Multiple personal vaults

24

Comments

  • BenBen AWS Team

    Team Member

    @darrenNZ

    Normally I’d agree, but it sounds like @xeyr wants to be able to use Travel Mode with these items, which requires a separate vault. There isn’t a solution for this at present.

    Ben

  • brentybrenty

    Team Member

    @xeyr: Indeed, while we can certainly consider making it possible to create more Personal/Private vaults, tags are something you can use today to better organize things, and also if you're the only family Organizer, creating additional vaults which only you have access to is easy to do as well. In general though more Personal/Private vaults may be something we can do in the future, but I'm not sure that more vaults is necessarily the answer. I think there's a lot we can do to make tags more powerful and also make it easier to find things in general. Cheers! :)

  • xeyrxeyr Junior Member

    @darrenNZ @Ben @brenty Thanks for the replies. I am already using tags to organise some of these things, but that does limit some of the other features (especially Travel Mode). It's not a deal-breaker (obviously), but having the ability to flick Travel Mode by tag, or even exclude some tags from most views (as you can do with a Vault that's not in All Vaults) would solve the use-cases I have for additional private vaults.

  • brentybrenty

    Team Member

    @xeyr: Travel Mode is a great example. I'm not sure it would be feasible to do it by tag since vaults are encrypted together, but it's an interesting idea. It definitely helps to hear about your use case! :)

  • btownguybtownguy Junior Member

    Just adding my vote for having the ability to have multiple personal vaults when using 1Password for Families. I would very much like to keep all of my work stuff in a separate vault for work that I could dispose of easily (or "archive") in the future when changing employers.

  • brentybrenty

    Team Member
    edited January 2018

    @btownguy: Can you explain what the difference would be between another default Personal/Private vault and another vault you create yourself to use for your work stuff for your use case? Other than the fact that you'd later be able to delete a vault you create if you wish, I'm not sure what the practical difference would be. Or you could use your existing Personal/Private vault for work stuff, and then put your other stuff in another you create.

  • btownguybtownguy Junior Member

    @brenty, my understanding is that the only way for me to have a second personal vault with 1Password for Families is to just create a new Family vault but not grant permission to anyone else in the family. This would be okay except that if I grant someone else Family Organizer rights, they would then have access to my second personal vault. At least that's the way I'm understanding things.

  • @btownguy -- I believe that your understanding is correct. The question AgileBits is going to ask you is why you are worried about someone in your family seeing what's in the non-private second vault. Or, rather, do enough customers need that feature to make adding the functionality worth their while. (Some functionality additions do not require just writing the new code to add some feature, but redesigning the way they store the data and ownership information. Which means ... rewriting a LOT of code.)

    Thanks for chiming in. We'll see what happens.

  • btownguybtownguy Junior Member

    Ah, I see. My desire is to have multiple personal/private vaults. Ideally a Personal vault and a Work vault, both 100% private.

  • LarsLars Junior Member

    Team Member

    @btownguy You're correct that making another person a Family Organizer would allow them to add themselves to any "work" vault you created and therefore see and use your "work" data; Family Organizers have equal power to one another in an account.

    However, @ILove1P is right to wonder what situation might arise where you'd need such a thing as a second vault that's completely off-limits even to another Family Organizer. For example, my wife is a Family Organizer on our joint 1Password Families account, and although she can't see my AgileBits ("work") items because they're part of the AgileBits 1Password Teams account of which I'm a member and she is not, there isn't anything that's part of our own family account I wouldn't trust her with.

    If you (or anyone) doesn't want another Family Organizer to even have the possibility of being able to see/use/tamper with your work items, keep them in your Private vault where no one but you can see/use the contents.

    Even there, though, it's worth pointing out that since I promoted my wife to Family Organizer (so both of us can recover other family members' accounts if necessary), she now has the power to completely delete my own account. That means that even though my wife cannot view the contents of my Private vault, she could certainly delete me (and all my data) if she so chose. I bring this up to point out that there's a certain amount of human trust that needs to go into a 1Password Families account, just like there is an actual family. :)

    If you've got a mandate from your employer regarding specific policies for treatment of their data, you might either want to see if they would like to sign up for a 1Password Teams account where they could guarantee secrecy and integrity of important company data, or if that's not an option, I would suggest you open an Individual 1Password account. With either of these options, you can add the new account right into your 1Password application so it will be visible/usable alongside your 1Password Families data but none of your family members will have any visibility into nor control over the data.

  • @Lars -- Do not misjudge my sentiment -- I, too, want the ability to have multiple completely private accounts within the framework of a 1Password Family plan. My ex-wife is the other Family Organizer in my situation. She and I are on reasonably good terms, because we have two children (9 & 14) to parent. For years to come. Tags are great, but they have disadvantages when compared to separate vaults. I had not thought about her power to straight-out delete my data. Partly because I assumed there were backups.

    But, stepping back, y'all need to realize that to the customers, having multiple private vaults doesn't seem that hard to implement. Some bit for each vault data structure that says that it is private or it's not. A few bytes max if you need to store a username in Unicode. And it fits into the wisdom which has been known for centuries -- the only way to have a chance at keeping something confidential is to share it only with those who absolutely need to know it. As a starting point for basic standard procedures.

  • BenBen AWS Team

    Team Member

    But, stepping back, y'all need to realize that to the customers, having multiple private vaults doesn't seem that hard to implement.

    Sure; but impression does not dictate reality, and difficulty of doing so is almost never the only factor in whether a particular thing should / will be done.

    I had not thought about her power to straight-out delete my data.

    This certainly is a point that we’d like to try and address in some way. Certainly if deleting the only copy of someone else’s data is possible we’d like all parties to be aware of that, but it is also worth considering whether that should even be possible. We don’t have all the answers here yet, but it is something we’re brainstorming on.

    It is obvious there are improvements that can be made in this area and further discussion internally is required. :)

    Ben

  • @Ben Thanks for listening. I'm sorry that I didn't take the time to read the previous comments where the structure of vault data structures was discussed. I couldn't remember whether that was involved in this issue or some other one.

  • LarsLars Junior Member

    Team Member

    @ILove1P - thanks for the clarification. In addition to ben's comments, it's worth reiterating that for the present, you CAN create additional private vaults where you are the only person with access to them. It's just that if anyone else is a Family Organizer, they have the ability to add themselves to the vault if they desire, so they could access your data even if you did not wish them to.

    For the present, if you must have more than one vault (besides "Private") that nobody can access but yourself, your choices would be:

    1. Set up a second, individual 1password.com account for only yourself. Then every vault is "Private," for all intents and purposes.
    2. Visit 1Password > Preferences > Advanced and check the box marked "allow creation of vaults outside of 1Password accounts," which will give you the ability to create local vaults which would then need to be synced via one of our advanced sync methods such as Dropbox or WLAN.

    Until such time as we can figure out a secure way to implement relatively simple creation of multiple "Private" vaults for users within a 1Password Families account, these are going to be your best options.

  • netnamenetname
    edited March 2018

    Also voting for having multiple personal vaults.

    tags are something you can use today to better organize things

    Can you explain what the difference would be between another default Personal/Private vault and another vault you create yourself to use for your work stuff for your use case?

    @brenty As your colleagues have stated, any vault that you create yourself can have their access modified by any organizer and view the contents of said vault themselves. @Lars explains this very well in the post above.

    The 1Password team seems to be blowing off their users about this feature, which doesn't make sense because being able to create vaults was a huge selling point and feature for individual accounts that the 1Password team was advertising. Especially since Travel For Work mode can only be done through separate vaults (and not tags), this is frustrating.

    If the 1Password team doesn't feel like multiple personal vaults is a useful feature versus tags, then you might as well remove the ability for individual subscriber plan. Family plan feels like a downgrade.

  • LarsLars Junior Member

    Team Member

    @netname

    If the 1Password team doesn't feel like multiple personal vaults is a useful feature versus tags, then you might as well remove the ability for individual subscriber plan...

    I think there might be a bit of a misconception here. It's not that we created this feature and gave it to individual accounts, but for unknown reasons simply won't give it to 1Password Families accounts. That's not the case. The reason there are "multiple personal vaults" in individual accounts is because ALL vaults in an individual account are "personal" by definition, in the sense that they can't be shared with, viewed by or altered by others (unless you explicitly give someone else your Master Password and Secret Key). But it's not a special category of vault named Additional Personal Vaults within individual accounts, it's simply the ability to add new vaults...which is exactly the same ability that exists in 1Password Families accounts as well.

    In 1Password Families accounts, any Family Organizer can create new vaults also...and if they invite no one else but themselves to that vault, it would approximate the privileges of what goes on in an Individual account. The difference is that because of the shared nature of 1Password Families accounts, any other family organizer would have the ability - if they chose - to add themselves to this additional vault. We created 1Password Families accounts for, well, families. Groups of people who typically live together and presumably have some level of mutual trust between them. They have a Shared vault by default because we made some assumptions about how such small groups will function. They'll probably want to share some data; that's why they have a combined account instead of paying for four or five individual ones.

    In a 1Password Families account, data you want to keep Private can be put in your Private vault, and no one else can view/use/change it...but even then, the Family Organizer (if that is not you) could delete your entire account if they so chose. You definitely do need to have a level of trust in your own family members, at least enough that they won't be arbitrarily removing your access to your data or adding themselves to vaults you would like to keep private. If you need the absolute guarantee that you and only you have the ability to view/change/use your data, I recommend a personal account. Or a personal account in addition to your 1Password Families account. Or keeping yourself as the only Family Organizer on the 1Password Families account (though that runs its own risks; if you forget your Master Password or lose your Secret Key, the entire family is affected). Or - as I mentioned in an earlier reply - use your 1Password Families account but create additional local vaults which are not part of the family. Or convert your 1Password Families account into a 1Password Teams account in which you can grant recovery access to someone else (a wife or husband) but not grant them any additional admin rights.

    The 1Password team seems to be blowing off their users about this feature...

    No. Saying no to a feature request isn't "blowing (the requester(s) off." We're doing what we always do when new feature requests are made: we're assessing how many users want this feature, how many users would it affect, how difficult would it be to implement and how many developer-cycles it would consume, what other priorities and user requests would be abandoned or delayed if we worked on this, etc. We appreciate you taking your time to post your thoughts and wishes about this topic here -- and like (nearly) always, I won't slam the door completely on future possibilities.

  • CartmanCartman
    edited March 2018

    Just adding another vote for multiple personal/private vaults.

    We are in the process of deploying 1Password teams company wide and one of our executives would like to keep his personal company passwords and individual personal passwords in separate vaults without anyone else having access to them.

    Our desktop support staff accommodated his request by creating a new "private" vault but it is really not. We took off "administrators" being able to view/manage it but the top "owner" account can still provide access to it.

    I personally accomplish something similar (having separate personal vaults for company/personal) with two subscriptions (one work and one personal) but that is not ideal for everyone due to the added expense, training and setup.

    Edit: Whoops, just noticed this thread is in "Families" and not "Teams" since I found it using search. Think the concept is the same though. I don't know as I have no experience with "Family" accounts.

  • brentybrenty

    Team Member

    Just adding another vote for multiple personal/private vaults.

    @Cartman: Thank you for letting us know!

    We are in the process of deploying 1Password teams company wide and one of our executives would like to keep his personal company passwords and individual personal passwords in separate vaults without anyone else having access to them.

    Gotcha. That makes sense.

    Our desktop support staff accommodated his request by creating a new "private" vault but it is really not. We took off "administrators" being able to view/manage it but the top "owner" account can still provide access to it.

    Indeed, that isn't ideal for the use case.

    I personally accomplish something similar (having separate personal vaults for company/personal) with two subscriptions (one work and one personal) but that is not ideal for everyone due to the added expense, training and setup.

    Honestly, I have to disagree about the training and setup. Once you know how to use one 1Password.com account, you know how to use them all. But you're totally right that it's an added expense. I think in many cases there's a really good argument to be made to do what you're doing though, since you do not have to worry about your personal account being deleted if you leave the company, but we'll see what we can do.

    Edit: Whoops, just noticed this thread is in "Families" and not "Teams" since I found it using search. Think the concept is the same though. I don't know as I have no experience with "Family" accounts.

    No worries. I can't promise anything at this point, but it's likely that if we do something like this it would work for either one. And it's helpful to have this feedback all in one place. Cheers! :)

  • Hi!
    Came here to add another vote to the multiple personal vaults.

    I'm comming from Enpass and in the 30 days trial period of 1password. I'm loving it so far, but this one thing hit me in the face.
    I won't go into the reasons why it would be nice no have more than one personal private vault, since it has been broadly discussed here, but instead I will ask a different question:
    How does creating a vault that any organizer can add himself to make sense? I just can't find a reason for it.
    The fact that any organizer can add himself to any vault defies the very purpose of the permission system!

    Maybe I'm missing some use case here, but as I see it, it's a very demanded feature by the users, and I think it would be wise of you hearing us. I understan how difficult it can be to impplement (I'm a developer myself), but as you can see, it's important to us.

    Other than that, I really like 1password, and I'm hoping you can address this issue so we're all 100% happy with it :)
    Keep it up!

  • brentybrenty

    Team Member

    Came here to add another vote to the multiple personal vaults.

    @mattogodoy: Thanks for giving 1Password a try, and for your feedback on this!

    I won't go into the reasons why it would be nice no have more than one personal private vault, since it has been broadly discussed here, but instead I will ask a different question:
    How does creating a vault that any organizer can add himself to make sense? I just can't find a reason for it. The fact that any organizer can add himself to any vault defies the very purpose of the permission system!

    One word: sharing. That's the primary reason most people use 1Password Families (or Teams, or Business) in the first place, after all. Otherwise we'd all have individual memberships and this becomes no longer an issue! But certainly not everyone uses (or wants to use) 1Password the same way, so we'll continue to evaluate things.

    Maybe I'm missing some use case here, but as I see it, it's a very demanded feature by the users, and I think it would be wise of you hearing us. I understan how difficult it can be to impplement (I'm a developer myself), but as you can see, it's important to us.

    It's not nearly as "demanded" as many other features, but we're listening. So it's good to hear from folks like you about how you'd like 1Password changed to better suit your preferences.

    Other than that, I really like 1password, and I'm hoping you can address this issue so we're all 100% happy with it :) Keep it up!

    Thanks so much for the kind words. I can't make any promises on this count, but we'll keep working to improve 1Password in as many ways as we can to benefit all users. Cheers! :)

  • I've added my vote to this feature right after the family plan got released and I'll happily add it again. It's not that I don't trust my family, it's that I'd feel a lot more secure and organised if I could add my work and non-profit organisation related stuff in a separate vault that isn't shared with any other family organiser.

    The main reason is: my work or my organisation doesn't offer a 1 password for teams account. So I'm stuck with all passwords in my own vault. I can definitely organise them using tags, but I loved the ability to switch vaults back when I was still using a personal account (ah the good old days of paying 45 dollars and syncing through dropbox). I loved switching because at any point I'd be working for my actual work or for my non-profit. I like having everything in context of what I am doing. So if I am doing stuff for my non-profit, I'd switch vaults because I need those passwords at that point.

    Just my two cents :). Keep up the great work, I just installed 1P7 and I absolutely love it.

  • LarsLars Junior Member

    Team Member

    @Murkrage - thanks for the kind words about 1Password! :)

    If your goal is to have work/non-profit vaults that are not viewable/editable (even potentially) by other family members, then yeah, that's not possible in 1Password Families right now, for reasons already discussed. If all you're looking for is the option to keep things in separate vaults, that's actually quite easy to do in 1Password Families: assuming you're a Family Organizer with the ability to create and manage vaults, all you need to is create the new vaults and add only yourself to them. These vaults become effectively secondary (or tertiary, etc) Personal vaults. They are accessible only by you. The ONLY difference between them and your actual Personal vault is that if you have any other Family Organizers, they theoretically could add themselves to these additional vaults (or even remove you from them, or add others, or delete the vaults). For that matter, someone else in your family with Family Organizer privileges on the account could even delete your account at any time.

    That's where the trust model of 1Password Families comes in. 1Password Families occupies a bit of a unique niche in our current membership offerings, and it's likely to remain that way, for a few reasons. The uniqueness comes from the fact that if you have an Individual account, you're everything: Owner, Admin, (the only) member, CEO, dishwasher, everything. There's no one else to trust or distrust because it's just you. And if you belong to a 1Password Teams or 1Password Business account through your work, then you don't (or shouldn't) have an expectation of privacy or being able to do whatever you want...because the company/boss is paying for it, and someone besides you is the Owner/Admin. It's just the same as how there's no expectation of privacy with your company email address, etc.

    But 1Password Families is the only one of our current lineup that is designed for multiple persons (a family, specifically) where other people with Family Organizer privileges could, theoretically, spy on you or mess with your settings. They could even delete your account, if they wished. That's part of the unique trust situation of a family, both in real life and in 1Password. We designed 1Password Families aiming specifically and exclusively at family units among whom there IS a level of trust that your wife or brother or kids won't mess with you in that kind of way. I've had to tell people previously that if they do not trust their family members NOT to spy/mess with their setups, or if their job or other 1Password items are SO high-value that even the remote possibility that such a thing COULD happen is a no-go, then they really need to be using an individual account instead of risking their data in a 1Password Families setup.

  • billjbillj Junior Member

    @Lars - thank you for the thoughtful explanation about 1Password Families in your reply to @Murkrage.

    Sounds like it would not be inaccurate to call 1Password Families "a subscription plan for a group of up to five members in which all members completely trust one another."

    But back to the topic of multiple personal vaults.

    First, I'd like to confirm that I understand multiple vaults correctly. 1Password 6 for Mac--at least the "standalone" version--lets me create additional vaults. Will 1Password 7 for Mac--the individual one-time purchase AND the individual/family subscriptions--also let me create additional vaults?

    Second, the "standalone" version of 1Password 6 for Mac lets me sync my primary vault via iCloud, then create a second vault and "share" that with another user of "standalone" 1Password via Dropbox. Can I do the same thing with the "standalone" version of 1Password 7?

    Third (and a bit of a stretch from the discussion topic), will the "standalone" version of 1Password 7 (and, for that matter, a personal/family subscription) let me access my own primary vault PLUS a vault created under 1Password Teams or Business?

  • I think it would be a great solution to balance family and work team.
    (Cause it satisfy the most possible situation for people.)

  • brentybrenty

    Team Member

    Sounds like it would not be inaccurate to call 1Password Families "a subscription plan for a group of up to five members in which all members completely trust one another."

    @billj: Good description, but a terrible name for a product! :lol: :+1:

    But back to the topic of multiple personal vaults.
    First, I'd like to confirm that I understand multiple vaults correctly. 1Password 6 for Mac--at least the "standalone" version--lets me create additional vaults. Will 1Password 7 for Mac--the individual one-time purchase AND the individual/family subscriptions--also let me create additional vaults?

    Yes.

    Second, the "standalone" version of 1Password 6 for Mac lets me sync my primary vault via iCloud, then create a second vault and "share" that with another user of "standalone" 1Password via Dropbox. Can I do the same thing with the "standalone" version of 1Password 7?

    Yes.

    Third (and a bit of a stretch from the discussion topic), will the "standalone" version of 1Password 7 (and, for that matter, a personal/family subscription) let me access my own primary vault PLUS a vault created under 1Password Teams or Business?

    Yes.

    Just to clarify, there are not different "standalone" and "subscription" versions of 1Password. These are just different purchase options; the app is the same.

  • brentybrenty

    Team Member

    @andrehuang: Thanks for weighing in! :)

  • I started using an “Archive” vault for old passwords and still don’t want family members to see items in there, so a +1 from me for allowing multiple personal vaults.

  • brentybrenty

    Team Member

    @XIII: Good point! Thanks for sharing your use case. :)

    ref: b5-2500

  • +1 for this feature (for Teams/Business mainly!!) - as a Business admin I can see why it's nice that an "owner" account can take control of an orphaned Vault...but the limit of 1 truly private vault seems a bit abritrary to me, and is definitely limiting...

    For the time being I'll have to create a personal account as well and manage both...

  • brentybrenty

    Team Member

    Indeed, there are good arguments for both what you're requesting and how it already works (which was due to feedback from other business customers). We'll see if we can better accommodate different use cases in the future.

    But, to be clear, in most circumstances it's best to have a separate account for personal stuff anyway. What if you leave the company, voluntarily or not? Keeping your personal data there is a bad idea unless you're really the one in charge of everything, and that's not going to be the case for most people. We can't all be the president/CEO/etc. :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file