Opinion: Why I couldn't sign up for a (family) membership

@manski: I remember! Good to hear from you again. :chuffed:

It's been possible for a while now to sign up for a 1Password.com account within 1Password for Mac or iOS. And with 1Password 7, you can do many — but not all — management tasks within the app as well, such as creating vaults and managing their permissions.

But you're right: account recovery is done through the website. And we have no plans to lower or remove the 10 character minimum for the Master Password. It's really helpful to know about the hangups you have though, as these are things we'll continue to evaluate.

I am especially curious though what other functions you'd like to see in the apps. And it's worth noting that while our Wordlist is only in English, there are many Diceware sets out there in different languages, so perhaps there's one that would be useful to your loved ones for this purpose. Looking forward to hearing more! :)

Understood. :) Thanks for sharing.

Ben

Today I had an idea how to work around my security concerns: Use 1Password Families and have a separate account (i.e. family member) for all my passwords and use the "main" account just for administrative tasks. This way, I would only need to login with the admin account into a browser - not with my real account. So, with fresh hope, I gave memberships another try. Setting this up was rather complicated but I got it working in the end.

@manski: Thanks for following up. That's pretty exciting! I'm glad to hear that you've found some things that work for you, and the feedback on those that don't is appreciated. :)

But then I hit another snag that doesn't work (for me) with memberships: one can't share his/her private vault. This is kind of essential for me and my wife because I often need access to her accounts. With DropBox sync, I would just add her vault - that's it. With membership, this doesn't seem to be possible.

It's definitely not possible to share a Personal/Private vault, and that's very intentional. That way every member has a place they can store things that are just for them. That's really important to many people.

I tried adding her 1Password account to 1Password, but 1Password doesn't allow me to add multiple accounts from the same family at the same time. So no luck there. I know I could create a shared vault in her account and tell her to add all passwords there rather than to the private vault - but that would make things more complicated for her (than they are now).

This may be a stupid question, but I'll ask since you didn't mention it: did you consider just sharing an account with your wife? If you're both okay sharing everything, there's nothing wrong with that. :)

Conversely, what if your wife had a guest account? She'd then have access to only a single vault you share with her. Let me know what you think -- or why that didn't work if you've tried that already. :sweat:

So, I guess it's true what they say: Every change breaks somebody's work flow. ;)

You're not kidding! :lol:

For now, I will stick to DropBox sync and will try again in a year or so.

I'm sorry if it didn't work out this time, but I do thank you for giving it a (more than) fair chance and sharing your experience with us! :chuffed:

Agreed. But wouldn't it be enough for the vault to be private by default? If I want to share my private vault with someone else, that should be my choice - not yours (no offence ;) )

@manski: lol none taken! Honestly, if it could be shared, then that also leaves the door open for error. For instance, one of the more frequent complaints we have about Personal/Private vaults is that there is only one per account. Many people want to create additional vaults which are only accessible to them...but many of those people are also concerned that it is possible for another admin to take ownership of a created vault. So if we do what you're asking, that pulls things in the opposite direction and takes away choice from everyone else who wants to have a vault that can never ever be accessed by another person, regardless of permissions. I do think that's important.

While I sometimes need easy access to her accounts, it's not true the other way around. I'm not sure what regular family structures look like in Canada, but here in Germany it's often that families have one IT guy (me, in this case) where other family members have no problem with the IT guy knowing all their passwords - but not the other way around ;) It's important to them that the IT guy can always tell them their passwords. :)

I don't think that's uncommon. But would there be a harm in her having access to your stuff the way you have access to hers? That's more of a rhetorical question since it's none of my business, but it may be worth considering.

I did not try guest accounts. (It didn't occur to me that this would be a viable option.) So, I took a look now but because of the "one vault per guest" limitation it wouldn't work for me. I want my wife to have her own vault plus a vault with some shared secrets (like our Netflix account).

Gotcha. Thanks for checking it out! Another request we've had is the ability to disable Personal/Private vaults for family members...but again, that raises the issue of privacy and people not having any choice at all. :(

You're very welcome. I have the hope that one day in the future 1Password will support my workflow - but you guys can't fix what you don't know about, can you? :)

Absolutely! Thank you for helping us by sharing your perspective. I'm not sure what the solutions to these obstacles will be, but knowing what they are for you (and perhaps others) can help lead us in that direction. :chuffed:

Does the app allow logging in as another user? If so, then just sharing the master passphrases for each vault would work.

@dougl: I'm not sure I understand your use case, but no, 1Password is a single-user app. You can however take advantage of multi-user support in most modern OSes, and major browsers like Chrome and Firefox also have a person/profile/user feature that can easily be used with 1Password X.

I share the concern about entering a master passphrase into a browser. However, After a deep dive into the security architecture last year, I'd avoid dropbox syncing: it's the least secure means of sharing a vault. The cloud accounts with the shared secret are far more robust.

While you're right that 1Password.com has a lot of additional security features, I think it's important to note that no matter what your 1Password data is end-to-end encrypted, so 1Password simply doesn't depend on the sync service to protect your data. So while 1Password.com is more secure in many ways, syncing a local vault using Dropbox (or iCloud) is by no means insecure.

Let me echo the 'get the browser out of the equation' sentiment though. All tasks need to be available via the app, and we need to be able to prevent family members from logging into 1Password.com via a browser at all.

I hear you. Our ultimate goal is for the browser to be wholly optional. And while some account management functions do require it now, you can actually sign up through 1Password for Mac or iOS and never sign into 1Password.com in a web browser at all already today. A lot of people do this, not even knowing the website is any option, especially on iOS devices. It's definitely something we're working toward though, and I appreciate your feedback on this. Knowing that it's important to you and others as well absolutely factors into how we approach development.

The use case is for one user (e.g. a parent) to be able to login to the app as another (e.g. a child) to access their vault with a shared master passphrase to access the private information. Or another use case is for an adult child to use it to access an aging parent's vault to pay bills and such. It'd be nice to have some level of support for a 'monitored/supervised' vault like that.

@dougl: Guest accounts have access to a single vault you share with them. It sounds like that would help.

Agree that Dropbox or iCloud isn't necessarily secure, but it's completely depending on how strong a master passphrase is chosen.

Agreed 100%! We always recommend using a long, strong, unique Master Password.

The use of the secret with 1P.com provides a safety net (and is a really clever bit of crypto) against that all too common problem.

Thank you for saying so! Indeed, we want to be sure that even if an attacker is able to steal the encrypted database from us, they cannot perform brute force attacks against users' (potentially not-so-strong) Master Passwords.

As I mentioned in the other thread (apologies for multiple), and great news on the app-only approach. Please consider allowing us to disable the browser interface completely - and I really like the idea above of having a master account password that's management only, and a separate passphrase for the vault itself.

We haven't discussed potentially allowing browser access to be disabled yet, as we still have some work to do to make such a thing feasible, but we'll definitely keep it in mind. Thank you! :)

For what it's worth, I'm another user who's uncomfortable entering my Master Password into a browser (this is despite having read the security info, and due to forum discussions such as the one in "Security of the 1password.com account creation process"). I'd be very happy to continue with my 1Password subscription, but would want to be able to do the admin/management tasks without having to enter my Master Password into the browser. I've let my subscription lapse because it seems I have to enter my Master Password just to be able to update my credit card payment details (which feels counterintuitive).

@nettle: I hear you...but I can't imagine why you would want account settings accessible without signing into your account. Otherwise people other than you could do that.

So, please count this as another vote (from a long-time 1Password user and fan) for 'get the browser out of the equation' and the ability to do everything through a (signed) app!

Absolutely! Thanks for the feedback!

Would I be able to renew my subscription/update payment info through the Mac or iOS app, or is that one of the account management functions that still requires the browser and Master Password?

If you sign up through Apple, billing is handled through your Apple ID, so you'd have to change your payment info with them.

Or, if the credentials for the "admin account" are somehow compromised in the browser, would this mean that an attacker could then compromise the separate family member accounts/vaults anyway?

The credentials of family members would be safe, as those are literally never transmitted to us. But if you allow your account to be compromised, the attacker would be able to take control of any non-Personal/Private vaults (those can never be accessed by anyone but their owner), and remove family members completely if they wanted. So while it's not the risk you were thinking of, there are definitely risks in that scenario.