Request: Let me set per-device password different from my account password

When using 1Password with a combination of local vault + Family account, the password for my local vault is sufficient to unlock everything. But after migrating 1Password to using just the Family with no local vault at all, there's no option to set a master password for the device that's different from the account password. This is a big deal on OS X where I have to type the password all the time, to the extent that I gave 1Password a new empty vault solely so I can set a different (shorter) master password on it. It's not as important on iOS because of Touch ID, except if Touch ID ever fails I'll need to remember my super long account password.

@kballard: It sounds like you may have simply got a little overboard with your Master Password...or perhaps you're still getting used to it. Adjusting your security settings also helps, since you can set it to not lock as often when you're using the device.

Curiously enough, the Windows beta app did offer to let me set a local master password that's different from my account password.

Yep! You can use a different Master Password from your 1Password Families account to unlock 1Password for Windows version 6...if you've setup a local vault first, just like 1Password for iOS and 1Password for Mac.

In any case, I really want to be able to have a local master password that's different than the account password without having to keep around an empty Primary vault. I'm willing to accept the reduction in security on devices I've already trusted, in the interests of having something I can actually reasonably type quickly without errors.

I don't think this is something we'll do, but we'll certainly consider it. In the past, you could easily have a separate Master Password for 1Password on your iPhone, iPad, Mac, PC, etc., and this was pretty terrible for users. The best thing to do is to use a long, strong, unique Master Password for your 1Password Account, get comfortable entering it, and customize your settings to better reflect your use. The defaults are great for most people, but we have auto lock options because not everyone has the same needs. :)

The master password for my Families account is a 4-word random password. Not the hardest thing to type, but pretty annoying, long enough that it's easy to typo, and it would be particularly annoying if I have to type it on iOS (thankfully the Touch ID unlock seems a lot more reliable these days than it used to be). [...] I don't really want to change my Families account password to be weaker, but I also don't want to have to memorize and type that long password every time I have to unlock 1Password.

@kballard: Certainly not! Mine is 7 words long, and while memorizing and typing it isn't easy, as you point out, Touch ID makes it much more convenient. However, if you're having trouble memorizing 4 words, I can't see how allowing you to set a different Master Password on each device would help. Unless you only have 3 devices and use a 1 word password for each, you're still going to have to memorize at least 4. And each of these becomes another point of failure. You may use a strong password on a computer, since it's easier to type on a full sized, physical keyboard, but that just means your other devices are the weak link in your security.

But while all of that is true, it isn't helpful at all! So what I'd suggest is turning off Touch ID for a few days — maybe a week. You'll have your Master Password memorized in no time, and I think — as with anything — you'll find that you get better at typing it with practice too. Then, when at long last you re-enable Touch ID, you'll really appreciate its convenience, and on the occasion when you need to enter your Master Password, you'll be more than up to the task!

At least for my work laptop, I need to keep it set to lock when my device locks, so I usually end up unlocking 1Password on that device several times per day. Typing a 4 word password several times per day isn't that awful, it's just annoying, and I keep forgetting what the password is.

I agree! It isn't fun, but the security of my data is far more important than saving me a few eyerolls throughout the day, as I'm prompted for my Master Password yet again. I've lost my computer before, and the one positive thing about that experience is that someone accessing my 1Password data was something I absolutely didn't have to worry about.

I'm pretty sure I didn't set up a local vault first. I just set up 1Password for Windows a few days ago. I set it up with the Family, and then at some point it offered the ability to change the master password locally (without affecting the Family account). In fact, setting up 1Password for Windows is what prompted me to ditch my local vaults on the other computers (because I went ahead and moved all of my logins from my Dropbox-synced local vault into my Personal vault from the Family account so I could get at them from Windows).

Thank you so much for clarifying! That makes perfect sense, and I'm sorry for the confusion there. The new 1Password for Windows version 6 beta does not yet support synchronizing Master Password changes, but it's something we'll be adding in the future. If you've changed it to something different, the best thing to do is change it again to match your 1Password Families account. That way you'll truly have One Password to memorize and type (the stronger the better), and both will become much easier with time and repetition. Putting forth the effort now with a good Master Password will pay off over and over again, since if it's strong from the outset, you should never have to learn another. Cheers! :)

The simple answer is, I wouldn't do that. I'd use the same password on all of the devices.

@kballard: Touché. :lol:

Basically, what I'm trying to say is I want to have a really strong password required to log in to my Family account from a device that has not previously been set up. But I want a weaker (i.e. much easier to type) password for day-to-day use on devices that I've already marked as trusted. Not only do I know what those devices are and have made the explicit decision to trust them, but those devices also have their own on-device security (e.g. user account password for computers and PIN for phones) so I'm not too worried about a malicious actor using my trusted device to break into my 1Password account.

Ohhhhhhhhhhhhh. Okay. Thanks for spelling that out for me. :blush:

As it stands, I already can have per-device passwords, as long as I create a local vault. I just want to get rid of that local vault so it doesn't clutter up my list, so ⌘1 goes to my Family Personal vault instead of the local vault, and so I can't accidentally save stuff locally instead of in my Family account.

It seems like a lot of extra effort just to get ⌘ 1 back. Honestly though, you just made a really solid case for using a moderate (i.e. not insane) Master Password. Using one that works for you is important, and the Account Key strengthens it when you authorize a new device. Does that make sense? You're asking for a third, easier to type (and likely weaker) Master Password to use on pre-authorized devices...but you can accomplish the same thing with what you've already got — and I don't mean the Primary vault!

It sounds like you may just need to choose a Master Password that you're more comfortable with, or become more comfortable with the one you already have. Adding an additional passcode to that equation just increases the complexity artificially and merely moves the target, from a user perspective. I don't think it makes sense to do this because, again, it's another thing to keep track of, and it doesn't increase security, and arguably it doesn't increase convenience either to add YAP (Yet Another Password).

I really appreciate you bringing this up though! Security research shows that a 4-word randomly generated password (a la DiceWare™ or 1Password's Wordlist) is really the bare minimum to protect against current attacks. This is true, but as always it depends on the context. And given the context of device passcodes and full disk encryption, you're right that many of us may not need a stronger password, depending on what we're trying to protect and how determined we are to protect it. Ultimately we each need to find the right balance for ourselves.

But at the same time, keep in mind that any time we make these concessions, we're only moving things around. There will always be a "weakest link", so it's important to take that into account when we create a more-convenient-to-type password. For the sake of argument, if 1Password allowed you to use an "authorized device" passcode to unlock, and this is weaker than your Master Password and (certainly) Account Key, that becomes the attack vector, since on any authorized device neither the Account Key nor Master Password would be required to access your data, only the proposed tertiary passcode. And if we follow that line of thinking to its logical conclusion, we get an absurd chain of additional passcodes, simpler than the last, and the endgame is no password at all. I'm not sure we want to go there until there's something unequivocally better that provides the same benefits.