Feature request: a separate vault with different access methods within a 1password account.
Hello.
I'm a fan of 1password.
This amazing service changed my digital life, I don't ever need to memorize or go threw password reset cycles all the time thanks to it.
However, having to type my master password and secret key limits my ability to access my 1password items to trusted devices only, since master password and secret key are two top secrets in my digital life.
Because we can't always in front of our trusted devices and sometimes we are forced to use public computers like in work environments, I think it would be a good idea for us to somehow access group of items in our 1password account using alternative password that is completely separate from master password+secret key combination.
Also for creating or updating items in 1password, it would be much better for us to use that alternative password to push new items or update existing items that are flagged to be used with alternative password.
To make it more concise, I'm requesting a feature to access 1password using different credentials that have different permissions, much like AWS access keys where you can generate and use for only specific purpose with restricted set of capabilities.
I think this is also cryptographically possible.
For example, if alice borrows bob's computer to check an email, with current system she have to share her credentials from her phone to bob's computer.
But since all of alice's accounts are locked behind 1password, it would be difficult and time consuming for her.
Further more, if she have to access several accounts and even create a new account on some service, the issue gets more tricky.
But with the new system that I'm suggesting, if alice had made a separate vault with an easy to memorize access key, and put some of her most frequently used credentials in there, she can immediately access her accounts without being interupted or revealing her master password and secret key.
This could be achieved by creating a separate database in alice's account and encrypting copy of items that are specified to be used with that access key, using the access key in question.
Pushing items to main 1password account without master password would be also possible by putting all active access keys in the main account, push items that are encrypted with one of these access keys, and upon receiving an access key encrypted item, the server broadcasts an event to all trusted devices logged in with the same main account to retrieve, decrypt, re-encrypt with the main account master key and push that item to the main account.
This concept is not without downsides however, for example bob can figure out alice's access key and get access to her accounts, but it is much better than the master password and secret key being exposed, and multi factor authentication can come to rescue when such thing happens.
The reason I'm requesting this feature is I'm working in an office and I have to use a lot of my accounts like gmail, github, microsoft etc.
For now, I generate and send password sharing links from my phone to computer, but doing this all of the time is not convenient, and when I use a public computer for the first time because of moving to another office etc, I have to manually type over 16 characters long password that is saved in 1password to the computer.
If I have to create new account, I use a short memorable password and use 1password to change the password of that account once I get back to home.
It can be a slow, insecure process since sometimes I forgot to change passwords.
I would really appreciate if this feature comes to life.
I'm uploading this to 1password for windows forum but this feature can cover entire 1password platform if it gets implemented.
I hope I can securely use 1password truely anywhere.
Thank you in advance.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
