Secret Key

This discussion was created from comments split from: Secret Key is making me want to stop using 1Password.

Comments

  • Surely that's problem enough then @danco if you can't even log into your 1Password website without the secret key...?

    I've managed to end up in a situation at least 6 times since last Thursday where I can't even access my own account on the website as I could not gain access to my secret key or emergency kit.

    The whole idea of a password manager is to seamlessly be able to log into multiple devices wherever you go. This whole upgrade process now makes everything x10 times more difficult and seems like it is just defeating the entire purpose of the app.

  • brentybrenty

    Team Member

    Surely that's problem enough then @danco if you can't even log into your 1Password website without the secret key...?

    @zigojacko: What's the problem? It isn't clear to me what your question is.

    I've managed to end up in a situation at least 6 times since last Thursday where I can't even access my own account on the website as I could not gain access to my secret key or emergency kit.

    Unless all of the devices where you signed into the app/browser with your account were lost, stolen, or destroyed, you'd be able to access the Secret Key there:

    https://support.1password.com/secret-key/

    What happened exactly?

    The whole idea of a password manager is to seamlessly be able to log into multiple devices wherever you go. This whole upgrade process now makes everything x10 times more difficult and seems like it is just defeating the entire purpose of the app.

    That may be your idea of a password manager, but ours -- and our customers', generally -- definition involves security. I don't see how needing the Secret Key to sign into the app/browser on a new device to access sensitive data as "x10 times more difficult". It's one thing you need, only rarely, that makes a huge difference, security-wise; and you do not even need to remember it: so long as you have one device where you've setup your 1Password account with you, you'll have it. Probably not everyone has a mobile device with them at all times, but most people do -- especially folks who want to "seamlessly be able to log into multiple devices wherever you go". So I'm not sure I can agree with you, even based on your own comments.

  • You're missing the point. You can't log in to your website without the secret key - so you therefore cannot sign-in to the app on new devices. You effectively cannot do anything at all unless you carry around an emergency kit pdf (which is far from ideal when you're switching between different devices that aren't all hooked up to Google Drive or Dropbox etc). I had to actually give up from home on Saturday as I couldn't even log in to my own account.

    Don't give an option of logging into your 1Password account on your website which you need a secret key for as a way of retrieving your secret key. That just doesn't even make sense and is (at least was for me) quite infuriating.

    Okay. I stand corrected but I'm pretty sure 90% plus of your users would put cross-device compatibility as one of their most important points of a password manager - especially business users.

  • brentybrenty

    Team Member

    You're missing the point. You can't log in to your website without the secret key - so you therefore cannot sign-in to the app on new devices.

    @zigojacko: That's simply not true. I can't recall the last time I used the website to sign into my account on another device. I usually just use the info from the app. For example, I've generally got my iPhone with me, so I go to 1Password Settings > Accounts there and I have everything I need to sign in on a computer, for instance.

    You effectively cannot do anything at all unless you carry around an emergency kit pdf (which is far from ideal when you're switching between different devices that aren't all hooked up to Google Drive or Dropbox etc). I had to actually give up from home on Saturday as I couldn't even log in to my own account.

    I've literally never used my Emergency Kit. I hope I never have to, but it's there just in case.

    Don't give an option of logging into your 1Password account on your website which you need a secret key for as a way of retrieving your secret key. That just doesn't even make sense and is (at least was for me) quite infuriating.

    Nope. Seriously, it's in the app, as I outlined above. Please try it before getting frustrated further.

    Okay. I stand corrected but I'm pretty sure 90% plus of your users would put cross-device compatibility as one of their most important points of a password manager - especially business users.

    That's why we have 7 apps now, for different platforms and use cases:

    https://1password.com/downloads/

    I think we still have work to do in the area of consistency between the apps, but 1Password is very cross-device compatible. And hopefully we'll be able to expand even further in the future.

  • I'd be interested to know how this goes for you @fitzington because this is exactly what I did last week and now I can't get a browser extension to work at all with the desktop app so the app is effectively useless to me currently.

  • I am so confused right now.

    How can I get my secret key out of the app if I can't sign-in to the app. That was my point.

    I know it is in there. Well, v7 at least. But I had to upgrade from v4 to v7 on multiple devices, so therefore unable to log in to the app without the information that I can't just log into my 1Password website account to retrieve.

    Anyway (and sorry to hijack someone else's thread but you closed the other one that we discussing this in as to not get confused with the open ticket to), do you know when someone might get back to me on that ticket? The response time is far from ideal currently and I can't wait this out much longer without a working solution so unfortunately very close to just exporting all my data and shutting 1Password for good on my office PC and finding something else to work with. Unless you can suggest a workaround of some sort.

  • dancodanco Senior Member Community Moderator

    I'm not sure what you're doing that is not usual behaviour, but it must be something, particularly if you aren't using new devices.

    I have four devices, and I have used the secret key st most eight times, probably less, since I started my account.

    I can't recall the exact number of times, as some of them were dealt with by scanning the QR code.

    It certainly was no more than once to log in to the app itself and once to use a browser to go to the web site (which is rarely necessary).

  • jin_dhaliwaljin_dhaliwal

    Team Member
    edited December 2018

    Hello @Lassi and @zigojacko,

    So heres a scenario that might explain how this works:

    1. I sign up for a new 1Password account. I am given my secret key, and I pick a master password. I have my emergency kit, and now I am ready to set up the apps on my devices.

    2. I use the emergency kit to set up 1Password for Android. Now that I have the app set up on my phone, I no longer need the emergency kit to sign in on new devices. I can find my secret key through the 1Password App on my phone: https://support.1password.com/secret-key/

    3. If I want to set up 1Password on my desktop computer all I need to do now is install it, look up the secret key on my phone, and enter my master password.

    The only case where you would need your emergency kit again is if you somehow reset all your devices and had to set up 1Passsword from scratch without access to any of our apps or the web portal.

    Hopefully that clears things up a little.

  • Yeah I get that now @jin_dhaliwal but I am primarily a user in the office (x4 Windows machines, x1 Mac machine and x1 Linux machine - and this is just my devices that I would use 1Password on).

    So when I went through the complete nightmare of trying to upgrade from v4 standalone to v7 and having to subscribe to a membership because I did not have a secret key or an emergency kit at all, I just did that on my primary office Windows PC (and then all sorts went wrong) but to cut a long story short, I then tried to upgrade on other machines that were not hooked up to anywhere where I could get the emergency kit from (yes, not on my phone) and I could not log into my 1Password account on any of them without the secret key.

    I kind of feel that there isn't much point in this conversation if totally honest, it clearly works for some people and doesn't for others - and that's fine and to be expected.

    Personally though, I don't feel the need for a secret key logging into my 1Password account on your website. That causes problems and clearly does for other people too. Just use 2FA and its still secure if you did not want to just rely on a sign-in address and master password. Even on your troubleshooting page to find your secret key, one of the solutions is to log in to the 1Password account on your website which you need the secret key for. Madness.

    On another note, I am really unhappy about the length of time it is taking to get a reply to a ticket raised last week about the problems I've been having. There should be a better level of support for paying business customers and we should be able to just discuss the issue with someone so that we can get to the bottom of it. I've already done everything suggested and sent in two diagnostics reports now :(

  • jin_dhaliwaljin_dhaliwal

    Team Member
    edited December 2018

    I understand your situation now, and you are correct that without having 1Password accessible on your phone, setting up multiple desktops in different physical locations would require you to have the emergency kit readily available to you.

    The secret key isn't just a form of two-factor authentication. The key is also used as part of what keeps your account data secure. Without that key no client application would be able to decrypt your data.

    I'm sorry to hear that your support ticket isn't being handled in a timely manner. Please reply to the ticket again, and provide us with the Support ID so we can follow up and make sure it's being handled.

  • bundtkatebundtkate

    Team Member

    @zigojacko: Since you ended up with 1Password X and we didn't thus far end up digging too deep into your problem, I can't say what might have gone wrong there, but the connection between the extension and the main app has nothing at all to do with whether or not you have data in your app or whether you have a standalone vault or a 1Password membership. Without further investigation, I'd guess that it might have been a code signature issue or some trouble with the helper process that helps the app talk to the extension rather than anything specific to something you did. Of course, if you decide you don't like 1Password X and we need to do more digging, we can, but ultimately, this isn't a common experience for most folks upgrading and I'd not necessarily expect issues for others. :+1:

  • brentybrenty

    Team Member

    @zigojacko: Laura, myself, and others have been replying to you all along, in multiple places, which is adding confusion and making it take longer for us to reply to others who have been waiting. You seem to be replying to us, so it seems that you are receiving our replies. So I don't get your claims that you're waiting to hear from us. Regardless, you'll get the help you need most efficiently by replying via email so everyone is on the same page. Please try what Laura suggested and get back to her at your convenience.

    Finally,

    Even on your troubleshooting page to find your secret key, one of the solutions is to log in to the 1Password account on your website which you need the secret key for. Madness.

    What you're saying is only true if you've never signed into 1Password.com in your browser. And we know that isn't true since you would have had to in order to setup two-factor authentication for your account, which you said you did. I mean, I guess you could reset your browser just to prove your point, but you would really only be inconveniencing yourself by doing so. Make sure you have everything you need to sign into your account again -- including the two-factor code -- if you do that. We don't have them.

  • Thanks @bundtkate but I already have an open ticket since last week about this #RLW-32831-636 and we don't seem to be getting very far, very quickly at all. I replied to you in the other thread but it sounds like 1Password X will be no good for me even though on this machine, right now, I can at least login to websites from the browser with it.

    I just need someone to walk me through step-by-step some sort of process that at least tells you guys what the issue is or gets the problem sorted so that the browser extension talks to the desktop application.

  • @jin_dhaliwal I see - well no doubt there is a reason for the way you have set it up, my point is, it's just awkward and is causing problems. My ticket ID is #RLW-32831-636 but I think I'm already causing problems because I'm speaking to numerous of your team members about the problems on your forum as well as waiting for replies to the ticket.

    @brenty I am replying to the ticket as soon as I possibly can (within UK business hours). Before last night at GMT 22:56, Laura last replied to the ticket at GMT 00:19 Saturday morning (middle of the night). Why am I not dealing with someone in the UK timezone within reasonable UK business hours? I've already replied to Laura first thing this morning in the ticket (confirming what I have already said multiple times so that was a waste of time. No doubt I'm not not going to get another reply until GMT 22:00+ hours which is just ridiculous. Can't the ticket just be passed to someone that is actually working now (start of the morning in the UK)?

    And for the record, I don't have 2FA set up on my account. I didn't even know that was possible. The case about not having signed into 1Password.com in browser on the other devices is actually the case. I haven't...

  • And for the record, I've only started hitting the forums with posts BECAUSE it was taking so long for someone to reply to my ticket. I don't mean to cause confusion but someone surely should be able to consolidate the information into the ticket at your end and put there heads together and come up with a suitable course of action. I've exhausted all possible options my end I believe.

    I am going to uninstall absolutely everything related to 1Password. Run a registry cleaner. Reboot. And then reinstall the v7 desktop app, and then the correct browser extension. And see what I end up with. If that doesn't work, over to you guys again. If I don't have it sorted out by the end of the week, then I'm gone and that's a customer lost.

  • BenBen AWS Team

    Team Member
    edited December 2018

    Okay. Thanks @zigojacko. We'll wait to hear from you on your results. :+1: Please send them to Laura via email. Let's keep the conversation there to avoid a duplication of efforts which is slowing down support for everyone, including you. We'll look forward to your email. :)

    Ben

  • SystemSystem

    Team Member
    This discussion was created from comments split from: migrate 1password 4 standalone vault to version 7.
  • SystemSystem

    Team Member
    This discussion was created from comments split from: Secret Key is making me want to stop using 1Password.
This discussion has been closed.