Vault strategy and sharing

I have a family licence and uncomplicated requirement. I want my wife and I to both have our own vaults (each synced with all our other own devices) and a shared vault that is then synced with all devices. In this way we could both access our own data and the shared data on all of our devices.

To do this with e.g. email we each have our own iCloud account and we share a third iCloud account for everything we want to, er, share. Email, Contacts, Calendars, Notes etc all work perfectly with this setup. But how to achieve the same thing with 1Password?

I realise that a Family subscription would provide this, but for just the 2 of us, it's way over-priced. Make it $2/month and I might be convinced, but overall, I'm not a fan of subscription based services. Anyway...

Looking at all the syncing options, it's hard to see how to do what we need. WLAN won't work with multiple Macs, Local folder is not recommended when it's on a network share, iCloud can only sync a single (Primary) vault and Dropbox, although it has worked for me so far, there are security implications (not too concerned about that though) and I don't really want the shared vault in my Dropbox and currently my wife doesn't use Dropbox anyway.

I guess the personal vaults are easy to deal with, but it's the shared vault that's the issue. Would it be possible to use a combination of methods? I have a Mac server that's on all the time (running OSX Server for DHCP, DNS etc so it HAS to be on). Could I set that up as a WLAN server and share the vault to the iOS devices, but store the vault on a network shared volume that the Macs could see and use to sync to as a Local folder? How would that work?

One issue I foresee is that either of those sharing methodologies means the data remains on the local LAN. What happens when we leave the house? I'm assuming that 1Password on iOS keeps and uses a local copy of the vault, but that would then need to sync when next on the local LAN? So while away, any edits made by either of us would not be visible to the other - until the return home and they both sync. But what if changes were made by both of us to the same item? How would 1Password detect and resolve the clash?

I have to say that I prefer the idea of Cloud based storage so the vault would always be in sync (as long as a connection was available, i.e. WiFi or cellular).

So, can anyone suggest a good route to achieve what I'm after?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @UKenGB: You can accomplish this with either Dropbox or 1Password.com.

    With Dropbox, you'll each have to sync your own vaults between your devices using Dropbox. This needs to be configured per vault on each device. Then you'll have to create another vault and share it using Dropbox, using either a shared Dropbox account or between separate ones. Each vault has its own Master Password, so you'll need to each know the one to the shared vault. And make sure you backup your data in case one of you accidentally merges multiple vaults.

    With 1Password.com, you'll each have your own account and Master Password, a Private vault of your own, and a Shared vault. There is nothing to configure unless you want to share additional vaults. You each just sign into your account to access your data.

    I hope this helps. Be sure to let me know if you have any other questions! :)

  • So, I set up another Dropbox account for shared use as I don't want to use my own Dropbox account for this. So Dropbox on my Mac is MY Dropbox account. This new shared one is separate, but I can access it from a different login on this Mac or other.

    I then created the new vault and tried to sync it using Dropbox. But, as I'm sure you can see where this is heading, I am unable to specify the Dropbox account to use as 1Password wants me to simply find the local Dropbox folder which of course is only for MY Dropbox account. How can I specify I want to use a different Dropbox account to sync?

    It just seems I'm stumped either way. I want to use a SHARED cloud/remote account, i.e. iCloud or Dropbox, but 1Password won't allow this for any account that is not the main one being used where one is attempting to set this up. Maybe I'm wrong, in which case please enlighten me and explain how I can sync a vault using iCloud or Dropbox that is NOT the main one being used where 1Password is running.

  • Drew_AGDrew_AG 1Password Alumni

    Hi @UKenGB,

    I'm afraid the problem you're running into is a limitation of Dropbox, because the Dropbox app only allows you to be signed into a single Dropbox account. The 1Password app simply writes data to the local Dropbox folder on your Mac, and the Dropbox app is responsible for syncing that data to/from the Dropbox servers. In order for 1Password to sync each vault to a separate Dropbox account, the Dropbox app would need to let you be signed into multiple Dropbox accounts at the same time. 1Password has no control over that.

    Similarly, you can't be signed into multiple iCloud accounts at the same time. And as far as sharing a 1Password vault with a different iCloud account, that's not supported by iCloud. When using a third party sync service like iCloud or Dropbox to sync your 1Password data, you/we are limited by what that sync service allows.

    On the other hand, sharing is very easy with a 1Password Families account because we make both the app as well as the sync service, so we're not limited by what other sync services can or can't do. I know you aren't a fan of subscriptions, but 1Password Families has the features, security, and convenience you're looking for. And there are many other benefits which you can read about here: What are the benefits of a 1Password membership?

    You can sign up and try Families for free to see if you like it and think it's worth subscribing to: https://1password.com/sign-up/

    Please don't hesitate to let us know if you have more questions about that. Cheers! :)

  • I understand what a Families account would provide, but I'm not prepared to enter into an expensive monthly charge that really shouldn't be necessary. What I need is actually very simple. Share a 1Password vault with other users via a shared cloud account. I do realise that with iCloud you are hamstrung by Apple's myopic view of how we should all be using our computers, but...

    What you say about DropBox is not actually true. Ilium Software's eWallet will sync to ANY DropBox account, not only the one the local DropBox client software is signed into. When you set up the sync process, you sign in to whatever DropBox account you want. So on my Mac I use my personal DropBox account and that's the DropBox folder I see. But I can set up eWallet to sync any specified vaults (they call them something else though) to a different shared DropBox account. This works and is how it should be - sharing as it should be done. Networking (and hence the Internet) wouldn't have progressed as far as it has if a client was only ever able to log in to a single server account.

    In any case I've already purchased 1Password and invested many years in its use and would prefer to stick with it, but not by now having to pay a monthly fee just to be able to share a vault with one other user. I'm sure you actually know how you 'could' use DropBox to share like this, so why can 1Password not do it? Anything to do with pushing people towards paying for a monthly account perhaps?

    So, without having to sign up for a 1Password account, how is it possible to share a vault with another person?

  • brentybrenty

    Team Member
    edited May 2017

    So, without having to sign up for a 1Password account, how is it possible to share a vault with another person?

    @UKenGB: As I already mentioned above, you can share a vault using Dropbox. You can either use the same account, or share a folder with another account.

    What you say about DropBox is not actually true. Ilium Software's eWallet will sync to ANY DropBox account, not only the one the local DropBox client software is signed into. When you set up the sync process, you sign in to whatever DropBox account you want. So on my Mac I use my personal DropBox account and that's the DropBox folder I see. But I can set up eWallet to sync any specified vaults (they call them something else though) to a different shared DropBox account.

    No. Drew was correct earlier when he said,

    the Dropbox app only allows you to be signed into a single Dropbox account. The 1Password app simply writes data to the local Dropbox folder on your Mac, and the Dropbox app is responsible for syncing that data to/from the Dropbox servers. In order for 1Password to sync each vault to a separate Dropbox account, the Dropbox app would need to let you be signed into multiple Dropbox accounts at the same time. 1Password has no control over that.

    It may be that another app builds its own Dropbox client into their software, but that's not how 1Password works. And frankly that not a good idea for something involving security, as a dependency such as that could mean that a flaw in Dropbox libraries affects the "host" app as well. 1Password works by encrypting everything internally and then writing the encrypted data to a folder on disk. This way no matter which sync method is used, the data is always end-to-end encrypted.

    This works and is how it should be - sharing as it should be done. Networking (and hence the Internet) wouldn't have progressed as far as it has if a client was only ever able to log in to a single server account.

    Dropbox's own client does not work the way you're suggesting. It can only be logged into a single account at a time. That's why it can't sync your 1Password data to a different account.

    In any case I've already purchased 1Password and invested many years in its use and would prefer to stick with it, but not by now having to pay a monthly fee just to be able to share a vault with one other user. I'm sure you actually know how you 'could' use DropBox to share like this, so why can 1Password not do it? Anything to do with pushing people towards paying for a monthly account perhaps?

    Nope. Dropbox is a great service and I use it every day. But as illustrated by your questions and comments, it is not always intuitive, especially for the purposes of syncing and sharing multiple vaults. 1Password.com is a just better experience. It "just works", and if it doesn't we can fix it. We also have control over its security, and have external auditors and independent security researchers help us improve it. But to the user all of this is transparent. People have asked us to make all of this possible for years, and now that it's available, yeah, we're going to suggest it as an alternative to more complicated, confusing setups that offer neither more convenience nor security. You can continue using 1Password as you always have, but it doesn't make sense for us to not point out that there's a better way.

    Anyway, if that's something you'd like to pursue, there may be something we can do for you if you've already purchased 1Password. Just shoot us an email at [email protected] with your purchase details and post the Support ID you receive here. We'll see what we can do to help. Cheers! :)

  • Well I fundamentally disagree with you about being able to access a different DropBox account (it's only a server for heaven's sake), but I appreciate your considered response.

    I'd like to discuss this further as you suggest, but Support ID? Received where?

  • brentybrenty

    Team Member

    @UKenGB: When you send the email, you'll receive an automated response with the Support ID. That will help us track down your message to get back to you more quickly. :)

  • Ok, thanks.

  • Drew_AGDrew_AG 1Password Alumni

    On behalf of Brenty, you're very welcome! I'm glad he was able to help clarify that.

    Well I fundamentally disagree with you about being able to access a different DropBox account...

    I think maybe the confusion here is that 1Password for Mac doesn't access any Dropbox account at all. Instead, it simply puts a sync file in the local Dropbox folder on your Mac. It works the same way as the Folder sync option, which lets you create a sync file in any folder on your Mac. The only difference is that if the sync file is in the Dropbox folder, the Dropbox app will sync it with your Dropbox account. (And that account is the one you're signed into in the Dropbox app preferences.) Because 1Password doesn't access your Dropbox account, it can't access a different Dropbox account - that's determined entirely by the Dropbox app on your Mac.

    It sounds like your other password manager is using the Dropbox API to connect directly to the Dropbox servers instead of using the local Dropbox folder. Or as Brenty explained, it's acting as its own Dropbox client. That's a very different method for syncing with Dropbox, and is not how 1Password works (again, 1Password accesses the Dropbox folder on your Mac, and not your Dropbox account). There are drawbacks to using the API as well, although I can see how it might be helpful for the specific way you're trying to configure everything.

    I hope that helps to clear up the confusion about that, but we're here for you if you have more questions. :)

This discussion has been closed.