Shared computer use case guidance/Feature Request

Somehow I never got the notification that you replied and I was just now being annoyed at the Main Conf room computer, so I came to post this question, searched first and realized I'd already asked and never saw your reply.

@jboren: Hey, better late than never, but I'm sorry you've gone all this time without knowing we'd responded. :blush:

Thank you! Those are both great ideas, but they both have the same issue. The web interface log-in requires the user to type in 3 things, 2 of which they remember, the third of which (Access Key), no one does. If I don't check "shared computer" in the web interface it saves the access key, but also saves the username/email, and you can't change it. If I don't, it requires all 3 for the next login. Same with the app, if I start over, I now need 4 bits of info, 2 of which (Access Key and Sign-in Address) no one remembers, cause they never need them in the app on their own computers. Is there any way to make it remember the Access key but not the username/email?

No there is not. But I think we may be coming at this problem the wrong way...

As long as the access key is a necessity for login, I not sure how this can work on a shared computer. Which, honestly, is a sizable problem for us. The fact that no one can use it on the shared computers means they set weak passwords for services they are going to pull up in the conf rooms. Or the same password for everything. Literally the exact reason we make everyone use a password manager.

Thinking the same thing...

Any other ideas? The ideal solution for us would be the web interface OR app, but only needing username/email and password, with the AK/Sign-in Address saved. The alternative is probably having the AK saved in a txt file on the desktop of all the Conf Room computers, which is problematic itself, but maybe better than having people using weak PWs because they can't use the password manager on the shared computers. Thanks again for the help. I really appreciate the suggestions and having someone to bounce these ideas off. Let me know what you think...

Honestly, while these are certainly use cases well continue to consider, we've got our plates pretty full with much more important things for the foreseeable future. I don't mean that as a value judgement, but rather we've got 1Password 7 coming up and plenty of work to do on 1Password 6 and 1Password.com in the mean time. So, "important" in the sense that there are changes that need to be made first which will benefit more users, before we can consider essentially rearchitecting the 1Password apps (across all platforms) with a multi-user model as opposed to the single-user model we've been using for over a decade. It's definitely something we're interested in though.

So my thoughts as far as your use today would be this: I'm willing to bet that most — if not all — of your team members have mobile devices on them anyway. 1Password.com includes ALL of the apps, so I'd encourage you to consider using those as your "vessel" for sensitive information. It's not on the same level as the pipe dream of a device that fits in your pocket that you can just hook up to a monitor and have a computer with all of your stuff anyway (sorry, Microsoft, but Windows Phone was too little too late), but there are two ways that this is useful in this scenario of accessing data on a trusted (presumably) though not personalized machine in the office:

• Need to sign in to a site? Use a randomly-generated, word-based password for that login, which you can view on your mobile device. It's strong and easy to read/type if you have to. This also minimizes risk if that computer happens to be compromised, as you won't be entering all of your 1Password.com account credentials on it and viewing all of the sensitive data inside just to get one or two things.
• Really need to access your 1Password.com account on an auxiliary machine? Your account credentials are stored in the authorized 1Password app on your mobile device, so you can view them there to help you sign into 1Password.com in the browser, using the "public machine" checkbox to avoid saving the credentials — if for no other reason than to make it easier for the next person to do the same.

In both cases, Large Type can be useful for viewing. Even if this isn't exactly what you're asking for, these are options that will work today. Let me know what you think. :)

Thanks for the info. I did not realize the AK was unique to each user, that's good to know. I get that it's used as a cryptographic key, and I don't know enough about the way 1password does encryption to really know, but I'm not sure that's any more secure than username + password + 2FA using a generator (not SMS). It may be, but I think it's harder for the end user. Thanks for responding, I appreciate it!

@jboren: It really is more secure. Unlike an SMS/TOTP code, your Master Password and your (128-bit, randomly-generated) Secret Key are both used to encrypt the data. This secures the data itself, rather than merely access to it. 1Password is designed to withstand attack even if the attacker has your data, and doesn't depend on the "security through obscurity" of them not being able to get it off of our server or one of your devices.

Thanks for the help. The word-based pw's on mobile looks like the most workable solution. Great, now I have to re-train all my users how to generate passwords! :chuffed: They can probably handle it.... I totally understand that you guys have development priorities. We build websites and use agile, jira, sprints, burndown charts, all that fun stuff. I Totally get it. For whatever it's worth, this would be our #1 Pain-point and I would spend all our votes on this as a feature request. I don't know what % of your customers are businesses, but I would be really surprised if this isn't a pain point for a lot of them. It's particularly hard for us because about 30% of the users spend about 50% of their time in meetings, presentations, demos, etc. This affects them every day. But you have to spend your money where you make money, so if you have other, bigger fish to fry, so be it.

You raise some really good point, and it definitely helps to know that "multi-user" support is something that's critical to you. Hopefully we'll be able to do something in this area in the future, but I did want to offer some suggestions that could be useful to you now.

Thanks again for the help. I'm pretty sure we can make the word-based passwords work. Please also consider this to be pleading/begging/sniveling feature request for a fully multi-user model. Now that I think about it, I think this might be the only problem we have with 1password... Cheers, guys, thanks for the help!

Likewise, thanks for taking the time to give us this feedback! If we don't hear from folks like you, we'll never add things like that because we don't know they matter to people. I'll be sure to share your thoughts with the test of the team. :chuffed:

@Smudge: Thanks for taking the time to share your "brain dump"! I have to disagree with you right off the bat, unfortunately, as advanced options are pretty gross. Even in an enterprise setting, I think it's safe to say that not all users are supernerds. But moving a more 1Password.com-web-app-like experience to a native app may have some merit.

Oh, just thought of another way. Don't use the 1P desktop app or 1P mini at all. See if there is a way to have the browser extension connect to the 1P mobile app instead. That way all vault info remains on the phone and nothing is saved locally. You could even require that this only works when the browser window is in private/incognito mode!

Really cool idea. USB is a problem since connecting a mobile device that way (and unlocking it, so a connection can be established) means its entire contents could be dumped. Not a problem for encrypted 1Password data, but I wouldn't want to put the rest of my stuff at risk. Some other alternatives there though. Not sure how that could be done securely, but it's worth investigating.

If I was able to use their computer but use my phone for authentication, that would be AMAZING!

I agree. That would be awesome. :)

So, I know this was a lot of info but I hope it opens up some ideas and options on how to make this happen.

I don't think that this covers the "how", this stuff would require some serious work to make it possible — and that's if it is even possible, not only technically but also with regard to security — but definitely some interesting ideas. I really enjoyed it. Thank you! :chuffed: