Login into multiple vaults from locked.
I have 1password6. I have it set up so there is a separate vault for my staff to log into so they don't get access to my bank account or credit card but can access social media and other sites I use. Sometime this summer it stopped working.
It used to be they could hit apple 2 to get to their vault and login but now it requires my password to let them in. They are then logged into everything. Even if I set the vault to open to as the staff one it still asks for my password and unlocks everything instead of just asking for "staff vault" and unlocking that limited content.
thanks'
1Password Version: 6
Extension Version: Not Provided
OS Version: 10.11.6
Sync Type: dropbox
Comments
-
I'm sorry if there's been some confusion with the way in which 1Password works. You can't have different "profiles" of 1Password, you can't unlock just one vault. If you want to be able to do this what you need is to create a different user account on your Mac. You can then install 1Password in that other account and the vault will be completely independent. You can either keep the vault only in the other user account, or on both of them and sync it. :chuffed: I know this is just a work around, and we hope to someday be able to offer different profiles within the same user account on your Mac!
Please let us know if you try this and if it works for you well!
0 -
I do not understand. It used to work. I'd hit command 2 for a different vault. So i am confused to hear this isn't a thing. I used to use it all the time with my employee.
What is the idea behind different vaults then? I don't mean to be difficult I just don't get it. They have their own passwords. How does that fit?
Having separate accounts isnt really great since passwords wont update across accounts or am I wrong?
Is this a feature that was phased out?
0 -
I do not understand. It used to work. I'd hit command 2 for a different vault. So i am confused to hear this isn't a thing. I used to use it all the time with my employee. [...] Is this a feature that was phased out?
@Andrew_irritated: Ah, thanks for clarifying. I'm sorry for the confusion there! In fact, unlocking secondary vaults separately was a bug that we fixed back in January, since 1Password is designed to unlock the app with a single Master Password rather than more than one.
There are a lot of security implications there, not only for 1Password but also for the OS, since you're not just sharing a single app — you're sharing everything which is accessible from that user account. We're looking into ways of offering this sort of functionality in the future, but only if it can be done securely and in a way that's easy to use. However, regardless, it's always going to be more secure overall to use separate user accounts on a computer rather than sharing one.
What is the idea behind different vaults then? I don't mean to be difficult I just don't get it. They have their own passwords. How does that fit?
Separate vaults are useful for separating your own data — work, personal, etc. — so that individual vaults can be sync'd or not sync'd as desired, and can be excluded from search and the browser. For example, when I'm working, I don't need my personal vaults' items getting in the way. And you can also create separate vaults to sync with another person using Dropbox, without having to sync the rest of your data with them.
Having separate accounts isnt really great since passwords wont update across accounts or am I wrong?
Vaults can be shared between 1Password Accounts, so that all of the items inside will be the same for each person who has access to it: any changes one person makes to that data will be seen by the others.
I hope this helps. Let me know if you have any other questions! :)
0 -
Totally helpful and clarifying. Thanks.
0 -
On behalf of Brenty, you're very welcome! If there's anything else that we can help you with, we're here for you :chuffed:
0 -
Thanks. So to make sure I get it. Am I right that I'd need to create a whole separate account on my mac but also buy the teams package or a second license? That even if I switch to a teams dubscription it won't let me do what I am looking for? That is have two different levels of access on 1 computer?
0 -
@Andrew_irritated: It sounds like we're on the same page, but just to be clear, there are a few things the word "account" may be referring to in this context:
- macOS user account: You login to one of these when you startup your Mac or wake it from sleep. This is what I mean by creating a separate user account. 1Password is a single user app. Each user account on the Mac can have their own data in the app. This can be completely their own and/or they can share a vault with others (through Dropbox or 1Password.com).
- 1Password Account: These are used only if you subscribe to one of the 1Password.com services. And each person in a team will have their own 1Password Account, choose their own Master Password, and have their own Personal vault (along with any other vaults they have shared with them).
You can have two (or more) 1Password setups on any Mac with different vaults, etc. in 1Password for Mac, but again, these would be in separate macOS user accounts. Otherwise all of the data (documents, pictures, music, browser settings, etc.) within a single macOS user account is accessible to anyone on that Mac with the login credentials.
Fast User Switching is a great feature that's been in macOS for years (for at least a decade, while it was called OS X!) which is great for convenience and security. For example, if one user accidentally damages or infects their own user account, it will not spread to the others! Mutple users can remain logged in so that switching between them is quick and easy, yet they are each secured with their own password, and only they have permission to access their data.
And finally, subscribing to the 1Password.com service will not change the fundamental nature of macOS security or the way that 1Password is designed to work (as a single-user app). Additionally, 1Password is licensed per user, not per-device, so using a single macOS user account doesn't affect how many licenses (or 1Password Accounts) are needed; it only negatively impacts the security of everyone sharing that macOS user account.
There are a few different, rather complex topics all intertwined here, so I hope I've done it justice. Don't hesitate to ask any other questions you might have, if there's something that seems confusing or unclear still. That's completely understandable, given the circumstances. And security is important enough not to say "close enough" if doubt remains. :sunglasses:
0 -
Thanks. I do understand. The challenge is currently everything is in in one Mac OS user account. Every file that is used for promo, the online store, and so on. So creating another Mac OS account isn't as straight forward as just flipping a switch. It is years of files in various places. I'll have to look into it more but that isn't a 1password problem it's a legacy file structure issue on my end.
Anyway we can reinstitute that error? Lol.
Thanks again.
0 -
@Andrew_irritated: Ah, I understand. It can definitely be a an undertaking to organize files from multiple people if they're all in the same user account already.
That said, you can certainly use 1Password 5 if you prefer the previous behaviour. It isn't something I'd recommend since you wouldn't benefit from all the improvements we've made since last year, but it's up to you. We're also looking into ways to make 1Password more flexible in the future, but that's more a long-term goal so I don't want to get your hopes up for the near future. I would, however, love to hear more about your workflow so we can keep different use cases in mind as we develop future versions of 1Password. :)
0 -
I'd be happy to share my workflow with you. I run a store taht sells spiritual stuff.
I have an iPad AIr and iPhone that only I use. I also have a Mac Mini and old iPad that myself and my staff use at my store.
I do a lot of work on my iPad AIr. I do my banking, writing, making art, and editing video here. It is always around so I also do a lot of my email and so on here.
On the Mac Mini I do my accounting, recording podcasts and design promotional stuff. My staff also handles maintaining the web store, social media, and processing online orders through paypal and so on.
On the old iPad we run the point of sale. It is a second generation ipad min so pretty slow for anything else.
Currently my staff is one person I trust a lot but as time goes on it will grow. I want them to be able to get on to FB and so on. I don't want them accessing my credit cards or banking info. Any prospect of an extra lockdown area within the vault? As I said the login in to specific vaults was wonderful for this.
0 -
@Andrew_irritated: Thank you so much for sharing that! Indeed I can see how having 1Password support a kind of "multi user" mode would be really helpful in that situation. It's something we've been discussing, and it really helps to have a real-world scenario like that to keep in mind as we do so — especially since that's an experience that is well outside of our expertise in most cases. If it's important enough to your workflow right now and you trust your employee enough to have access to the same user account on your Mac, you can use 1Password 5 instead. Hopefully we'll be able to come up with secure, easy to use multi-user support to add to 1Password in the future. Thanks again for all of your feedback on this!
0 -
Thanks Brenty. I really like what you all are doing.
0 -
That means a lot, Andrew. Thanks for your support. We couldn't do what we do without it. :chuffed:
0
