Checking on my understanding of some features before buying

Malcor

Okay, let's see if I can be concise here. I work at an independent publishing house with a six person staff, and occasionally we have an intern or two for a little while. My supervisor has asked me to investigate a program that he could use to temporarily give out access to accounts without actually providing people with the login information; essentially giving out masked passwords so that the user won't have continued access to the account in question.

So, now that you know what we're trying to do, I think I've figured out a somewhat roundabout way of doing this, but I can't (or at least can't figure out how to) test it in the trial version. Firstly, I'm led to believe that each license purchased can be used by six people, who will each have their own master password, folders, etc. Is this right, or is it one account with the same master password that can be accessed from six different places?

Assuming I'm right in my understanding of the above point, it seems to me that we could achieve an unmasked version of the password sharing by having my supervisor control and designate the passwords, placing them in a shared folder between himself and the user in question, then removing the password from the shared folder and changing it once the user has completed their business on whatever they were on.

So I didn't do that well on the concision, but is there anything I'm overlooking or misunderstanding here? Thanks in advance for the help.

rickfillion

Hi @Malcor,

Thanks for writing in. Let's focus first on the technical aspect of this, before the licensing issues. There's no use looking at licensing if it doesn't do the task you're trying to accomplish, so let's make sure we're a good fit for the problem.

Currently there's no way to do the Masked Password solution. If someone has access to a password in 1Password, they can see the password value itself. If you think about it though, that makes sense. The user needs access to the password, as you don't necessarily know how they're going to use it. So this means you need to give them access to it in a way that lets them use it in the most common ways, which means allowing them to copy it to the clipboard. Once it's on the clipboard they could just as easily paste it into a Word document, and see the value.

Looks like you might be OK with the Unmasked Password solution. The way to go about doing that with 1Password would be to have shared vaults. If I'm understanding your situation correctly, here is what I would recommend:

1. A shared company vault. This vault would be used by everyone trusted within the company (i.e. the non-intern staff) so that everyone has access to all the accounts.
2. An intern vault. This vault would contain only those passwords that interns would need access to.

To give interns access to a password, you would go into the company vault, right click on the login item in question, then go to Share > Copy > Intern Vault.

When you don't want them to have access anymore, you would go into the intern vault, find the login item, trash it, then empty the trash. As you noted, you'd also want to go change the password for that login item so that if they have the password retained anywhere it will cease to work.

I love shared vaults. It's almost starting to get embarrassing how many of them I have setup for different situations. :)

Does this sound like a workable solution for you?

Rick

Malcor

@rickfillion,

Thanks a lot for the response; yes, that sounds like pretty much exactly how I figured it would work. With that resolved, there's still the licensing question, and one other issue that I forgot to ask about in the original post: We all run Macs, but on varying OS's ranging from 10.6.8 to 10.10.2. We aren't particularly opposed to upgrading our older OS's if we have to, but if we can avoid it it'd save us a bit of extra tinkering over the weekend. And, in case it's relevant to the licensing portion of the question, we have 9 computers in the office, plus our server tower. It's rare for more than seven to be in use at once (and usually only six), but I thought I'd provide that information.

McCormick

Ben

Hi @Malcor,

It would be ideal if everyone could get up to OS X 10.10, but it isn't a deal breaker if not. 1Password 3 for Mac can still be downloaded and used and if you purchase 1Password 5 for Mac licenses your licenses for that will work on v3 & v4 as well.

It sounds like you probably need eight 1Password for Mac licenses from our business store:

https://agilebits.com/store/business

Each person needs a license for each platform that they use 1Password on. With the interns you have the option of letting them keep their 'seat' on your business license, but then you cannot re-issue it. If you'll be reissuing, simply don't give them access to the license information (e.x. Install it for them), and if installing on their personal devices be sure to uninstall it before they leave.

The same goes for other employees as well. They are welcome to install 1Password for Mac on their personal Macs using your business license under the same conditions.

I hope that helps. :)

Ben