How many master passwords do I have?

edited March 2018 in Families

I changed my master password in late January.

Seeing https://blog.agilebits.com/2018/03/13/1password-x-better-smarter-faster-and-japanese/ this morning, I thought I'd try out 1PasswordX. At the sign-in (https://my.1password.com/signin?a=new) my family account url, secret key and current master password repeatedly failed to authenticate. On the off-chance I tried my old master password (ie. from before the January change), and, sure enough, that got me in.

I would have thought when I change my master password locally, that should propagate to my account online? It's only luck that I remembered the old one. Another month or so and I would probably have forgotten.

And now I have completely different master passwords for my local 1Password, and 1PasswordX.


1Password Version: 1Password 6 Version 6.8.7
Extension Version: Not Provided
OS Version: macOS 10.13.3
Sync Type: Not Provided

Comments

  • Just a note to avoid any confusion - that sign-in url I've quoted is wrong. I'm signing in to my family 1password url, ie. of the form https://oursubdomain.1password.com/signin?a=new

  • brentybrenty

    Team Member
    edited March 2018

    I changed my master password in late January. Seeing https://blog.agilebits.com/2018/03/13/1password-x-better-smarter-faster-and-japanese/ this morning, I thought I'd try out 1PasswordX. At the sign-in (https://my.1password.com/signin?a=new) my family account url, secret key and current master password repeatedly failed to authenticate. On the off-chance I tried my old master password (ie. from before the January change), and, sure enough, that got me in. I would have thought when I change my master password locally, that should propagate to my account online? It's only luck that I remembered the old one. Another month or so and I would probably have forgotten.

    @crisbennett: Thanks for reaching out. I’m sorry for the confusion! To change the Master Password for a 1Password.com account, you'll need to change it in the account. It sounds like you changed your Master Password for a local vault (Primary) you have setup in the app on one of your devices. This is completely separate from any 1Password.com account, so there is no way that changing its Master Password would affect your account. Is there a specific reason you're also using a local vault?

    And now I have completely different master passwords for my local 1Password, and 1PasswordX.

    You can change your account's Master Password at https://start.1password.com/profile

    Just a note to avoid any confusion - that sign-in url I've quoted is wrong. I'm signing in to my family 1password url, ie. of the form https://oursubdomain.1password.com/signin?a=new

    No worries! Just to clarify, my.1password.com should work too (though you'll still need to enter the correct account credentials). I hope this helps. Be sure to let me know if you have any other questions! :)

  • It sounds like you changed your Master Password for a local vault (Primary) you have setup in the app on one of your devices.

    If there is such a thing as changing a master password for a vault, 1Password hides this from the user entirely. The UI only offers the option 'Change Master Password' (prefs -> Security). There is no mention of different passwords for different vaults. I changed my MP in the way my macOS 1P client affords. I didn't intuit that there should be different master passwords for fairly obvious reasons (it's the name of the product!)

    Is there a specific reason you're also using a local vault?

    Again, I have made no choices beyond what 1P offers me here. I originally had the standalone version. I switched to agilebits-hosted Family account. I moved my existing passwords from the existing Primary vault to the newly-created Personal vault (in my Family account). That's all.

    So far so good -- poor interaction design (almost universal in tech, so no great shame to Agilebits here) has misled me into changing the master password 'for' my old (unused & empty) local Primary vault.

    What really puzzles me is how entering my local/Primary vault's master password can give me access to my hosted account vaults. I have only been alerted to this password-per-vault-type issue by the use of 1PasswordX. The standard client (and Chrome extension) allows me to use my local-Primary-vault-master-password to get into the hosted vaults. How can this be?

  • LarsLars Junior Member

    Team Member

    @crisbennet - If you'll look in 1Password for Mac, open Preferences > Vaults. Is the first thing listed there "Primary?" If so, then that means the password you created/used for your Primary vault is also 1Password's Master Password -- the one which unlocks all the other vaults you have, whether they're local or 1password.com accounts. The reason we do this is because we're called 1Password. We thought it sounded better than 1Password for every vault you have. 😉

    Joking aside, that's why, in our guide to moving from standalone to a 1password.com account the instructions say explicitly:

    During setup, you’ll be asked to create a Master Password. Use your existing Master Password.

    (emphasis added)

    You're not required to use the same Master Password, partly because we don't like hemming you in but mostly because the 1password.com servers don't know what your Master Password is on your standalone data (or even that you have standalone data). But because standalone data resides only on your own device, while 1password.com account data resides on the 1password.com servers, the two can indeed be separate. In other words, if you a) choose a different Master Password when you set up your account than the one you've been using as your Master Password on your standalone 1Password data, and b) add your account into 1Password without c) removing your local, Primary vault, then yes, you'll have two Master Passwords: one for when you sign into your 1password.com account in a browser and the other (your old, existing one) for your Primary vault (and thus your 1Password for Mac app).

    If that's sounding confusing, well, that's why we recommend existing standalone 1Password users use the same Master Password when they open a 1password.com account that they used in the past -- because it can indeed get confusing if you don't. If you've still got 1Password's Preferences open, and you go to the Accounts tab, you'll see the option to Change Password for your account there. The reason it's separate from the Change Master Password action in Preferences > Security is because the Master Password you created for your 1password.com is not your Master Password for 1Password for Mac; your first vault in 1Password for Mac is...which is the one for your Primary vault. This can always be reset or changed...but not without removing that Primary vault.

    There's a considerable amount more that goes on behind the scenes, but essentially, every local vault (and every 1password.com account) have their own password. In a native app like 1Password for Mac, we essentially escrow the keys for everything but that first vault within the first vault. In other words, when you add a new local vault or add a 1password.com account into 1Password for Mac, the keys to decrypt that vault's contents are stored within whatever your first vault is (usually Primary). That's how we achieve the ability to say you only need to remember your 1Password.

  • Thanks @Lars for the useful & interesting background. I have one comment and one question:

    Firstly, the comment. I think there is a moderately serious interaction bug here. Think about it from the point of view of the situation I was in before the January change of my master password (now I know: only for the local Primary vault). It was many months since I had switched to using an online account. I could hardly be expected to remember everything I might (or not!) have read during that process. During the switch I had followed the suggestion of using the same master password for the account as I was using locally.

    So to change my master password I did the obvious thing: open prefs, see the security tab, see 'Change Master Password', and change it. The only way to avoid getting my local and account passwords out of sync at this stage would be to either remember whatever had been pointed out when switching to an online account, or then choose (for what arbitrary reason?) to explore the prefs UI further by also clicking on 'Accounts' and seeing a second (mysterious & unexplained!) 'Change password' button here.

    It would be worth your designers thinking through this a bit for future versions. The quick and dirty approach (not great, but better than nothing) would be to ensure the user is alerted to the other password-change operation when going through one of them.

    Secondly, the question: if I delete my (old, local) Primary vault (which I might as well as it is empty), which vault becomes the new 'first' vault (for storing keys to other vaults & account)? Is it the one chosen with the 'Vault for saving' dropdown in prefs -> All Vaults?

  • bundtkatebundtkate

    Team Member

    @crisbennett: Thanks for the suggestion! I honestly think the issue with the situation you ended up in is less an issue with the process of changing your Master Password, though, and more a problem with the account migration process. If you're making a wholesale transition to a 1Password membership, ideally, we want you to end up with your Primary vault gone when you're done. This way, changing your Master Password will do what you naturally and reasonably expect it to – change the Master Password for your account – and you'd never end up in this situation.

    If you follow our migration guide exactly as it's written today, that's where you'll end up, but we can't assume everyone will do that. We also don't like the idea of removing your Primary vault for you because then we're technically deleting your data. This process is much better than it once was, but we know we still have room to improve. It's a topic we circle back to often and I'm sure we'll end up making changes to make that process work better down the road, in no small part to allow you to make the reasonable assumption you did. :+1:

    Secondly, the question: if I delete my (old, local) Primary vault (which I might as well as it is empty), which vault becomes the new 'first' vault (for storing keys to other vaults & account)? Is it the one chosen with the 'Vault for saving' dropdown in prefs -> All Vaults?

    The vault for saving will be chosen by default and you'll have the option to choose a different one in the save dialogue where needed. :chuffed:

  • @bundtkate Sure, I can see that migration is the prime mover here. Still, however one has got to the app's current state, the effect of actions from there would ideally be obvious to the user. It wasn't to me in this case.

    Anyway, I've removed the empty local vault so won't be bitten by this again. Thanks to all for the detailed explanations.

  • brentybrenty

    Team Member

    @crisbennett: Sure thing! To be clear though, when you signed up for a 1Password.com account, you were guided to do two things: setup your Master Password, using your existing one unless it's simply too weak, and migrate your data, which includes removing any local vaults. Not everyone wants to do these things and they're at your discretion; it's your data after all. But I don't think it's 1Password's fault if you do differently. After all, you'll only have different Master Passwords for different vaults/accounts if you chose to do so yourself. We definitely recommend using a single long, strong Master Password for 1Password in general, to not only be secure but also avoid confusion. The confusion that does exist is because we didn't shut down everyone using the standalone 1Password apps and make them migrate to 1Password.com. It would have been possible for us to do much more holistic handholding if 1Password.com memberships were the only way to use 1Password, but we didn't want to disrupt those — like you as well previously — who had an existing 1Password setup. I think it's good for 1Password to give recommendations, but ultimately let you have final say. And we're here to assist wherever possible as well. Cheers! :)

  • @brenty - you definitely win the prize for spectacularly missing a point.

  • LarsLars Junior Member

    Team Member

    @crisbennett -- I definitely understand where you're coming from with regard to confusion about the point and worry that inadvertently taking a step you didn't fully understand might lead you into a situation where you'd forget the very credentials you need to access your most-important data. And it's something we're constantly evaluating to see whether we can improve it, either through the code itself, or through refining and clarifying the steps the user is instructed to take to get switched over from standalone 1Password to a 1password.com account.

    The problem (for us) is that what people want isn't always the same. Some people want to keep old Primary vaults, others don't. If we put warnings or pop-ups to prevent people from taking certain steps, it has to be done in a way that doesn't confuse those users who weren't planning on those steps anyway, while remaining useful to those who might've been. The other issue is that as time passes, the number of people wanting to "cross over" from standalone to a 1password.com account will dwindle, because most people will either have already done so, or they'll be committed standalone users who stuck with the traditional method on purpose and don't plan to change. Or perhaps they'll be new users who start up from the very beginning in a 1password.com account and never have to even think about "switching."

    Thanks for letting us know that (and where) this process broke down for you and was not transparent; we appreciate the feedback. Have a great week!

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file