SUGGESTION - Allow modification of Account Key like Password Generator (Pronounceable!)

I'm really happy that you have been working on a new synchronization method using your own servers and backend, it's definitely the way to go and keep everything in-house. However, I've been giving all the Windows software a test-run (UWP, Desktop 6 Beta, Web login) and I see there's still a long way to go. I know that the guys are working hard to put it all together, and I appreciate that, thanks! I'm not saying hurry up, just rather that I'd love to start paying a subscription for your hard work, but it's still not usable enough to get stuff done. I don't need to list all the things that need fixing, you guys already know what I mean. Here's hoping enough has come together by August 2nd that I can start giving you guys the payment you deserve for your hard work.

@Starmatrix: Honestly while I appreciate your restraint, patience, and understanding, we'd really love to hear from you about what you're looking for in particular! Whether there's an existing discussion in the Windows beta category where you can chime in with "me too" for a particular feature, or starting a new discussion there for something that others haven't mentioned, it's great to hear from passionate users, and it also helps us see which improvements are most desired. To be clear, August 2nd isn't the release date for 1Password for Windows version 6, though it will be released in August. But we'll certainly do our best to get it done sooner rather than later!

I wanted to give one suggestion for creating new accounts for 1Password for Families (and I assume Teams as well). I didn't know anything about the Account Key or what it was for when I first activated my account with Families. I almost assumed it was a registration/activation code and quickly skipped it or closed the window. I think there needs to be more clear emphasis that the Account Key is IMPORTANT, and the Emergency Kit must be PRINTED and/or kept in a safe place digitally. How to do this? Try and simplify the directions and force a pause on the webpage to encourage people to read the simple prepared directions.

Indeed, this is something we've struggled with, and we continue to work on new ways to improve the experience there. Just to review, when signing up, we first illustrate that your data is secured using both your Master Password and Account Key:

Next, we explain that you'll need it to access your data, and that we won't be able to give it to you:

And upon logging in for the first time, you're prompted to save the Emergency Kit with your Account Key:

And just to be sure, saving the Emergency Kit is still Quest #1 — before inviting others or creating a vault:

We've revised the text and design a number of times, and we'll continue to do so. Can you tell me specifically how you'd like to see it made clearer? Granted, depending on when you signed up, it may have already changed substantially. Let me know!

TL;DR Please allow us to adjust the parameters of the Account Key on a 1Password for Families/Teams account to make it easier to remember and use

Coming back to your original suggestion (since it seemed to fit in this context), this almost certainly isn't going to happen. The Account Key is used to strengthen your Master Password, so that no one can perform a brute force attack against your Master Password alone — they'll need to have the Account Key as well. And having it be long, strong, unique, and random is what makes that relevant. Allowing us mere mortals to choose this defeats the purpose, as it does not provide the same security benefit. More on this below.

Also, when I saw the length of the Account Key and the jumble of numbers and letters, I was overwhelmed. And I've been using 1Password for years. The idea of remembering such a long Account Key is nuts to me. I realize that it's only necessary when using 1Password on a new device or location. But the most likely use case for NEEDING this number is an emergency situation that leaves me without my phone, tablet or laptop. And then I likely don't have my Account Key on my person. I realize this Account Key is unavoidable because of 2 factor authorization, but wouldn't it be possible to allow some variation and limited changes to the Account Key, to make it much more memorable? Passphrases perhaps? A shorter minimum length that is still strong? If this method is truly to be a 1PasswordAnywhere replacement, then I need to be able to adjust or change the Account Key. Previously I had two passwords I ever needed to remember, my Dropbox password and my 1Password password. If we are to get the same level of security/usability, then the ability to make a memorable yet secure Account Key for ourselves is a must. Looking forward to hearing back from you guys and what you think!

I think this may be the source of the misunderstanding: you're not expected to memorize the Account Key, only your Master Password. This is reflected in the signup process, where you're prompted to type the Master Password to login, and then to save the Emergency Kit with the Account Key. The reason for this is that once you've authorized a device, you will only need to enter the Master Password to login/unlock. And so long as you're able to remember your Master Password to do that, you'll be able to access your Account Key within the app/website itself, even if you've lost the Emergency Kit. It's not reasonable to design a critical security architecture for the 1% (or less) scenario. If there are things we can do which won't decrease security for the other 99% of typical usage, that's different. But making the Account Key user-generated to accommodate hypothetical situations lowers the security bar for everyone for questionable benefits.

I'm sorry if that sounds harsh, but security is something we take very seriously. So many security exploits involve ill-conceived "convenience" affordances. They're implemented for rare "emergency" situations where someone needs to regain access to important information...at the expense of normal usage for all users. 1Password Families (and Teams), however, is a great solution to this kind of problem: invite your loved ones, executor, etc. so they can either access information directly for you, or help you recover your own account if you lose the Account Key or forget the Master Password — or just don't have access to an authorized device when you need to. These people are just a phone call away. And it doesn't have to be your phone. There are phones — and people with phones — just about everywhere. And after all, if you're in a true emergency situation without contact with the outside world, 1Password is the least of your problems. I think it's important to keep perspective when it comes to just what we can expect of 1Password. And at the most fundamental level, that means recognizing and accepting that we will not have access to our data without the data and proper credentials to access it.

But that's certainly not the end of it! Be sure to let me know if you have any other questions, comments, or suggestions about this. These are some interesting issues, and it's good that you brought them up! :pirate: