you'd use a different Master Password for opening your local 1Password for Mac setup (the one for that local vault you created). Again, this isn't something we recommend. It can cause confusion or even lead to data loss -- not to mention the increased risk that someone could compromise your data on your Mac due to the shorter and easier-to-crack Master Password.

  • Thanks, that works. Nobody has access to my computer at home, i open 1password too many times a day. I understand that it is less secure, but it definitely simplifies my life.

  • LarsLars Junior Member

    Team Member

    @bensasso - glad you found a solution that works for you. :):+1:

This discussion has been closed.