Sharing multiple 1Password primary vaults via Dropbox

Hello,

My girlfriend and I both use 1password and each have our vaults stored on our own Dropbox accounts. We have our own separate laptops, but have recently started sharing an iMac (with a single user account) at home. The shared iMac user has my Dropbox account on it, and I'm wondering if she can simply access her vault by sharing it to me via Dropbox.

Will this scenario work or are we forced to use separate iMac accounts? I remember reading a while ago that multiple primary vaults are problematic/not possible, but can't find any reference to it anymore. We would prefer not to use a non-primary/shared vault for security reasons.

Any information/caveats would be greatly appreciated.

Comments

  • sjksjk oversoul

    Team Member

    Hi @tkeeler,

    If your girlfriend shares the Primary vault in 1Password on her laptop through Dropbox it can be opened as a secondary vault in 1Password on your iMac. 1Password supports one Primary vault and when it's unlocked all secondary vaults (e.g. including your girlfriend's) will also be unlocked, while any secondary vault can be unlocked separately without unlocking the Primary.

    We would prefer not to use a non-primary/shared vault for security reasons.

    What specific security concerns do you have? There should be no difference whether a Primary or secondary vault is shared through Dropbox, except that sharing a Primary means the main Master Password is used to unlock it. If your girlfriend shares the Primary on her laptop you could let her unlock it on your iMac without giving your her Master Password, but it'll still be unlocked whenever your Primary is unlocked.

    If your girlfriend wants 1Password data that's in the Primary vault on her laptop to remain private, that can't be done by sharing it with 1Password in your iMac user account. That's when creating her own account on your iMac could be the best option. Or, if she only needs read-only access to her 1Password data from your iMac then 1PasswordAnywhere would be an option.

    Are you guys currently only using 1Password on your Macs? Adding other systems/devices into your 1Password ecosystem might be a factor in how you'd want to configure syncing/sharing now. And do you currently have any 1Password syncing configured?

    I hope that information is helpful so far, and thanks in advance for answers to those last questions. And if you have any questions please ask 'em. :)

  • Hi sjk,

    Thank you very much for your in-depth response.

    Essentially we were hoping to not give each other access to our vaults. But it looks like the primary vault always stores the keys for the other (secondary) vaults. It'd be a nice feature to allow multiple, independent primary vaults.

    I took a look at the 1Password encrypted sqlite database store in more depth today and I now understand why this feature isn't yet implemented. If it doesn't impact the 1Password security model, It'd be great to have the 1Password application leverage a 'reference' database that points to separate encrypted database/vaults. Of course this would mean managing multiple, independent sqlite databases (hence the reference database). Hopefully this is feasible in a future version.

    Thanks for your help,

    -T

  • MeganMegan

    Team Member

    Hi @tkeeler,

    1Password's multiple vault feature was designed to ensure that, even though you may have many vaults within your 1Password database, you still only have to remember one password. So yes, when unlocking the primary vault, all secondary vaults will be unlocked as well.

    If you want to keep your password databases separate, you will need to use multiple user accounts on the iMac. I'm sorry that I don't have a better answer for you at the moment, but I hope this helps to explain the situation! :)

This discussion has been closed.