1Password X allows saving master password?

six50joe
six50joe
Community Member
in Browsers (Edge, Chrome, Firefox, etc.)

Just installed 1Password X extension yesterday in chrome. I have been waiting for this for years now, thrilled that I can finally use it on my work PC for work passwords where the native 1Password app is not an approved app. Great job 1PW team!

I apologize to repeat if someone has already reported this, but while demoing it to my manager, I went to my 1Password for families page .1password.com. My manager observed that on that page, the 1pw icon appears in the master password entry and allows me to actually save the master password as a new login. I doubt this is intended functionality, just thought I'd mention.

Joe

1Password Version: Not Provided
Extension Version: 1.6.0
OS Version: Windows 7 Enterprise
Sync Type: 1Password Families

Comments

  • shreve
    shreve
    Community Member

    You have to already unlock the extension to get to that password, so it prevents you from having to type it again. I think this is the intended functionality, as it's been helpful for me.

  • six50joe
    six50joe
    Community Member

    Having to unlock 1PW first in order to access vaults is besides the point. As I understood it going back to the original versions of 1PW, the philosophy is that the master password is the only one you should never save in a vault, for various reasons all having to do with making your vault (and for that matter all your family vaults if you are the admin) significantly less secure. If the 1PW X extension allows you to do this, newer users might assume this is something they should do because the option is there and it is convenient. Even an experienced user like myself may accidentally save it by force of habit while going to the 1password.com web interface. If the functionality suits some users, it should be disabled by default and opted-in for the users that want it.

  • dteare
    dteare

    Thanks for sharing your love of 1Password X, @six50joe! It's music to my ears and fuel for my fire. And given that I stopped having caffeine yesterday, I can use all the help I can get today! 🙂

    As @shreve mentioned, having 1Password X show up on the login page for 1Password.com is indeed intended behaviour. The idea is you're able to store the details for multiple accounts within your main 1Password account. From there you're able to unlock your main 1Password account and then log in to any secondary accounts you may need access to.

    I admit that it's a bit a confusing and indeed it has confused me and others several times as well. Given this confusion we very well might change how this works in a future release.

    Thanks for sharing your thoughts on this design decision. We're still experimenting with 1Password X so it's great to hear where we hit the mark and where we need to improve.

    ++dave;

This discussion has been closed.