To protect your privacy: email us with billing or account questions instead of posting here.

How to let a member to have acces to use the password but not to see it?

AlexandrBogach
AlexandrBogach
Community Member

I wanna to let a member to use autofill in sing up pages has been added to vallets but I won't to let them see it by "Reveal" button or any other way.

I read it is possible by adding user as a guest. I did with test account and it doesnt work this way.

Is there function I need in 1Password servise?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • peacekeeper
    peacekeeper
    Community Member

    As far as I know this is a feature only available in the business-version.

  • ag_ana
    ag_ana
    1Password Alumni

    Hi @AlexandrBogach! Welcome to the forum!

    peacekeeper is correct: managing permissions like this is only available in 1Password Teams and 1Password Business. If you would find such a setting useful, you can upgrade from a Families account to a Business account in your settings (on 1Password.com > Settings) :)

  • gazu
    gazu
    Community Member

    @AlexandrBogach

    ...but I won't to let them see it by "Reveal" button or any other way.

    It's really important I pick up on this.

    What you're asking for is impossible and cannot be achieved by 1Password (or any other password manager).

    You should only give access to people you trust because the 'protection' offered by 1Password Business does not protect you against a user with basic knowledge of a web browser.

    A team member who can read a vault has its cryptographic keys, but the client can still limit what they can easily see and do in that vault. For example, passwords will be concealed from them in the 1Password apps if they don’t have the View and Copy Passwords permission. However, the unencrypted data is still on their devices and could be extracted with some effort, like filling a password into a page and then revealing it on that page.

    A team member who is determined can easily overcome client-enforced permissions on their own device, so they’re most valuable as simple safeguards for people you already trust. A team member has to act deliberately and intentionally to violate these restrictions. These permissions shouldn’t be relied on to prevent hostile behaviour or enforce trust.

    https://support.1password.com/permission-enforcement/#client-enforced-permissions

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for clarifying this @gazu, that's a very good point too :+1:

This discussion has been closed.