Enter master password again for revealing passwords [Request added]

Hmm I now see that I haven't even solved my problem with credit cards... because there is some big confusion of how vaults work, maybe even a bug... :((

I set the same master password for Credit Card vault... and when I logged in to the main one, I was logged in to Credit Cards as well... that shouldn't happen but I guessed that maybe because it was the same password... still it shouldn't behave like that.

I then tried to create a third test vault with a new password and actually when I log in to the main vault, I can once again see all the info in this test vault - how is that possible?

Also it seems impossible to change master passwords for non-primary vaults. Also I cannot set security options for each vault separately.

If the requirement to enter master password to reveal passwords would be implemented as well as an option to require master password on credit card info, then separate vaults wouldn't be neccessary for this use case... but they should still be fixed... or maybe they work in some way I don't understand but it doesn't seem logical.

Hi @Megan‌

GREAT, thank you... this clarifies a lot... and your proposed strategy also makes sense.

Maybe think about how to imply how this really works from the interface with some notices so there is less confusion.

I now moved my logins to a new vault. However there still seems a little bit of improvement you can do ... at least make it optional setting per vault if master password should be required again when revealing passwords.... because still now I have this Logins vault and I want to keep it mostly open and it's less secure than Chrome's built in system. Everyone can see my passwords if I leave computer unattended for a few minutes. In Chrome when trying to reveal passwords, they would get asked for a system admin password.

For separate settings per vault I will wait until you implement it in the interface.

Just a small bug report: when moving stuff between vaults, the little counters I enabled don't get updated correctly... it is always reproducable.

regards,
david

Actually I don't agree. Let me explain.

I don't want to think when to lock my stuff and when not... it takes my brain cycles.

The option to copy a password should of course also be behind a password.

And remember this would be optional and it takes very little effort to implement.. just an additional option which is not selected by default... but me and probably many others would use it.

And there is a difference in being able to log into my sites from my computer and getting hold of my actual passwords.

So your explanation doesn't solve my usage scenario... now I really will have to think about locking my vault every time I get up from the computer for 30s in a coworking space... of course I understand that in such cases I should probably log off etc. but I think the risk-trouble ratio is not enough... I don't care if people see some of my random emails, but I do care if they see my passwords.

I hope my writing makes sense.

If nobody else has written you about such option, then maybe forget it for now but remember it when someone else mentions a similar use case.

thank you

david

It could be Master Password... the difference is that my logins would still work (because the vault is unlocked), but if I wanted to actually see passwords, I would have to enter master password again. In this way I could leave the vault "functional" without too much worrying. If I wanted people to really not be able to login to my sites (I would probably just lock my comp though), I could lock the vault.

Yes but you don't have an answer for me why I now have to have less security than before... with more convenience, but actually less because I have to keep locking my vault if I don't want my passwords to be really visible to anyone with potential access to my computer while unlocked...

And my suggestion doesn't complicate things for the average user because that would be an option somewhere in advanced settings and off by default.

So do you have answer for me how to have automatic logins without having to type master password and without revealing my passwords to anyone that comes to my computer?

Today I uninstalled Webroot because I lost 50 open tabs to an issue I was telling them to fix for a few months... There I also suggested an option to completelly opt out of forceful browser extension installs... There the feeling was that they just won't listen.

Here with 1Password it's nowhere close, but still you haven't given me a logical answer how can I achieve this basic requirement .. that would make your product better for others too, I'm sure. Also I paid you 50€ + 20€ I think... I mean before one of the products became free... Doesn't mean anything, just that it seemed really solid and I believed it to be perfect before trying or reading too much about it. Now it feels strange that and obvious thing is missing, at least for power users that like to configure things exactly to their preference.

So I'll be checking other solutions, maybe one of them is closer to what I need, but it's a shame because 1Password is nearly there, it feels really solid and professional, but .....

Regarding webroot, I found one user's comment today which confirms I'm not the only one with this feeling:

A few weeks ago WSA installed a browser add-on without any warning, without notifying me, without asking me, and without explaining what the add-on is or what it does. I have paid numerous security companies over the years to protect my pcs, but I will say this about WSA, they sure have some balls. They do whatever they want without asking, and if you don't like it, they could not care less. Either you accept it, or go elsewhere. No apologies, no explanation, and no contact.

So don't become Webroot! ;)

PS: you don't have to respond to me now, maybe in a few weeks... If you could kindly take some time discussing this with others... I'm sure that if my proposition is rational, you can find a way to incorporate it.. if I'm wrong for some reason, then I'd like to know how. Until soon and thank you very much!

Thank you for commenting... yes, all good but doesn't help at all :) But I'm glad you will consider my use case and hopefully this helps others as well.

Hi, I think this question popped up in my mind but the answer is that this would shield me mostly against the likes of curious (girl)friends etc. If I suspected someone with more tech knowledge has some serious intentions (or even when I'm in a coworking space / coffee shop), then of course I would lock my entire computer and/or vault.

So if you know what you are doing (and you can have a special notice somewhere), this really comes handy... most of the times I wouldn't have to think about locking my computer...

Because now my close friends or significant others could learn about a curious app 1password I'm using and then feel inclined to snoop around in it when I'm not looking, you know, just because.... if they can get passwords easily, then this is BAD. And I don't want to lock my computer or vault at home everytime I leave the desk. Plus a big problem with current setup is that even if I have autolocking of vaults, even 1 minute can be enough for my family or friends to gather passwords... and they would have no idea or time to get into passwords protected by additional entry of master code as you are describing. I forgot to emphasize this previously... but really even with autolocking, there is room for bad things... and that's why I don't want autolocking but additional security... and when I need top security, I will lock my computer. This way I can have all the niceties and comfort with minimal amount of potential bad things.