Seeking new setup approach for 2 Users, 1 Mac, multiple iOS devices, different iCloud and Apple ID's

Hi @jerbi,

Thanks for your support of 1Password! I'd be happy to help you get all synced up here.

So, your thoughts: Is single Vault syncing possible in our situation? Multiple Vaults preferred? Shared Vaults??

This is a tricky question, as it really comes down to personal preference. Personally, I love the multiple vaults feature and the ability to share just the relevant Logins with my husband without him having to sort through all of my social media accounts to find the info that he needs. :) However, if the two of you are happy sharing all of the things, than a single vault is just as valid a choice.

Now, you're right, iCloud sync is not going to be possible since you and your partner have individual iCloud accounts. However, Dropbox sync should work just fine. All we need to do is set up a shared folder between your Dropbox accounts:

• Simply log in to your Dropbox account
• Create a new folder (you can call it 1Password if this is all you're sharing, or something more general if you'd like to share more.)
• Right-click on this folder and select the 'Invite to folder' option
• Enter your partner's email address
• Have your partner confirm the invite and you'll be ready to share!

I can certainly provide you with some more detailed instructions on how to get the vaults set up on your system, but I'll need to know if you prefer the single or multiple vault route.

If you haven't already seen them, we've got some support articles that can help you through the set-up process:

• 1Password 4 for Mac
• 1Password 4 for iOS

But do let me know how I can help - we're here for you! :)

Hi @jerbi,

I'd be happy to answer your questions here.

What are the syncing options for a single vault (keeping in mind that sharing a single Dropbox, Apple ID and iCloud account are not an option)?

Since you are not sharing an AppleID, if you would like to share a single vault I recommend using a shared folder between your Dropbox accounts (as I mentioned above). I have several vaults syncing through shared folders in Dropbox, and it all works brilliantly.

My only concern with this route (not necessarily a deal breaker) would be the organization of our different logins for the same services etc.

It's true, if you're a little bit obsessive about organization (like I am), sharing a vault will require some thought. However, 1Password offers tags and smart folders (as well as ordinary folders) to help organize your data. You might want to set up "his and hers" folders or use tags to differentiate between Logins. Naming your Logins will be important for those sites that you each have separate accounts for (i.e.: Han's Facebook, Leia's Facebook, etc.) - you don't want to log in to your partner's account by accident!

Secondly, with respect to the multiple vaults option, do you foresee any conflict using 1password on the same mac? Would we always need to use separate OS X user accounts or could we use a single user account and just swap vaults as needed on-the-fly?

There are two ways you could set up multiple vaults to use 1Password on the same Mac:

• Separate primary vaults and a shared secondary vault, separate Mac user accounts: Unfortunately, this option does require that you maintain separate Mac user accounts. Each of you would have your own primary vault with your information organized just the way you like it, and a shared secondary vault could be synced through a shared folder in your individual Dropbox accounts and be available to you both with your shared Logins and information. Since your primary vaults are synced independently of each other, you would be able to use iCloud and your unique AppleIDs to sync your primary vault to your mobile devices.
• Two vaults on the same Mac account: with this situation, one of your vaults would have the 'primary' designation (by the design of 1Password), which means that unlocking this vault would also unlock the secondary vault. (Since you're ok with sharing information, this may not be a huge issue.) 1Password will default to prompting for the Master Password of the primary vault when locked, but you can very easily change to a secondary vault if you would like to unlock it directly by using the File > Switch to Vault menu, or the ⌘'#' shortcut (where # is the number of the secondary vault.)

I'd rather set-up correctly from the get go in order to avoid possible pitfalls at a a later date. At the end of the day we're seeking the most elegant and "fault free" solution to security for our digital mess!

I definitely think you have the right idea here in planning things out before diving in - I hope my answers are helping you come to a decision about what's best for you. I know there's a lot of information here, so ask away if you need any more clarification!

Hi @jerbi,

You have been reading the forum very thoroughly! I'm sorry that I missed your link to @sjk's post earlier. (I think I may have been composing my reply while you made you second post.)

I wonder, is he saying that multiple users (in our case 2 users) should not use the same primary vault?

The problem with sharing primary vaults lies in the fact that Secrets can't be unshared. Additionally, because the primary vault cannot be easily deleted, if you did want to change your setup later, it could be a bit more complicated.

Generally, the advisable procedure would be to keep each of your primary vaults for your personal information, and then share a secondary vault with all your shared information. This is how 1Password was designed to work with multiple vaults. Many users prefer alternative options though, so I wanted to make you aware of other ways you could do this - I apologize if I have confused you!

1) Do I understand correctly that our primary vaults would iCloud sync to our respective iCloud account, but the shared secondary vault would sync via the shared folder in both of our Dropbox accounts?

That is one option. You could also sync all vaults via Dropbox, just to simplify things.

2) I assume this would mean that in order to view the any primary vault you would then have to be logged into the respective Mac user account? If so, in a pinch, would it be possible utilize "fast user switching" on the mac should one of us need to access a login from the other primary vault whilst working on the Mac?

You are correct. :)

1) In this case are you saying 2 separate 1password4 users, sharing 1 Mac account, also sharing 1 primary and 1 secondary vault?

Yes.

2) In this case, syncing both the primary AND secondary vaults would be sync'd via the dropbox shared folder?

Yes. The primary vault would have the option of being synced via iCloud, but it could only be synced to one of your AppleIDs. (Dropbox is really just a more flexible option here.)

3) Would both the primary and secondary vaults be accessible on either Mac user account and all respective iOS devices regardless of owner?

Since vaults are synced individually, you would need to add both vaults to the second user account on your Mac, but yes. You can decide whether you want both vaults to be synced to your iOS devices, or you could sync only your vault.

Hi @jerbi,

Adding secondary vaults is as simple as clicking on the 'vaultname'.agilekeychain file in Dropbox. :)

And yes, once the vaults are added to the other user account, everything will sync back and forth.

Hi @jerbi,

I'm glad to hear that we're getting closer to a solution here! Future-proofing the unknown is always a fascinating endeavour, isn't it?

1) Other than the fact that "secrets can't be unshared", in practice is it possible if the shared vault actually holds the bulk of our logins/passwords?

That is a completely valid use case.

2) Is it possible to periodically make a backup of the keychain that is not stored in the cloud (on a home device for example)?

I'm glad to hear that you are thinking about backing up your important data - most people don't worry about it until they experience a computer crash! Luckily 1Password has you covered: it will automatically make backups on a daily basis. This is done to a default location which cannot be changed.

• For 1Password 4 for Mac from the Mac App Store that location is: ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Backups
• And for 1Password 4 for Mac from our webstore: ~/Library/Application Support/1Password 4/Backups

If you have a backup solution in place like Time Machine, just ensure that this folder is included in the files that are backed up. If you would like to copy these backups to the cloud as well, you can certainly do so.

Dropbox also offers the equivalent of an offsite backup, as your keychain will be stored not only on your computer, but in the cloud.

3) I assume not, but would there be any mac conflict if we were both to use the exact same Master Password for our respective primary vaults?

There will not be any conflict on your Macs if you use the same Master Password for your primary vaults. While you're thinking about what to use though, have a read through this blog post: Towards Better Master Passwords. It gives you some great tips on how to create strong passwords that are both easy to remember, and type!

I hope you have a fun weekend getting everything set up. Our Support Articles will guide you through the process, but we're here for you if you have any further questions!

Hi @jerbi,

Now that you've settled on using a single shared Primary vault between you and your partner (if I understand correctly; no secondary vaults, yet), there are different ways you can go about managing the items in it. Let's use this simple six-item vault, shared between Johnny and Wendy, as a "tag-based" example:

The two items belonging specifically to Johnny have been tagged with Johnny, and Wendy's two items with Wendy.

Names have been appended to the titles of the two Login items for Gmail so they can be easily differentiated, e.g. when choosing one for filling while the Google/Gmail sign in page is open in the web browser, where both are matched/displayed like this in 1Password mini:

The single Login item for Amazon belonging to Wendy, with the Wendy tag, doesn't have a name appended to its title. If Johnny added an Amazon Login item later, he'd probably want to add the Johnny tag and use a title that differentiates it from Wendy's Amazon item.

Tagged items can also be displayed (and selected) in 1Password mini, e.g.:

Untagged items might be presumed as shared between Johnny and Wendy without belonging to either of them, like the Secure Note ("Apple Store Information") and Bank Account ("Checking Account") items in this example. Creating an Untagged Smart Folder makes it easier to locate them, both in the main application (where Show Search Options has been temporarily selected so you can see the details):

… and in 1Password mini:

A combination of unique titles, tags, and smart folders is one way to keep track of which items are whose and which to use when. And regular folders could be using instead of, or in addition to, tagging items. I'd personally use tags for something like this.

That's the basic idea. Perhaps you and your partner might each later want to create and use unshared secondary vaults in your 1Password databases, e.g. to separate out personal items. You can be more flexible depending on your current and intended vault content/usage. :)

If you have more questions about this or anything else please don't hesitate to ask!