Trying to migrate 1 Password data from Windows computer to iPad. Error says 1PW acct can't be added

raplot

I am trying to migrate my 1 Password data from Windows desktop to iPad. After entering the Account Details, with scanned setup code and also manually, double checking all entries for accuracy, an error message reads "1Password Account Cannot Be Added". What am I doing wrong. Just last night, all the 1 Password data was on my iPad, but now I cannot get any of the data in the app and that is why I am again trying to migrate my password data. Help!!!!
Ruth Ann

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Trying to migrate 1Password data from Windows computer to iPad.

AGAlumB

@raplot: Are you able to sign into your account on 1Password.com in your web browser? Also, it would be helpful to know the version information you omitted from your post: what OS and 1Password versions are you using on each device?

raplot

Hi brenty:
Through a process of trial and error, the data is now on my iPad. Thanks for your help!

Ben

Thanks for the update. :+1:

Ben

oO_o

I am running into this issue while attempting to add 2 Teams accounts (same domain) to an iPhone in iOS. iOS and 1Password app are both current.

Ben

Hi @oO_o,

It isn't possible to add multiple accounts from within the same membership to one iOS device.

Ben

oO_o

:'(

Ben

Sorry about that.

Ben

oO_o

Where is the appropriate place to request this as a feature?

Ben

@oO_o

This is a good place to make feature requests, but this isn't something that is going to be possible. Consider, for example: how would it work when editing an item in the Shared vault, or any other vault in which both of those users might have access? Which of those users would be making the edit? iOS is inherently a single-user platform. It isn't designed to have multiple users on one device. At best we'd be trying to make a square peg fit in a round hole. Certainly for iPads it seems it could be argued that multi-user usage is something that should be possible, but that would be feedback that should be directed to Apple.

That said we'd be interested to hear about your use case. There may be another way in which we can address the situation you're running up against. What is the thought process behind wanting to have two users from the same team signed into a single iOS device?

Ben

oO_o

One account is for credentials I am comfortable using with the browser plugin and the other has more security sensitive credentials which I prefer not to use with browser plugins.

When using multiple 1Password accounts, you always have to choose a primary that you use to sign in with. Does it make sense to use that one as the identity when logging edits?

Ben

Thanks @oO_o. Folks much smarter than me have evaluated this situation and determined it isn't feasible to make possible. I'm not familiar enough to explain all the ins and outs, but I can say I've been told that we don't expect for this to ever be possible.

I would like to hear more about your concern w/r/t the browser extensions, though. What sort of attack vector are you concerned about there? I'd be happy to get our security team involved in evaluating that concern.

Ben

AGAlumB

@oO_o: I'm also unsure of what security benefit you'd gain from that setup, given that you'd still have all the data on the device. I know some folks use a separate (often guest) account for stuff they need to access on a shared machine, to compartmentalize things...but the benefit there is only being signed into that one account, which has access to only a limited subset of their data. With multiple accounts on the same device, it seems that any threat to one account would also be a threat to the other since both are present.

For what it's worth, we don't ever recommend against using the browser extensions, because there is no security benefit to be gained by not doing so, and the convenience lost often inspires more risky behaviour. At one end of the spectrum, you've got people copying and pasting passwords, which puts them on the clipboard, which is accessible to all apps. Not a huge risk, but an unnecessary one since other software may intentionally or inadvertently record them. At the other end, people go back to weak, reused passwords they can remember and type, since they don't have the ease of 1Password filling them.

I will say though that there is one significant risk of using the 1Password browser extension: your other extensions. If you're giving those permission to read and modify everything you do on websites, there's a lot they could do, either out of incompetence or malice, with your login credentials, browsing history, or anything else you do online. So we do recommend using only 1Password's extension if you can, or, failing that, using it only with others which have limited permissions so they cannot harm you.

Anyway, I hope this helps, and I look forward to hearing specifically what you had in mind. :)

oO_o

I have 2 reasons:

1. Looking at password managers in general, browser extensions are usually where things go wrong. Even if the password manager works as intended, the user can still be tricked by phishing attacks. No matter how careful you are or secure the application is, the browser plugin is an additional attack surface.
2. If you are using the op cli tool (still in beta, I know), you may be storing various keys/passwords that have no business ever entering a browser. While it would be unlikely that you would accidentally fill in your pgp key in a web form, why not just make that impossible?

If you're wondering why I need pgp keys on my iPhone, that's not my use-case. I just think these are compelling arguments for separating some credentials from the browser plugin.

A keycode for a door or an ATM PIN are also a good examples.

I guess ideally the ability to enable/disable vaults for the browser plugin is what I'm looking for. Running multiple accounts was my attempt at a work around.

oO_o

I left a comment here but it disappeared when I edited it...

Ben

the user can still be tricked by phishing attacks

1Password helps protect against phishing by not filling logins on sites that don't match. For example it will not allow you to fill your login for 1password.com (one password dot com -- us) on lpassword.com (L password dot com -- not us).

If you are using the op cli tool (still in beta, I know), you may be storing various keys/passwords that have no business ever entering a browser. While it would be unlikely that you would accidentally fill in your pgp key in a web form, why not just make that impossible?

Most item types in 1Password cannot be filled. Logins, Identities, Passwords, and Credit Cards are the only items that can be filled. If you're storing your pgp key as a Document or in a Secure Note it wouldn't be filled in your web browser.

A keycode for a door or an ATM PIN are also a good examples.

Again I think using appropriate categories for these things can help prevent any difficulty here.

I guess ideally the ability to enable/disable vaults for the browser plugin is what I'm looking for. Running multiple accounts was my attempt at a work around.

Thanks for taking the time to share. :+1:

Ben

AGAlumB

@oO_o: In addition to what Ben mentioned, when you're using the 1Password desktop app/extension, literally no data (or even filling logic) is stored in the extension; all of that's handled by the app, which decrypts data on demand and sends it to the extension. Unless you select an item to view or fill it, none of its data is ever sent to the browser. And if you hide vaults from the All Vaults view, you won't accidentally select those items either.

jclende

Thank you for restoring my comment earlier. Not sure what happened there.

I am running 1PasswordX in Chrome on a Linux Desktop, so unfortunately, I do not have the benefit of the desktop application.

I understand that 1Password takes all possible precautions, but the browser plugin is still fundamentally an additional attack surface. I am often accessing systems by relative domain names, IP addresses, etc, which means I'm manually searching and copy/pasting credentials, so that unfortunately defeats some of the protection that @Ben has described. This is obviously not ideal, which is why I am trying to compartmentalize the credentials so that the higher security ones are not available in 1PasswordX.

I'm also aware that my situation is not representative of the average 1Password user, so fwiw, I think it would be nice to have access control for the browser plugin (1PasswordX specifically). Since I'm in a small minority of 1Password users who would use that functionality, I don't necessarily expect something like that to be implemented, but it would be nice...

It seems that my login has changed to my personal one... This forum is acting very strange for me. I am still in the same Chrome window...

AGAlumB

Thank you for restoring my comment earlier. Not sure what happened there.

@jclende: Edits often get flagged for moderation by the spam filter since spammers like to post something innocuous and then edit to change it to an advertisement or something to try to sneak by. Sorry if you got caught by that mistakenly.

I am running 1PasswordX in Chrome on a Linux Desktop, so unfortunately, I do not have the benefit of the desktop application.

Ah, thanks for clarifying.

I understand that 1Password takes all possible precautions, but the browser plugin is still fundamentally an additional attack surface. I am often accessing systems by relative domain names, IP addresses, etc, which means I'm manually searching and copy/pasting credentials, so that unfortunately defeats some of the protection that @Ben has described. This is obviously not ideal, which is why I am trying to compartmentalize the credentials so that the higher security ones are not available in 1PasswordX.

Fair enough. Thanks for explaining. I still think it's important to consider that you've still got that potential attack surface unless you don't use a browser at all, or don't copy and paste anything from 1Password there. But certainly all of this is something you need to evaluate for yourself. So take my comments here more as for the benefit of others who come here. :)

I'm also aware that my situation is not representative of the average 1Password user, so fwiw, I think it would be nice to have access control for the browser plugin (1PasswordX specifically). Since I'm in a small minority of 1Password users who would use that functionality, I don't necessarily expect something like that to be implemented, but it would be nice...

While we do need to prioritize things that will help a greater number of people, it's an interesting idea. It may be that others could benefit too, and, if nothing else, I really appreciate you sharing your use case with us so we can consider it as we continue to develop 1Password. Always good to have a different perspective!

It seems that my login has changed to my personal one... This forum is acting very strange for me. I am still in the same Chrome window...

I'm not sure I understand. Can you elaborate?

jclende

@jclende is a login I made when I was using 1Password for personal use only. @oO_o is connected to my work email. It doesn't matter, it's just strange that the account switched.

Thanks for considering my concern here. I am using 1PasswordX for the amazing convenience of having it connected to my Chrome and Firefox accounts. I am often working on different machines or even virtual machines in different physical locations, all running different operating systems and 1PasswordX makes it possible to do this while consistently using a password manager.

The convenience is great, but the transient nature of my use-case makes me nervous about having all the credentials in 1PasswordX when I'm only using a handful most of the time. I'd like to keep the less-used credentials only on my long-term devices.

Anyway, that's my use-case for what it's worth.

AGAlumB

@jclende is a login I made when I was using 1Password for personal use only. @oO_o is connected to my work email. It doesn't matter, it's just strange that the account switched.

@jclende: Ohhh. I'm so tired, and the conversation was flowing so well, that I didn't even notice your name changed. It (clearly) doesn't make a difference to me, but you can sign out and sign into the other account again if you prefer to use that. :)

Thanks for considering my concern here. I am using 1PasswordX for the amazing convenience of having it connected to my Chrome and Firefox accounts. I am often working on different machines or even virtual machines in different physical locations, all running different operating systems and 1PasswordX makes it possible to do this while consistently using a password manager.

Likewise, thanks for the kind words, and for enjoying it! We put a lot of work into 1Password X for exactly that kind of situation: being able to use 1Password in a wider variety of environments. It makes me really happy to hear that it's serving you well now, and we've got even more great stuff coming in 2019. :chuffed:

The convenience is great, but the transient nature of my use-case makes me nervous about having all the credentials in 1PasswordX when I'm only using a handful most of the time. I'd like to keep the less-used credentials only on my long-term devices. Anyway, that's my use-case for what it's worth.

I hear you, and I'm really glad you brought it up. I think we're unlikely to design around that specific use case, but there may be improvements we can make that would help you along with many others. Cheers! :)