The real problem behind 1P8

Anonymous

5 years ago

Sure. So I get the nuances, I really do. The problem is that most 1P users aren't professional security people, so having inconsistent messaging complicates training and enablement. If the message is 'password reuse is bad', that's a full stop. As soon as we offer options/nuances, then where does that line end?

I have two 1P accounts, with two different passphrases. One for work, one personal. Since those don't change, remembering two isn't a big deal.

Now if you wanted to implement some type of SSO-esque system, that'd be fine. Because it's One Password (pun intended) that unlocks multiple things like Okta does. But telling people to manually set multiple passwords to be the same is dangerous.

And, there's another issue. In an eDiscovery situation, there's a possibility that the employee may be compelled to give up their work passphrase...but now their personal vault is exposed.

Happy to chat more about this.

Forum Discussion

Featured discussions

August at 1Password: Android filling updates, Pax8 Marketplace, and AI security insights

Recent discussions

How to disable "Microsoft was used to sign in to:" prompts?

Feature Request: Register for the otpauth:// scheme in Android app

How to Install 1Password on Raspberry Pi 5

Conversion Nightmare?

Native Password AutoFill Extension macOS