Standard team plan - can passwords be hidden from your teammates?

holacatholacat
edited October 2017 in Business and Teams

Hi there, I was wondering if you would be able to hide the passwords from your teammates what are you subscribe to the standard team plan? Thanks!

Comments

  • LarsLars Junior Member

    Team Member

    Hi @holacat -- thanks for the question, but I'm not sure what you're asking us. From whom do you want to be able to hide passwords? And in which vault(s)?

  • Sorry about the typo! I was wondering under the standard team plan, would you be able to hide passwords from your teammates or is that a feature that only comes with the pro plan? Thanks!

  • LarsLars Junior Member

    Team Member
    edited October 2017

    @holacat - no worries! I just wasn't quite certain what you meant. Removing users' ability to reveal passwords (keeping them concealed) is indeed part of the Pro plan in 1Password Teams.

    Having said that, a few words about concealing and revealing passwords. Within the context of our own code, we can do things like have the server tell each individual client not to allow their user to reveal passwords, and the individual 1Password clients will respect that because we control both ends of the code. However, it's basically impossible in general to both share an item with someone and simultaneously NOT share it with them.

    What I mean here is that even with the Pro plan, although we can enforce your wishes to conceal resource passwords from specific users, if you're sharing a resource with that user (i.e. - they can use the username (or email) and password combo to log into a site), then if they really want to, they'll be able to reveal that password, even if you as an admin make it so they can't do so within 1Password itself.

    How? Rather easily: if Teammate X has access to Login Y, but you've removed their ability to see the password, they can just copy it out of 1Password and paste it into Login Y's password field (where it will still be an obfuscated set of dots or asterisks), and then use a small browser-based javascript tool to reveal the pasted password within the browser. Such tools are trivial, free, and available everywhere on the web. Here's one you can use to verify this for yourself.

    Because this revealing of the password happens entirely within the user's browser, not only can 1Password not prevent this from happening (we can't control what users do in the browser), we would not even know it had happened. So, while using the permissions control available in the Pro plan to prevent revealing passwords can be helpful for casual situations like shoulder-surfing in coffee shops or other public spaces, it's not in any way an ability to prevent users from knowing a password that you allowed them access to. Put more simply: if you share something with someone, it's shared. Just some food for thought.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file