Configuring Vault Location for Access by Multiple Local User Accounts

Hi,

I’ve just updated my workstation to Win 10 Prox64 (clean install). I have several user accounts – 3 standard and 1 administrator.

I use all 4 user accounts and want to access the same set of 1Password vaults from each of them.

I prefer storing my data locally on the PC instead of going with the cloud option of DropBox. That being said, I also don't want to duplicate my vaults x 4 in each of the user account document folders and manage them manually either.

So, I’m considering the following solution.

For each user account:

  1. In 1Password Preferences - General, I’ve set location of my 1Password Vault to C:\Users\Public\Documents\1Password\xyz.agilekeychain
  2. In 1Password Preferences - Backup, I’ve set location of Folder for Backup Copies to C:\Users\Public\Documents\1Password\Backups
  3. To lock it down further (although the local network already is behind a hardware firewall), I’ve set the Advanced Sharing Settings in the Network and Internet control panel to Public Folder Sharing=Off and Password Protected Sharing=On, which Windows says means only people with a user account and password on the local system have access to the Public folders.

Are there any file corruption or data synchronization issues created in 1Password vaults by using this configuration?

I’ve tested it since the OS install last weekend and 1Password has not crashed or thrown any error messages, but although I've checked a sampling of records within the vaults (which seem OK), I have no quick way of telling whether the entire vault file itself is normal.

I’m hoping this is feasible since this solution gives all of my local user accounts access to a single shared set of local vaults.

If this doesn't work, out of curiosity, would 1Password for Families address this use case (although the vaults would need to become cloud-based) when it's released for Windows?

Thanks!


1Password Version: 4.6.0.604
Extension Version: 4.5.5.90 Chrome
OS Version: Win 10 Pro x64
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    Are there any file corruption or data synchronization issues created in 1Password vaults by using this configuration?
    I’ve tested it since the OS install last weekend and 1Password has not crashed or thrown any error messages, but although I've checked a sampling of records within the vaults (which seem OK), I have no quick way of telling whether the entire vault file itself is normal.
    I’m hoping this is feasible since this solution gives all of my local user accounts access to a single shared set of local vaults.

    @dahanbn: dahanbn makes a good point. A regular folder accessible to each specific user account might be a good precaution. But in this case either will probably be fine provided we keep a few things in mind:

    • Backup your data regularly.
    • Make sure you don't end up with multiple user accounts trying to read and write the vault at once.
    • Look out for file permissions issues, which I've seen Windows 10 updates cause a lot of people.

    A solid backup strategy will give you an escape hatch if something goes wrong. And although there's no reason that something should go wrong, better to be prepared if it does. :sunglasses:

    If this doesn't work, out of curiosity, would 1Password for Families address this use case (although the vaults would need to become cloud-based) when it's released for Windows?

    1Password Families is built with the idea that you'll be accessing data and making changes in multiple places, so that would also help in your scenario. Whether you access your vaults through the 1Password apps or the 1Password Families web interface, each is updated in real time (provided you have an internet connection, and cached locally in the apps for offline use) from the server.

    And keep in mind that AgileBits never has access to your 1Password data. Your data is encrypted locally before it leaves your device, and the server only ever has the encrypted blob. Without the Account Key and Master Password it cannot be decrypted. When you setup your 1Password account, the Account Key is generated locally on your device, the Master Password is chosen by you, and neither are ever transmitted. Be sure to check out the security white paper for more details.

    I hope this helps. Be sure to let us know if you have any other questions! :)

  • @dahanbn Thanks, that's a great suggestion! I'm going to try that instead as it should be easier to manage permissions.

    @brenty Very helpful context, thanks! Seems like 1Password Families will solve my needs when it's released, looking forward to it.

    A few more questions...

    Backup your data regularly.

    Totally agree! Just want to ensure I'm not backing up damaged files to start with :chuffed: Sounds like the setup I described (or using dahanbn's suggestion) will not create a clear risk of damaging my vaults. That's great to hear.

    Make sure you don't end up with multiple user accounts trying to read and write the vault at once.

    Under what conditions would that happen?

    1. I'm logged in to a single user account. All other user accounts have been "Signed Out" in Windows.
    2. I'm logged in and actively using a single user account. However, one or more other user accounts have not formally "Signed Out" (and presumably therefore, the 1Password process remains active in the background?)

    Thanks!

  • MikeTMikeT Agile Samurai

    Team Member

    Hi @ArcTangent,

    Under what conditions would that happen?

    It doesn't often happen but there are situations where you can be signed into your account and someone else can remotely connect into their own account on the same computer to copy files or make changes.

    As long as you're careful to sign out first before switching accounts, you're all good to go.

    We just need to make sure you're aware that multiple access to the same folder can cause some issues.

  • Thanks for the clarification @MikeT

    I'll make sure to sign out first before switching accounts if I continue with this locally shared configuration.

    Or, to be on the conservative side, I might just switch back to using 1Password only with one of my accounts, and move the associated 1Password vaults and backups to inside that user folder. No local sharing in that case and therefore no risk.

  • LauraRLauraR

    Team Member

    Hi @ArcTangent - on behalf of both Mike and Brenty, you are very welcome. Please let us know if you have any further questions at any time.

This discussion has been closed.