Trying to set up Families

johnbeatyjohnbeaty
edited March 2016 in Families

So, I have been using 1PW for a couple of years at this point. So has my wife, and our grown son. When multiple vaults became available, we added them, but they are not a great answer, as they do not update when the originals change. So I wanted to use Familes, and hoped I would love it like I love my regular 1PW.

Nope. Setup is really confusing (apparently you should use your existing 1PW password/phrase, but you don't know this until you read deeply into a hints doc), references to some features refer to Teams even when it includes Families, each family member has to have their own printed and stored key (which kind of defeats the purpose of a secure vault?), no indication of which icon refers to which version of 1PW (Both are 6.02, so why are they labeled differently?), so finding it in the Applications folder is a crap-shoot, no info about what happens to old 1PW when you move the info (is it still there? Will it update or will it wither like the shared vaults, what if you change something in solo 1PW?), as someone else mentioned, no way to change names of devices so no idea which devices have been upgraded without gathering them all together, no idea if the 1PW mini attaches to Families or original, ditto browser plugins. I can go on.

I'm sure some of this info is available in the forums, or in an administrator doc, or somewhere. But I'm not an administrator, I'm a father trying to keep us afloat, and this is way too much like another job.

Sorry folks, I wanted to like this. Maybe in a year or two?


1Password Version: 6.02 (
Extension Version: Not Provided
OS Version: OSX 10.11.3
Sync Type: Dropbox

Comments

  • AleenAleen 1Password Alumni

    Hi @johnbeaty!

    Sorry for the delay in replying here; thanks for your patience with us :) You brought up a lot of great points, and I'm so glad you took the time to write to us. Let me see what I can do to help here!

    (apparently you should use your existing 1PW password/phrase, but you don't know this until you read deeply into a hints doc)

    You definitely can use your existing Master Password, but I wouldn't say that you should necessarily. This is something we struggled with as we were figuring out what the setup process would be like for 1Password Families customers--we didn't want to encourage people who were using poor Master Passwords to continue to use them, but we didn't want to make people switch if they didn't want to. I don't know what the best answer is, but I'll definitely pass on your feedback so we can look at ways to make this experience better.

    some features refer to Teams even when it includes Families

    I'm sorry about that. We were really excited to get 1Password Families out! We're working on updating things :)

    each family member has to have their own printed and stored key (which kind of defeats the purpose of a secure vault?).

    The Emergency Kit is really just for emergencies--we recommend that you store it somewhere really safe, like where you'd keep your birth certificates, marriage licenses, and other important documents. It's there just in case. Your Account Key is available in 1Password on all of the devices where you set up 1Password Families, so it's a good idea to set it up everywhere ASAP :)

    Your Account Key is an extra layer of security to make sure that your information is as safe as it possibly can be. We have a security white paper that goes into things in depth, but here's an important bit:

    The combination of your Master Password and your Account Key protects your data from a range of attacks. An attacker who obtains your encrypted data or gains access to the 1Password for Teams server would need to steal your Account Key from your own machine before being able to launch an offline password guessing attack against your Master Password.

    Basically, we're trying to strike a balance between making sure your data is really secure but also not too hard for you to access.

    If you'd like to talk more about the Emergency Kit or our security measures (like the Account Key), I'd be happy to pull one of our security experts in to the conversation :)

    no indication of which icon refers to which version of 1PW (Both are 6.02, so why are they labeled differently?), so finding it in the Applications folder is a crap-shoot, no info about what happens to old 1PW when you move the info (is it still there? Will it update or will it wither like the shared vaults, what if you change something in solo 1PW?), as someone else mentioned, no way to change names of devices so no idea which devices have been upgraded without gathering them all together, no idea if the 1PW mini attaches to Families or original, ditto browser plugins. I can go on.

    1Password Families is available in the version of 1Password for Mac you've been running; there's not a special app you need to download. You can even keep your old vaults if you'd like and run them alongside your 1Password Families account. I'm sorry this wasn't clearer! I'll also pass on this feedback to our marketing and documentation teams so we can work on doing better.

    It sounds like you have two copies of 1Password on your Mac now. If that's the case, we have an article to help you get down to one copy of 1Password for Mac.

    Whew! I've gone on for a while here, so I'll leave it for now. Please let me know your thoughts :)

  • I have been having the same basic trouble.
    This is a very helpful rundown on the basics; I think a lot of folks may agree that his is NOT very straight forward.
    a manual of basic operations is better than a series of FAQt hat may or may not answer a question.

    Roger

  • JacobJacob

    Team Member

    @lasllcap Thanks for the feedback.

    a manual of basic operations is better than a series of FAQt hat may or may not answer a question.

    I can definitely agree with you there, depending on the use case of course. There's a lot of good opportunities for FAQs, but definitely not for getting started with a piece of software. What did you find was missing and where did you look for it? We'd love to improve things. :)

  • What there isn't is a simple document that starts with "Do you already have 1Password?" and then links to 2 docs: one for yes, the other for no. Then each one has step by step instructions (with links for extra information NOT the basics, but additional explanations, odd cases and the like) with screenshots of likely setups. The steps by steps should include asking for the existing Master PW to be checked for how secure it is and recommending a different one if it's weak, and creating the initial vault(s), checking for duplicate 1PW applications, looking for browsers and offering to install extensions, 1Mini install and verification etc. What I'm getting at is a complete install procedure and document, not a bunch of links to go to in order to >find out< if they're the right docs. and for pete's sake, no video! You can't follow along, so while it's great as an overview (and much cheaper to produce, i'm sure) and actual printable doc is far more useful.

    Anyway, that's my 2 cents. 2 days later, I'm still trying to figure out your existing info. Your response was not particularly clear, and while it contains good info, it's not what I need: What happens to the vaults? Are the old ones brought in? Are there multiple vaults, and how do they update? (this is for Families?) How do i know which instructions are for Families and which for Teams, when the docs confuse the 2?

    And storing the emergency kits is an interesting idea. I wonder how long it would take me to get to the bank and get it out of my safety deposit box in an emergency? Seriously, there's got to be a better way.

    Thanks

  • Thats pretty much it.
    R

  • brentybrenty

    Team Member

    What there isn't is a simple document that starts with "Do you already have 1Password?" and then links to 2 docs: one for yes, the other for no.

    @lasllcap: You just described the open screens of 1Password, which you see the first time you set it up.

    Then each one has step by step instructions (with links for extra information NOT the basics, but additional explanations, odd cases and the like) with screenshots of likely setups. The steps by steps should include asking for the existing Master PW to be checked for how secure it is and recommending a different one if it's weak, and creating the initial vault(s), checking for duplicate 1PW applications, looking for browsers and offering to install extensions, 1Mini install and verification etc. What I'm getting at is a complete install procedure and document, not a bunch of links to go to in order to >find out< if they're the right docs. and for pete's sake, no video! You can't follow along, so while it's great as an overview (and much cheaper to produce, i'm sure) and actual printable doc is far more useful.

    Indeed, this is our user guide, which walks you through setting up the app, the browser extensions, and various features. Interesting that you seem opposed to video tutorials, as those are actually a popular request: more videos. Different strokes for different folks! We're constantly working to improve our user guides and the documentation on our support site.

    Anyway, that's my 2 cents. 2 days later, I'm still trying to figure out your existing info. Your response was not particularly clear, and while it contains good info, it's not what I need:

    Without knowing the specifics, it's hard to know how to answer your questions I'm afraid. For example:

    What happens to the vaults? Are the old ones brought in? Are there multiple vaults, and how do they update? (this is for Families?)

    Which vaults are you referring to specifically? To be clear, in 1Password for Families (or Teams), you'll have a Personal vault that is just your own, a Shared vault for the whole Family/Team. Then "are there multiple vaults" is entirely up to you; you can create as many as you like! As far as "how do they update", any changes you make to a vault are sent to the server, where your data is stored, and then you access it from your devices through 1Password (or by logging in through the browser).

    How do i know which instructions are for Families and which for Teams, when the docs confuse the 2?

    I'm sorry for the confusion! Since 1Password for Teams and 1Password for Families are based on the same technology, in many cases they are one in the same. But more importantly, we're working on updating all of it to be more clear. Thank you for bringing this up!

    And storing the emergency kits is an interesting idea. I wonder how long it would take me to get to the bank and get it out of my safety deposit box in an emergency? Seriously, there's got to be a better way.

    If there's a better way that's just as secure, we'd love to hear it! It's certainly a difficult problem. After all, you probably don't want to memorize your Account Key, or store it in an insecure place.

    But keep in mind that the "emergency" isn't something like "my house is burning down right now and I need to get into 1Password on a new computer to call the fire department. Getting into 1Password won't be important at that moment. Rather, it's more likely to be a situation where your house has already burned down, along with all of your devices with 1Password already setup on them (which would already have the Account Key), and then you'll need the Account Key (from the Emergency Kit) to setup a new device — at which point you can access all of your sensitive information again, much of which you'll likely need to begin the process of recovering from the loss.

    Thanks for taking the time to give us this feedback. It absolutely helps us make 1Password (and its documentation) better. Please let us know if you have additional questions, and if you can clarify some of the others you asked we can get you better answers to those too! :)

  • johnbeatyjohnbeaty
    edited March 2016

    Um, if you already have 1 PW installed, and are just trying to get Families working, this doesn't happen, at least not on my computer. I imagine this is partly due to the App store/ Buy from us issue. But why doesn't 1PW check to see is there's another copy installed before installing? Because that absolutely didn't happen.

    Us having the account key is like the bank giving us both copies of the safety deposit key and reminding us to keep it a safe place. IMO. But now I understand what you are after, so OK. Again, it wasn't clear to me that that was the purpose.

    Vaults: In 1PW (not teams/Families) shared vaults don't update, which means that all the family items are either duplicated or stored in the family vault. Which in practice means to us that the shared vault is huge, and the individual vaults not. Or you have to keep updating 2 places. In families and teams, what is the reality? Do shared vaults update from each individual vault?

    I'm 58 years old, my wife is 65. The videos move at a pace more suited to my daughter than me: I just don't absorb the info that fast, and I'm primarily a text person. This is problem that I hear daily from my peers.

    Look, I don't want to rag on you guys: I love the original and will keep using and recommending it. But Families is not as easy to set up as the original, and that's what I want to bring to your attention. Others may not have these issues, that's fine. But at this point I've dropped adding Families from my to do list until further time and energy become available. It's just not straightforward enough (for me, it's true.)

  • brentybrenty

    Team Member

    Um, if you already have 1 PW installed, and are just trying to get Families working, this doesn't happen, at least not on my computer. I imagine this is partly due to the App store/ Buy from us issue. But why doesn't 1PW check to see is there's another copy installed before installing? Because that absolutely didn't happen.

    @johnbeaty: I think you hit the nail on the head. Part of the difficulty right now is that it's a transition. I'm sorry it hasn't been easier, and we're working on ways to make it so. But frankly the biggest hurdle is that — for now at least — some folks are kind of straddling the two. Going forward, people will mainly be choosing from the outset to go with 1Password for Families or the standalone app, rather than trying to negotiate between the two. Thanks for clarifying.

    You definitely only need one copy of 1Password regardless, as you can use local vaults right along 1Password for Families vaults, indefinitely if you wish. Thats what I'm doing, at least for the foreseeable future.

    Us having the account key is like the bank giving us both copies of the safety deposit key and reminding us to keep it a safe place. IMO. But now I understand what you are after, so OK. Again, it wasn't clear to me that that was the purpose.

    That's an excellent point! With banks, you kind of don't have a choice: they have access to your stuff, and it's only policies that keep them out of your box. In the case of 1Password for Families, technology makes it possible for AgileBits to have your encrypted blob stored on the server with the complete and utter inability to decrypt it. That's why you need to hang onto your Account Key: we don't have a copy of it, and the situation is such that we don't need to have it to store the data for you to access it.

    Vaults: In 1PW (not teams/Families) shared vaults don't update, which means that all the family items are either duplicated or stored in the family vault. Which in practice means to us that the shared vault is huge, and the individual vaults not. Or you have to keep updating 2 places. In families and teams, what is the reality? Do shared vaults update from each individual vault?

    Ahaaa! Thank you for explaining the question. I'm sorry for the confusion! Each family member's, by default, has two vaults they can access: a Personal vault which is only accessible to them, and the Shared vault which, as in the name, is a vault shared between all family members. These are separate vaults with separate data.

    The Shared vault is handy for things that everyone will need to be able to access, such as Wi-Fi password, home alarm codes, etc. Anyone accessing this is accessing the same data, so if you change the alarm code and update it in the Shared vault, everyone will get that change.

    The Personal vaults, on the other hand, are not connected to each other. I have my own, my wife has hers, etc. This is useful for storing each individual's logins and other information that you don't need or want to share.

    Finally, you can create additional vaults, either for your own personal use, to share with the whole family, or only select family members.

    I'm 58 years old, my wife is 65. The videos move at a pace more suited to my daughter than me: I just don't absorb the info that fast, and I'm primarily a text person. This is problem that I hear daily from my peers.

    I think I fall somewhere in the middle of that spectrum, but I do see your point: I just had to sit through a rather long video tutorial and all I could think was "give me a bulleted list, man!" :lol:

    Look, I don't want to rag on you guys: I love the original and will keep using and recommending it. But Families is not as easy to set up as the original, and that's what I want to bring to your attention. Others may not have these issues, that's fine. But at this point I've dropped adding Families from my to do list until further time and energy become available. It's just not straightforward enough (for me, it's true.)

    I don't think it's just you. It's different in a lot of ways from using the standalone 1Password apps. I think that's part of the difficulty for anyone already familiar with 1Password. The differences are what make it great, honestly, but it also means learning and growing accustomed to something new.

    You're absolutely right about all of this, and we'll keep working to make it easier and also help you and anyone else. And honestly we couldn't do any of that without your thoughts and criticism, or just reaching out when you're having trouble. I hope that my answers above have helped, and I'd love to answer any other questions you have, and any other comments you'd like to share too. Thank you so much for taking the time to do so! :chuffed:

  • Thanks for the info and help. Next weekend I'm going to try again. I would like to point out that in at least some families the needs are very different from work teams. For example, families might share Netflix, Apple, Google, newspaper accounts, share between parents bank and financial info while maintaining separate accounts as well, and in general being far more enmeshed in each other's lives than Team members. So having a main vault and smaller separate vaults is backwards to Teams which need large personal vaults and smaller shared ones. This leads to interesting issues: Where do you store the shared vault, and how do you make sure that one person can't lock the others out? (like in a divorce) or erase items in a shared vault (like logins to school and supervised teenage things?)

    The other part is that my bank cannot open my safety deposit box without me: we need both keys. This is the situation prior to you having us the 2nd key: Without both keys, you have to drill out the lock, one party can't just open it. That's why it worked so well for your users to have you hold one key and us the other: if we lost ours, you could organize creating a new one. Now, we have to maintain that capability. And while I understand you not being willing to be the world's key escrow for both practical and legal reasons, it's difficult to wrap my head around not being able to get support if a disaster happens.

  • brentybrenty

    Team Member

    Thanks for the info and help. Next weekend I'm going to try again. I would like to point out that in at least some families the needs are very different from work teams. For example, families might share Netflix, Apple, Google, newspaper accounts, share between parents bank and financial info while maintaining separate accounts as well, and in general being far more enmeshed in each other's lives than Team members. So having a main vault and smaller separate vaults is backwards to Teams which need large personal vaults and smaller shared ones.

    @johnbeaty: I'm not sure I understand the distinction you're making here. You can make any vault as "big" or "small" as you want, depending how many (and which) items you choose to store there. For example, if a family wants to store almost everything (apart from particular personal items) in the Shared vault (or another vault expressly for sharing between specific family members), that's totally okay!

    This leads to interesting issues: Where do you store the shared vault, and how do you make sure that one person can't lock the others out? (like in a divorce) or erase items in a shared vault (like logins to school and supervised teenage things?)

    Compared to the divorce, this is easy! You can restrict access or remove a member entirely if needed. They will still have access to the data they already possess (after all, secrets cannot be unshared), but they'll be unable to delete family data — and you can then change passwords to accounts as needed, and they will not receive the changes.

    The other part is that my bank cannot open my safety deposit box without me: we need both keys. This is the situation prior to you having us the 2nd key: Without both keys, you have to drill out the lock, one party can't just open it. That's why it worked so well for your users to have you hold one key and us the other: if we lost ours, you could organize creating a new one. Now, we have to maintain that capability. And while I understand you not being willing to be the world's key escrow for both practical and legal reasons, it's difficult to wrap my head around not being able to get support if a disaster happens.

    I guess I'm not sure of the scenario you're envisioning. In your bank example, if you hold one key and the bank the other, you (similarly) won't be able to access your vault if you lose yours. And don't forget that (practically speaking) this is no different than how you've been using 1Password all along: we don't have your Master Password, so if you lose that you're out of luck.

    It isn't appropriate for AgileBits (or anyone) to stand between you and your data (since it isn't necessary) — and thus also become a possible target for someone else who wants your data. In the case of the bank, they have to physically exist in order for you to store valuables there. That just isn't the case with encryption and digital "goods". That means that you're in completely control of who can access it. However that also means that the responsibility rests on your shoulders for maintaining the "keys" to it as well.

This discussion has been closed.