1Password Teams and Private Account - No Access To Admin?

Hi,

Hope you guys are all well 😊.

I am newly part of a teams account and have it working fine for work.

I have a previous (currently not linked to the 1password 7 app or teams account) standalone setup syncing to Dropbox which has all my personal items in.

I know there is a private vault in teams, but I believe my password can be reset using the recovery process by the team admin, so potentially a flaw which can reset my master password. I say this because my admin will also have access to my work emails if they wanted too, so this could be accessed to aid the recovery process if they desired.

1) Is there a simple way to separate the two accounts with no way of my admin accessing my personal data?

2) Can I have a teams account running along side a dropbox vault?

3) If I change my email address in my profile to my own personal email, can the team admin change it back?

4) Any other options?!

I have seen the business account gives you free personal accounts but that is not my choice to make unfortunately.

Thanks if any one has any ideas!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    I believe my password can be reset using the recovery process by the team admin

    @insite: That is not he case. Someone would need access to your email account in order to go through the recovery process.

    Is there a simple way to separate the two accounts with no way of my admin accessing my personal data?

    The data in your account's Private vault is only accessible to someone with your account credentials.

    Can I have a teams account running along side a dropbox vault?

    You can, but it's not something we recommend since your data would then not be secured in your 1Password account.

    If I change my email address in my profile to my own personal email, can the team admin change it back?

    No.

    I have seen the business account gives you free personal accounts but that is not my choice to make unfortunately.

    I understand completely. But we'd be happy to help you encourage them. Just shoot us an email at [email protected] and we can go over all the benefits and see if 1Password Business is a better fit. :)

  • insiteinsite
    edited April 12

    Hi @brenty, thanks for the great reply! :)

    Regarding, not using dropbox and a 1password account together, do you not recommend using other cloud based services any more for 1password? Basically use a 1password account only is your recommendation?

    If i did keep them separate, would it become messy? Would i need different master passwords?

    So, I think the best thing for me to do is use the teams account and private vault and change my email address to my personal email account, that way the recovery process cannot be completed without my input and my email address cannot be changed either without me doing it.

    I guess the only drawback would be if for some reason my account was frozen or closed by my team admin I would lose access to the passwords. Or can you still get access on a read only basis if the account was closed?

    Sorry for all the questions! :)

  • brentybrenty

    Team Member

    @insite: You're very welcome! Happy to clarify if I can. :)

    Certainly Dropbox is a great service, and it's arguably the best option for people not using a 1Password account. But many of the benefits of 1Password membership are lost when using local vaults like that: you have to configure sync yourself on each device for each local vault; you don't get the automatic offsite backup and item history of the 1Password account, Travel Mode, or the added security of the Secret Key -- at least for the data in the local vault.

    But the main reason that I always recommend using only the 1Password account, especially here on the support forum, is that simplifies things greatly. Otherwise it can be easy to lose track of what is where, and get confused. For example, you might wonder why you can't save a large file to the vault, since local vaults are limited to 5MB to work well with various sync methods, and not eat up a lot of data right off the bat when you sync a new device. If everything is in your 1Password account, then you get all of the same protections (security, data loss) and features (Documents, history) no matter what. Hopefully that helps clarify my meaning.

    You raise a really good point though, which is really crucial: it's not really a good idea to store personal data in company account no matter what, unless you happen to be the owner of the company and the account. While your Private vault cannot be accessed by an admin, they can suspend or remove you, and there's nothing you can do about that; after all, they're paying for it, and probably it's contingent on you being employed there. People leave companies, whether voluntarily or not, so keeping your personal data in a personal account means you have full control over it and get all of the features -- and safeguards -- for that data as well.

    If the company went with 1Password Business, you'd have your own 1Password Families account which would have billing linked to the company account, but otherwise completely separate. If you left the company, the family account would be frozen -- read only -- until you setup billing for it. So there wouldn't be any risk there.

    I hope this helps. Be sure to let me know if you have any other questions! :)

  • Thanks again @brenty, I have just tried to change my email address but it says emails from this domain are not allowed, is that because its not the same as our work domain or do 1password block popular "free" email accounts? Thanks again!

  • rickfillionrickfillion Junior Member

    Team Member

    @insite: it could be either of those reasons. If you're using 1Password Teams or 1Password Business then the email domain will be limited by whatever the admin has configured. We do also have a list of "free" email accounts that are blocked though. We don't block services like gmail that provide free email, but we do block other services that provide "one time use" email addresses. We need the email address associated with the account to be an address that will work in the future.

    Rick

  • Thanks @rickfillion, makes sense, must be how the accounts are configured!

    Have a great weekend!

    Cheers,

  • BenBen AWS Team

    Team Member

    You as well. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file