Elevated security for some passwords and/or vaults

mcd
mcd
Community Member

I like being able to use Touch ID, Face ID, etc. to access most of my passwords, but there are some passwords and documents where I'd prefer a little more security. I'd like to keep some of my passwords and/or vaults only accessible if the master password has been entered -- or perhaps only if a secondary master password is entered. I understand this could be a huge shift in the design of 1Password, but it would allow people to have a more convenient user experience for the majority of their passwords without compromising the security of their most sensitive passwords.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    We don't have any plans for that, since it would be "security theater" -- i.e. you've already entered your Master Password, so that your data can be decrypted. Your Master Password protects all of your 1Password data, and if you're using biometrics to unlock no one will be able to get in anyway without either having you in their posession, or your Master Password...which I'd bet they can get from you anyway if you're their captive.

  • mcd
    mcd
    Community Member

    What I'm describing is actually something slightly different. I'm not advocating for smoke and mirrors pretending that a vault's passwords have additional security, I'm advocating that they actually require a secondary password to be decrypted.

    In other words, I would prefer a solution where the master password does not decrypt all vaults and where I could designate some vaults to require both a master password and unique, vault-specific secondary password to be decrypted. There are other solutions that would achieve my goals, this is just one path.

    The balance of security and convenience is not the same across all of my passwords, and I doubt they are for most people.

  • Should we rename the product "2Password" then? ;)

    In all seriousness, we find enough customers have difficulty enough remembering one password. This sounds like a level of complexity that would contribute further to many people's difficulties. We actually used to do something similar to this on iOS, and it caused so many problems that we did away with it. I'm certainly not saying we're rejecting the idea outright, but I do think there are a lot of factors that need to be considered.

    Ben

This discussion has been closed.