Multiple / Shared Vaults - Fundamental problems
I've been using 1Password for years, and have recommended it to many people. I wish I could say the same about the Multiple Vaults / Shared Vault features. Unfortunately, the functionality isn't useful for average users, and only makes things more difficult. Here are the problems I'm finding, and suggestions for solving them.
ROOT ISSUE: Search doesn't work across multiple vaults. Neither does Cmd-/ password entry into a website, or password updating from within a website.
The inability to work seamlessly across multiple vaults is the root of all problems with multiple and shared vaults, because it means that as a user YOU must understand multiple vault functionality, you must know which vault is currently active at all times, and worst of all, you must keep a map in your head of which passwords are in which vaults.
If you fail at any of these mental gymnastics, you will be frustrated because you'll fail to retrieve passwords, or, worse, you'll screw up your vaults because you'll end up creating duplicate and outdated info in different vaults.
If you use Shared Vaults, you'll be in a worse situation, because the person you're sharing the vault with will either get data that is out of sync, or will update passwords and get YOU out of sync.
Ultimately, this means for me that shared vaults (and multiple vaults) are excellent in theory and completely useless in practice. With my spouse I end up sharing our account instead (i.e. we share one account login and 1 vault). With my kids, I give up and use encrypted Messages to send and receive passwords as needed.
EXPECTED FUNCTIONALITY - Here's how I'd suggest solving the problem.
Enable Search across all vaults by default, such that the search field notes "All Vaults" or "# Vaults" where now it shows "Primary Vault" or the name of a vault. This should work in the main app, in the mini app, and via Cmd-/
Search fields should remember (between launches of the app) whether they're searching a given vault or all vaults.
The search context (current vault vs all vaults) should be global, such that setting it in the main app sets it in the mini app, and vice versa.
As an advanced/optional security feature (if users need this), allow vaults to opt-out of the multi-vault search. I'd expect a modified icon on the fault to indicate vaults that were not searchable. This feature may not be necessary, given the search features listed above.
When a search results in a password to a site in the browser, the UI should show what vault that password is in
When you change a password on a website, and 1Password matches to its database, it should match and update across all vaults, not just the current vault. The updated password should be placed into the correct vault.
When a matching password is found, and 1Password offers to update a password from within a website, it should show the user which Vault that password is in.
When adding/saving a net new password, the user should be able to easily choose a vault (with the default being the current vault). I'd expect this to work in any situation where the user is adding a new password. I'd use Apple's Calendar app as an example for this.
USER BENEFIT:
With these changes, a user should be able to set up a Primary vault for their own use, secondary vaults as desired, and Shared Vaults for family/shared use. They should then be able to use all vaults seamlessly and simultaneously. An average user should generally not need to think much about multiple vaults (after setting them up) other than when adding new passwords, or when moving passwords between vaults.
Comments
-
0
-
I emphatically concur with foovius' complaints and well-thought-out suggestions. Multiple vaults are far too cumbersome to be useful unless you enable searching and form-filling across all vaults. In fact, I cannot conceive of why anyone with multiple vaults would want to limit search and form-filling to a single vault.
0 -
Hi guys,
Thanks for your feedback and suggestions!
We do plan to overhaul how multiple vaults work in the future for 1Password.
Enable Search across all vaults by default:
A unified view is something we’d like to do in the future, so you can see all of your items, each item showing which vault they’re in.
Search fields should remember (between launches of the app) whether they're searching a given vault or all vaults.
It’s not likely we’ll do this between restarts of the app but in the same session, we should be able to retain the search field if possible. There are performance and security reasons not to set the app to search all the time (for an example, every single item must be decrypted to search its content). The least amount of decrypted data we keep in memory, the better.
The search context (current vault vs all vaults) should be global, such that setting it in the main app sets it in the mini app, and vice versa.
and
As an advanced/optional security feature (if users need this), allow vaults to opt-out of the multi-vault search. I
A unified view would be optional.
When you change a password on a website, and 1Password matches to its database, it should match and update across all vaults, not just the current vault.
That won’t happen. For security reasons, we do not update your data between vaults, it must be explicitly done.
Suppose this scenario; one of your co-workers left the company but still has access to your work vault. He changes or delete data in the vault and it syncs to your data in all vaults? It gets worse when it wasn’t caught in time and it becomes too late to restore from backups.
Vaults are intentionally isolated for these reasons. It is not meant to sync data between vaults, only keep them separated and isolated.
When a matching password is found, and 1Password offers to update a password from within a website, it should show the user which Vault that password is in.
That’s something we’d like to do with the unified view, it would give you a list of your items from all vaults that exists that matches the site you’re on and the username. Once you select the item, it’ll only update that item.
When adding/saving a net new password, the user should be able to easily choose a vault (with the default being the current vault).
It already does when you click on the vault icon or press the keyboard shortcut:
CMD + Vault ID:
In fact, I cannot conceive of why anyone with multiple vaults would want to limit search and form-filling to a single vault.
A common situation is the split between personal and work accounts, especially if you need access to both vaults at different locations. When at work, you use your work vault only to limit your scope as you won’t use your personal data for any reasons at work. When you go home, you switch to your Home vault and won’t see any of your work data.
Multiple vaults as a concept is not to organize your data but to keep them separated without intermixing them.
0 -
a big +1 for an unified view over all vaults. When 'using' the stored logins in the browser, I don't need to care in which vault it is stored. The differentiations makes sense, when storing new items and when managing them in the main window. I'm happy to hear such a feature is under development.
0 -
Hi @tmb,
Thanks for your feedback about that! I'll be happy to add your vote to our open feature request for this.
Just to clarify, a feature for a unified vault view isn't necessarily under development right now. We have an open feature request for this, and there's been discussion about how it might work if it was added, but I don't know for sure if any actual coding has been done. Mike's post from December (above) included speculation on how it would likely work if implemented, but that doesn't mean it's currently under development. That doesn't mean we'll never add it (and as Mike said, it's something we'd like to do), it's just that we don't want to promise something if we're not 100% sure about if/when that will happen. But this is certainly a popular request, so hopefully we'll be able to do that in the future.
If you need anything else, just let us know! :)
ref: OPM-1840
0
