Prevent "reveal" option on standard Teams account

macdigger
macdigger
Community Member
edited January 2018 in Business and Teams

Hey guys,

I'm setting up our trial teams account (and eventually migrate everyone to the paid "standard" account), and would totally love to be able to prevent password reveal for some of our more sensitive vaults (peace of mind, all that). It's fine for users to be able to log in, but knowing the exact password is absolutely unnecessary (to say the least).

Looks like the option is locked up behind much higher priced tier of 1P for Teams Pro.

We're a rather small company, $4/user/month is (borderline) fine with us, and we like 1P. However, we have an extremely hard time justifying going to the next tier of $12/user/month just for a single - I would guess - rather simple to add feature (sorry, I'm throwing the "easy" word around here, but come on… ;).

Actually, pricing aside, we absolutely don't need the "everything and a kitchen sink" approach provided by Pro, but standard Teams plan seem to be keeping a rather useful one feature behind a significantly higher paywall (the first time I saw the difference it was an "oumph" moment - didn't see any subscription plans with 3x price difference between closest tiers so far).

Wonder what's the reasoning not to include this one option into an already non-free plan, considering that we all are striving for security all around, and a relative peace of mind, which that'll feature would provide?
I wonder if I'm missing something and you guys have some good reasons that "reveal" option is unneeded on "standard" accounts? Can someone maybe share their thought?

Eventually, I'd love this one single option to be added to the standard account, but at the very least would like to hear your reasoning. I might just as well be wrong in wanting the feature on "basic" plan (I'll try to be open-minded here)

thanks.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    @macdigger - first of all, I notice you've personally been around here since 2009(!) Thanks so much for being a long-time supporter and user of 1Password. :) We're also thrilled to hear 1Password Teams is working out well for your company.

    To answer your question(s), the 1Password server backend is the same one always, whether you're using a 1Password Individual account, 1Password Families or 1Password Teams (Standard OR Pro). The functionality is all there on the server, since it's the same server. It's not like we maintain one server for Individual accounts and another for 1Password Families, etc. So theoretically, we could "turn on" all of the features for every type of account.

    The reason we don't is because not every user wants or needs all of the features of 1Password Teams Pro -- in fact, it would be useless overkill for an account which has a maximum of one person to be saddled with all those advanced sharing and administration tools. So yes, we've set "artificial limits" on which features are part of which account tiers, purposely. Having said that, those advanced, fine-grained permissions and other administrative tools of 1Password Teams Pro plan are some of the most time and labor-intensive to develop and maintain, which is why Pro costs significantly more than Standard, and why Standard costs more than 1Password Families, etc: we try to make the price paid reflect the cost to deliver the features received.

    All of THAT said, we are definitely always examining the landscape to see whether certain features which may have been conceived and originally developed for the Pro plan can eventually find their way into other service tiers for which they also make sense. I can't say whether the ability to conceal passwords from specific users will be one of them, since as you know it requires a more-robust administrative capability than Standard's current read/write/no access setup. But it may be something you'll see in a future reconfiguration of the Standard plan. It isn't so much that we think the ability to conceal passwords "isn't needed" on Standard accounts, it's more that those advanced features are actually a significant bulk of the work of developing and maintaining the 1password.com service as a whole -- and we allow users to assess for themselves the level of functionality they require and contrast it against their own willingness and ability to fit it into their data security budget.

    I will say one more thing about that specific feature: it was designed less to be a bulwark against allowing an organization's own employees/team members to know what a specific password is, than to prevent casual disclosure of passwords to those outside the organization - shoulder surfers at coffee shops or airport lounges, etc. The general concept here is that it remains essentially impossible to both share a secret with someone and simultaneously NOT share it with them. If you grant user A access to password B, even if you activate 1Password's protections to allow them to USE but not REVEAL password B within the confines of 1Password, if they can copy/paste/use the password in other apps then there are ways that they can reveal that password if they are industrious and dedicated to doing so. In other words, if you give someone the ability to decrypt an item in 1Password (which is what you're doing when you grant them the ability to use the item), then they have that item.

    Thanks for the question, and feel free to ask us anything if you have follow-up questions about this or anything else.

  • Lars
    Lars
    1Password Alumni

    @macdigger - Hi there. Just a follow-up from us: I see you've actually gone quite a ways in getting started, so I was wondering whether you'd be interested in having someone from our team contact you privately via email to see whether there are any more-specific questions that might not be appropriate for a public forum which they could answer to help get you started? Just let us know here, and I'll be happy to pass along the email address to the appropriate folks.

This discussion has been closed.