Can you set a password for a specific category or item within 1Password for added security?

Is it possible to create a password to protect the opening of a specific category or item so that you are prompted before you open the item/category and are allowed to see it's contents?

If not, could this be a feature request so that certain items/categories are hidden from view until the password is entered. This is separate to the Master Password which would have already been entered at this point.


1Password Version: 6.8.492
Extension Version: 4.6.12.90
OS Version: Windows 10 1709
Sync Type: Not Provided
Referrer: forum-search:categories password

Comments

  • Greg
    Greg
    1Password Alumni

    Hi @michael_southwell,

    Thank you for reaching out and using 1Password! :+1:

    It is not possible to create a separate password to unlock a specific category or a Login item and I am afraid that this is not something that we will consider in the future. We want our customers to remember their only Master Password, so having multiple passwords to unlock categories or items within the vault will be far too complex and will result in a lot of confusion. Moreover, we would have to change the name of our app, if we had such feature in 1Password. :)

    Could you please share a possible scenario for this? Why would you want to have passwords within your vault in addition to your Master Password?

    Thanks in advance!

    Cheers,
    Greg

  • michael_southwell
    michael_southwell
    Community Member

    Hi Greg,

    Thank you for clarifying. Would it be possible to at the very least have a "click to reveal" option to disguise more sensitive items so that even though you are logged in it won't show that item for long and maybe even has a timeout limit you can set in seconds so that that it becomes obscured again?

    The only way around this at them moment would be make all fields of type "password" which is a bit cumbersome.

  • Hi @michael_southwell,

    What is the use case, are you trying to prevent someone from looking over your shoulders? If we understand what you're trying to do, we may be able to add a better feature in a future update.

    Right now, the only thing you can do is what you're doing already, put the data in concealable password field and use Control + Alt shortcut to reveal all concealed fields temporarily or Control + R for the selected password field.

    Note that you can open 1Password mini instead of 1Password main window if you just need to copy a field without revealing it.

  • petalhanger
    petalhanger
    Community Member

    I'd like such a feature for one very specific purpose. I have arranged for my executors to have access to my 1PW vault in the event of my death so that they can administer my online accounts. But there are some things I would like to die with me and the ability to secure them with a password only I know would achieve that. I suppose I could always put the info into another PW manager, but that's kinda annoying!!

  • michael_southwell
    michael_southwell
    Community Member

    Hi Mike,

    Yes, it was more to prevent people seeing things that I didn't want them to see at a glance (for example personal information that is not ideal for people to read, but not sensitive enough to require it to be classified as a "password")

    That might have to do for now. I didn't realise there was a reveal all shortcut, thank you :)

    Perhaps it could be done by having an item concealed as an option (and then requiring a keyboard shortcut to reveal it), rather than setting all fields individually to type "password". It's not quite a "password", but it does mean someone would have to be familiar with my local copy of 1Password to determine the keyboard shortcut.

    Thank you for your prompt assistance it has been greatly appreciated! :)

  • @petalhanger: I have some ideas about how you might accomplish your goal with things as they stand, but that would depend on whether you're using 1Password 4 or 1Password 6. We're talking 1Password 6 here, but I hate making assumptions, so let us know which you're using and we can see what we can come up with. :chuffed:

    @michael_southwell: Honestly, the field type of "password" is not always used for just passwords. If you create a Social Security Number item, for example, the "number" field is actually classified as a "password" field but is, of course, not actually a password. You just don't see this because 1Password has the field type pre-set for that sort of item. In reality, a "password" field type is for any field that needs to be concealed but doesn't otherwise have any special characteristics. One-time passwords, for example, get their own field type because they're special, but there's otherwise no reason not to classify any field you'd like as a "password" to make sure it stays hidden.

    Still, it sounds like Mike has some ideas in mind for your use-case. He's taking a well-deserved vacation right now so I'm not sure what he has floating around his brain, but we'll certainly keep your feedback in mind moving forward. :chuffed:

  • michael_southwell
    michael_southwell
    Community Member

    Hi @bundtkate: Thank you for your response, the version numbers I am working with were listed in the initial post, but I have included them below for your reference:

    1Password Version: 6.8.492
    Extension Version: 4.6.12.90
    OS Version: Windows 10 1709

    I am very intrigued to hear what Mike has in mind when he gets back from his holiday. Please keep me in the loop :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    @michael_southwell: Sorry for the confusion. Kate wasn't asking you, but petalhanger. I'm also interested to hear more about the user case, but based on your original comments this sounds very much like something we're not going to do:

    certain items/categories are hidden from view until the password is entered.

    That would be security theater, as the data would already be accessible since you entered your Master Password to unlock 1Password. Just making you enter the same thing again would offer no real security benefit. And if you mean having a different Master Password to unlock certain items, that mean's people would need to remember two passwords. And if the past decade and a half since the old NIST password guidelines were introduced have taught us anything, it's that making people jump through hoops results in them using (and re-using) weaker passwords.

    It's better to use a single long, strong, unique Master Password and keep 1Password locked when you're not using it, since that is actually secure: your data is encrypted on disk and nothing is kept in memory. It also is easier to remember and type on good password then multiple weaker ones. You get more security benefit from using a single password that is slightly longer than two shorter ones. Our focus is to make 1Password more convenient without sacrificing security, and this approach, as I understand you proposal, would negatively impact both.

  • petalhanger
    petalhanger
    Community Member

    @bundtkate I'm running 4.6.2.626

    :)

  • @petalhanger: In that case, I don't have a the best solution ever for this since 1Password 4 doesn't have an All Vaults view, but you may still find one of these ideas acceptable:

    1. If you don't change passwords often, you could create a new vault with a different Master Password that is an exact duplicate of your current vault, minus the accounts you don't want to share with executors. You will need to update items in this vault separately from the one you use from day-to-day, which I know is a pain, but that may work better or worse for you depending on your password changing habits (for what it's worth the NIST no longer recommends changing passwords unless there's evidence the password has been compromised). This will allow you to use a single vault for day-to-day and keep the Master Password for the second vault (along with your Dropbox password) somewhere safe and accessible to your executors so they could open a "sanitized" vault should they need to.

    2. Create a separate vault only for those accounts you don't want to share, give it a different Master Password and delete them from your main vault. This will mean you'll need to switch vaults whenever you want to use these accounts and use two different Master Passwords, so whether this is a viable option for you will depend on how often you need these accounts and how much you hate switching vaults. In this case, you'd keep the Master Password for your main vault (along with your Dropbox password) somewhere safe and accessible to your executors so they could open it should they need to.

    3. Upgrade to a 1Password Family account. This is how I personally handle this situation. I have a vault I've shared with an extra user on my Family account. Everything I want accessible in the case of my untimely demise is saved there and I have the Emergency Kit with the Master Password for that user account stashed in a safe deposit box my parents and partner can access should anything happen to me. For now, I'm the only one that can see this vault since no one has the sign-in details for that extra user besides me, but my family can access that vault (but not my Personal vault) using the information I've left them. Plus, you get all the other benefits of a 1Password membership along with it, including the option to share 1Password with your family. :chuffed:

    I hope one of these helps and if you need any help setting things up, we're happy to lend a hand. :+1:

  • petalhanger
    petalhanger
    Community Member

    @bundtkate Thank you for taking the time to reply. The reason I chose 1PW4 over 1PW6, indeed the reason I chose 1PW over competitors such as Dashlane was because of the ability to add attachments to individual logins and individual secure notes. This is a feature I prize and make extensive use of to the extent that if 1PW removed support for the feature I'd have to migrate to something like Keepass, that does support it, even with the loss of functionality that would entail. So, as I understand it, migrating to a 1 password account isn't an option at the current time for me. I realise the above is offtopic for the thread however!! I have adopted the second vault idea as you suggested, but really this overrides the objection of @brenty to password protecting individual logins on the basis that it would require 2 passwords not one - because having 2 vaults also requires 2 passwords!

  • @petalhanger: To be completely fair to brenty here, you don't have to use two passwords -- you can choose to use the same one, but in your case it would seem to defeat the purpose, so in this case it seems a good thing.

    Also, for what it's worth, "attachment" support is coming to 1Password 6 (or 7, I suppose, but this distinction isn't particularly meaningful since folks currently using 6 will get 7 for free). I put "attachment" in quotes because it's a bit different in that each attachment exists independently as a Document item and is linked to its related Login/Secure Note/whatever as a related item. In fact, if you import your existing vault into 1Password 6, your attachments will be preserved as related item links. Even if you don't stick with it right away, you might check it out and see what you think. May be things have evolved to the point where a Family account is a better option for you. :chuffed:

This discussion has been closed.