Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Feature request: Secondary 1Password login
I'd like to put in a request to have a second way of logging into a separate vault from the 1Password login screen. Slightly similar to the "fake master password" suggestion, but not. I'll explain my...
1P_Rob
1Password Team
1Password TeamHey, Ryan_Parman. Thanks for sharing 1Password with your friends and loved ones. Folks like you play a huge role in helping non-technical users stay safe online.
My understanding of your concern is that you expect your non-technical friends and family to use simple passwords like hamburg3r to unlock 1Password, rather than strong passwords like a generated passphrase. And so you set them up with a standalone vault in iCloud that they can unlock with that password, which then gives them access to their 1Password accounts. The risk of a weaker password is reduced because their iCloud vault is not publicly available on the web so someone would need to actually access their device to compromise their account. Is that summary correct?
Assuming it is, I have what I think is good news for you, in multiple parts.
First, we designed 1Password.com with this kind of concern in mind. We didn't want attackers to be able to just launch a password guessing attempt at anyone's account from the sign-in screen. That's part of the reason the Secret Key exists. It has essentially the same effect as your standalone iCloud vault: it's only available from your devices and it's required to sign in. Even if your account password was hamburg3r, no one who knew or guessed that would be able to access your account without having your Secret Key.
Of course, if they could access your device, they could get a copy of your Secret Key, but they could also unlock your standalone iCloud vault. So these approaches are essentially equivalent.
The second part to the good news is that 1Password actually does still sync with iCloud. It doesn't save a local vault there, but it does save a list of account information (including your Secret Key but not including your account password) you've used to sign in before. So when you go to set up a new device, 1Password will show you a list of the accounts saved in iCloud and let you sign in with just your account password, no Emergency Kit needed. Here's a screenshot of this in action with one of my test accounts:
This makes setting up a new device an absolute breeze. As long as you've signed in to iCloud, these accounts will be available to sign in with just your password. And this too is essentially the same security model as your standalone iCloud vault. The Secret Key is required to sign in so only someone with access to your iCloud account can sign in using your password.
While we still recommend folks choose a strong unique password to protect their 1Password account, you can rest easy knowing that if someone chooses not to do so, their data is still just as secure as with standalone vaults.
I hope that helps!
