Feature Request: Share Between Vaults

adfernandes
adfernandes
Community Member

So one of the (main) uses I have for 1Password is to use two vaults, one for my personal life, and one for my corporate life.

I do not want my employer to have any access, even through the temporary intermediary of the 1PasswordX browser extension, to all of my digital life.

But it happens that fairly frequently I have "low security" passwords and account info that I'd really like to share.

Like suppose I create an account + password for Acme Software. This is some useful utility that I use both at home and at work, and I want only one account, and I don't care if my employer has access to this specific account.

What would be nice is if, in addition to "move" or "copy" under the "share" menu, I could "link" or "create a linked copy" of the record.

One record. Multiple vaults.

Even better, "link as read-only".

This would make my life much easier for a lot of websites at work.

What do you think?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    I do not want my employer to have any access, even through the temporary intermediary of the 1PasswordX browser extension, to all of my digital life.

    @adfernandes: It's worth pointing out that using multiple 1Password.com accounts in 1Password X (or any of the other apps) doesn't result in information in one being accessible in the other. And also no one but you ever has access to the Personal/Private vault in your 1Password Teams, Business, or Families account.

    Like suppose I create an account + password for Acme Software. This is some useful utility that I use both at home and at work, and I want only one account, and I don't care if my employer has access to this specific account.

    That makes sense. You could certainly save that login in your work account in that case. It may be a good idea to also save it in an archive vault in your own account in case you ever leave the company and no longer have access to the company account anymore.

    What would be nice is if, in addition to "move" or "copy" under the "share" menu, I could "link" or "create a linked copy" of the record. One record. Multiple vaults. Even better, "link as read-only". This would make my life much easier for a lot of websites at work. What do you think?

    I agree that would be nice, but it isn't possible since accounts — and even vaults within an account — are completely separate, and encrypted separately. You may think "but they don't have to be", and you'd be right. But it would be terrible for security, since that would necessitate using the same encryption keys (or sharing the keys) with both accounts, your personal and work. While it would certainly be nice in some cases for there to be some crossover, for the most part we all want to keep these very much separate. After all, otherwise we'd all be using a single 1Password.com account for everything.

  • AlwaysSortaCurious
    AlwaysSortaCurious
    Community Member
    edited May 2018

    Hmmm... what about within the same account (hey you guys are always open to use cases and suggestions), private and work vaults in a 1Password personal account. At work, I only have the work vault selected for searching. No need for them to accidentally look over my shoulder and see what else I do in my life. But I use the same boxcryptor account at work and home, the same idrive as well, etc. are those vaults encrypted differently as well?

    To keep from having to expose my private vault I copied both those keys for example to my work account as well. Otp secrets and all. This way when I’m at work I can just open up 1Password, only my work vault opens, and see it right there on my favorites. But any changes have to be copied to both places .

    Just my use case. Perhaps an edge case. And admittedly a convenience feature.

  • adfernandes
    adfernandes
    Community Member

    Hey, @brenty thanks for your reply, but perhaps I wasn't careful enough with the term "account".

    So I have a "1Password for Families" account that I have multiple vaults in. One is mine. One is my wife's. We have read/write access to our own vaults, but read-only access to each others'.

    Now in reality I have two personal vaults, both under my same account. I have a "home" vault and a "work" vault. I have (under one userid) read/write access to both accounts. However, I have a "work" user (under my work email) that has read/write access to only the work vault.

    Now I understand that vaults within an account are completely separate, and from a security view that's great, but from a practical view it's terrible since, as I mentioned for "low value" passwords, I frequently want work to have a "read-only" copy of a "master" record in my "personal" vault.

    When logged in as "home" me, with r/w access to both vaults, I can already freely move or copy records between vaults since both are unlocked.

    What I'm asking for is something like a "push" record or "auto-update" record so that when I update my "home" (master) account for "cutekittens.com", there is an annotation that says "upon updating this record, create a copy of it in the "work" vault, which should already be unlocked, and mark that new 'work' record as being pushed from another vault, so it isn't accidentally updated."

    There are more advanced protocols you could use by encrypting the records with public keys, but then each account holder would have to operate a PKI for the vaults for which they have r/w or r/o access... now that's complex.

    So really, I'm just talking about "when 'home' record is updated, push a r/o-tagged copy into a 'work' vault that should already be unlocked"-tag.

    Believe me, I very much wish that my "home" and "work" lives were completely separate, but they aren't, and I'm willing to bet a large chunk of your users are in a similar boat!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Hmmm... what about within the same account (hey you guys are always open to use cases and suggestions), private and work vaults in a 1Password personal account. At work, I only have the work vault selected for searching. No need for them to accidentally look over my shoulder and see what else I do in my life. But I use the same boxcryptor account at work and home, the same idrive as well, etc. are those vaults encrypted differently as well?

    @AlwaysSortaCurious: Hmm. I'm not completely sure how this applies to 1Password. It never would have occurred to me to use multiple Boxcryptor accounts, and I'm not an expert on their service. But given that, as I understand it, the whole point of the service is that you can choose your own encryption keys and not have to rely on a 3rd party to do that for you, you're probably already using different encryption keys for each account. And, if not, you could certainly do so.

    To keep from having to expose my private vault I copied both those keys for example to my work account as well. Otp secrets and all. This way when I’m at work I can just open up 1Password, only my work vault opens, and see it right there on my favorites. But any changes have to be copied to both places . Just my use case. Perhaps an edge case. And admittedly a convenience feature.

    That part of it makes sense to me. Certainly if you need access to that information both at work and at home but aren't using your personal account at work, you'd need to have a separate copy of the credentials. 1Password.com encrypts everything separately at the vault level so that when you share one with someone else that's all they can access.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited May 2018

    Hey, @brenty thanks for your reply, but perhaps I wasn't careful enough with the term "account". So I have a "1Password for Families" account that I have multiple vaults in. One is mine. One is my wife's. We have read/write access to our own vaults, but read-only access to each others'.

    @adfernandes: Yeah, this is a bit confusing. I'm sorry about that. "Account" with 1Password.com refers to a a single user's login credentials; so yours, or your wife's, etc., but not the "family" as a whole (which doesn't have a concept of login credentials; only individual users do). So let's go with "family" for the collective, and "account" for each person.

    Now in reality I have two personal vaults, both under my same account. I have a "home" vault and a "work" vault. I have (under one userid) read/write access to both accounts. However, I have a "work" user (under my work email) that has read/write access to only the work vault.

    Gotcha. So we're talking about two different accounts there, which you've created for "home you" and "work you", each with different sets of account credentials. Kind of breaks my "person" model above, but I'm with you. Thanks! :)

    Now I understand that vaults within an account are completely separate, and from a security view that's great, but from a practical view it's terrible since, as I mentioned for "low value" passwords, I frequently want work to have a "read-only" copy of a "master" record in my "personal" vault. When logged in as "home" me, with r/w access to both vaults, I can already freely move or copy records between vaults since both are unlocked.
    What I'm asking for is something like a "push" record or "auto-update" record so that when I update my "home" (master) account for "cutekittens.com", there is an annotation that says "upon updating this record, create a copy of it in the "work" vault, which should already be unlocked, and mark that new 'work' record as being pushed from another vault, so it isn't accidentally updated."
    There are more advanced protocols you could use by encrypting the records with public keys, but then each account holder would have to operate a PKI for the vaults for which they have r/w or r/o access... now that's complex.

    Yes. I think we agree that's not something we can reasonably expect of most people.

    So really, I'm just talking about "when 'home' record is updated, push a r/o-tagged copy into a 'work' vault that should already be unlocked"-tag.

    Hmm. Thats interesting.

    Believe me, I very much wish that my "home" and "work" lives were completely separate, but they aren't, and I'm willing to bet a large chunk of your users are in a similar boat!

    Myself included! ;)

    I think I may still be missing something here, but it seems to me that you can help yourself already by "home you" sharing a read-only vault with the "work you" account, with only the specific items you need there for work.

    Going one step further though, I think maybe you do want to be able to save items at work in the "home you" vault shared with your personal "work you" account, in case you need to save something at work that you, again, also need to have at home. So the read-only vault would be problematic in that case. But a vault you can write to could be problematic too. If you save something there and later move it to a vault that "work you" does not have access to, it will still be in your Trash and/or item history in the vault shared with "work you", unless you take the additional steps of deleting and destroying it.

    I dont really think this is a common use case, and it's a bit convoluted; but you're right that many people would like to be able to have an item live in multiple places at once. I'm just not sure we can have it both ways without making things not only extremely complex (with potential loopholes or bugs) but also confusing to users (an item existing in only in one place is very easy to conceptualize, and there are no edge cases). But we'll continue to explore the possibilities.

    A final thought is that perhaps in the future you could use something like the CLI tool to automate a process of copying a tagged item to another vault and then deleting the tag and removing the old copy. Thank you for bringing this up! :)

  • adfernandes
    adfernandes
    Community Member

    Thanks for the thoughtful answer, @brenty!

    Yes, there are definitely edge-cases in the workflow, and the security implications could be... well, I can just see people not totally grokking where records go, etc.

    The main problem with manually copying records from one account to another is the "update a password in the wrong vault" scenario.

    Hmm.

    I wonder if maybe a simpler, easier-to-conceptualize use-case is to add a third option to the "move" or "copy" menu items.

    The third could be "copy and tag" or something a little more memorable. The idea being that you can copy a record from "home" to "work" vaults, but the copy has a simple tag that notes that it's a "duplicate" record. That tag would notify you if you tried to update the record, thus preventing you from using stale data.

    Of course, if you updated the "master" record in the original vault, the copy would be stale and you'd have no way of knowing.

    But it all comes down to having a single record live in multiple vaults.

    Anyway - thanks for the consideration!

  • AGAlumB
    AGAlumB
    1Password Alumni

    Thanks for the thoughtful answer, @brenty!

    @adfernandes: You're very welcome, and, likewise, thanks for the discussion! :chuffed:

    Yes, there are definitely edge-cases in the workflow, and the security implications could be... well, I can just see people not totally grokking where records go, etc.

    Indeed, even now, with everything very compartmentalized and (I think) fairly straightforward, with a single item existing in a single vault, people do run into issue accidentally saving something to the wrong vault. Making it possible to have the same item to be in more than one place raises a lot of issues, usability and otherwise.

    The main problem with manually copying records from one account to another is the "update a password in the wrong vault" scenario. Hmm. I wonder if maybe a simpler, easier-to-conceptualize use-case is to add a third option to the "move" or "copy" menu items. The third could be "copy and tag" or something a little more memorable. The idea being that you can copy a record from "home" to "work" vaults, but the copy has a simple tag that notes that it's a "duplicate" record. That tag would notify you if you tried to update the record, thus preventing you from using stale data. Of course, if you updated the "master" record in the original vault, the copy would be stale and you'd have no way of knowing. But it all comes down to having a single record live in multiple vaults. Anyway - thanks for the consideration!

    That's a very novel use of tags. It's something we'll have to consider. Right now, tags are fairly static: you apply one to an item as an organizational matter and that can help you find it by grouping it with others. What you propose would be sort of using tags as commands to instruct 1Password on what to do with an item (present a notification when making a change to it, etc.) That could go into all sorts of automation, hypothetically, which could be really cool. We just need to really think stuff like that through before even trying to implement it, since we need to ensure that undesirable and unintended consequences are mitigated, and that all of the apps are on the same page. Very cool to think about though. Cheers! :)

This discussion has been closed.