How to selectively share and keep private different logins from different Family Organizers?
In our family membership, everyone is a Family Organizer. We have plenty of trust for each other, but we are also all aware that one of the foundations of security is giving access to data only to those who need it. We want to follow this security guideline within 1Password. I know that I can create a vault with access shared by all family members. I can create a vault that is only visible to me. I can create a vault shared by just two, or just three of the family members.
However, each of these partially shared vaults says that it gives access to every Family Organizer. Is there a way around this? In our view, any Family Organizer should be able to do all the administrative tasks. That seems to work fine in 1Password. And each member should have a private vault that no one else can see, not even the other Family Organizers. That is part of 1Password, too. But I haven't found a way to set up a vault that selectively shares data between two family members, and doesn't let the other Family Organizers access it.
Am I missing something? 1Password has recognized that each individual has a reason and a method to keep some data private from other Family Organizers. The same privacy reasons exist for pairs, trios, and quads within the family. Mom and daughter may want to share some info, that they don't want Dad and brother to see. The four people planning the surprise party don't want the fifth member to see any details of the planning. Two members of the family may have a joint ownership or a financial partnership that doesn't involve the others. There are plenty of reasons and situations where family members need or want privacy in groups of two, three, or four, independent of the Family Organizer status of the different members.
1Password Version: 7.3
Extension Version: Not Provided
OS Version: macOS 10.14.5
Sync Type: 1Password.com
Referrer: forum-search:Is privacy from some Family Organizers possible within Family account?
Comments
-
However, each of these partially shared vaults says that it gives access to every Family Organizer.
Not quite. What each person with Family Organizer permissions will get is the ability to manage the vault, not access to its contents. That may seem like a subtle difference, but it's not. Earlier, you mentioned:
We have plenty of trust for each other, but we are also all aware that one of the foundations of security is giving access to data only to those who need it.
And it's here where you see the difference most starkly: when you create a vault, initially YOU are the only one with access to it. You can then invite whatever configuration of family members you wish. If everyone in your family has Family Organizer permissions, anyone you don't invite to this new vault will not be able to see the contents, and in fact will not even know the vault exists unless they sign into their account in a browser. Even then, the new vault does not show up on that user's home screen; they would have to click the "Vaults" tab in the right sidebar to manage vaults, in which case it would be visible (like all other vaults).
Yes, any such person with Family Organizer permissions could then add themselves to any vault created by someone else to which they'd not been invited originally (and thus see/copy/edit/delete the data), but they would have to explicitly take such action; it's not part of the Family Organizer permissions. Hope that's helpful.
0 -
Thank you, Lars. This is helpful to my understanding. I think I am still a little unclear about what 'inviting' means in this context, but that isn't my key concern. Your first paragraph says that a Family Organizer can "manage the vault, not access to its contents." However, your last paragraph says that Family Organizers could add themselves to the vault, and then see its contents. Doesn't that contradict what you said first? Yes, it takes an extra step or two, but the lack of security/privacy is still the same.
We have trust in our family, but we also trust good security practices. We want the ability to set up secure divisions of some shared data. Surely 1Password has secure options for creating subsets of data access in business situations. Can you give Families something to allow better and more secure compartmentalization of data within the Family?
0 -
Your first paragraph says that a Family Organizer can "manage the vault, not access to its contents." However, your last paragraph says that Family Organizers could add themselves to the vault, and then see its contents. Doesn't that contradict what you said first?
No. I'm sorry if I wasn't clear enough. The point I was trying to make is that just having Family Organizer permissions does not automatically give one access to the contents of any vaults as soon as they are created. Here's what that looks like when signed into your account in a browser:
Since I created this "Demo" vault, I am its only member, and have Full Access privileges to the vault, meaning all permissions including management of the vault as well as access to the contents of the vault. No one else currently has access to the contents of the vault, because I have not yet invited anyone else to it (their names would appear under mine if/when I do invite them). But as indicated by the circled sentence, the way Family Organizer permissions work is that anyone with that level of permissions could add themselves to the vault if they so chose. But it's important to keep in mind: they would not even know this vault exists when using a 1Password app. They would specifically have to sign in using a browser, click the Vaults tab in the sidebar, notice there was a new vault to which they had not been invited, and take the proactive step of adding themselves to this vault, in order to see its contents. That's not meant to be any kind of security measure, of course, but it does mean it's a step that couldn't be taken accidentally; a Family Organizer would intentionally have to take multiple steps here to first discover such a vault even existed, then to add themselves to the vault to view its contents.1Password Families is a bit unique amongst our offerings. First, it represents far and away the best value of any way to use 1Password we offer. An individual 1Password account is $35.88/yr. A 1Password Families account allows up to five people and costs only $59.88/yr, meaning that two individual accounts is already more expensive than a single 1Password Families account. And a 1Password Business account costs $95.88/yr per user, meaning that same family of five would be more like $480, instead of $60. We price 1Password Business the way it is because it represents by far the most configurable, complicated and resource-intensive (coding, support) of any of our offerings. And we price 1Password Families (which has a similar-but-reduced suite of sharing and permissions control) the way we do because, well, we have a soft spot in our hearts for families. :) But a family is not an individual, and it's not a business. It's a group where conditions of neither of those other entities exist, and you named it explicitly in your first post: trust. In a 1Password Business account, anyone with Admin or Owner level permissions can delete any user's entire account at will, immediately, and no one objects to this because the company is likely paying for employees' access, just like it pays for access to other resources for employees such as a company email address, etc. That's why we tell users not to put personal-life items into the Private vault of a 1Password Business account -- because they don't own it and there's no expectation on anyone's part of individual privacy in such cases.
But in a family, there's assumed to be some trust, just like what you said exists in your own family. That's important, because just like an Admin or Owner in a 1Password Business account, anyone with Family Organizer permissions in a 1Password Families account could not only add him/herself to any vaults they found themselves not invited to initially, they could also arbitrarily and instantly delete anyone else's account in the family. That's what it means to be a Family Organizer. Even if we were to try to port some of the much more advanced and intricate permissions levels of our premium tier (1Password Business) over to 1Password Families, there would still be that fact: anyone with high enough permissions can simply delete any other user, immediately. This is not a security issue, it's functioning as designed. My wife is a Family Organizer in our account, and that means she could simply delete me at any time. I trust that she will not, just as she trusts that I will not do the same to her. If I ever got to the point where for whatever reason I did NOT have that trust, that would be the time I'd start thinking about creating my own individual 1password.com account, migrate my data into it, and rest easy knowing that no one but me can access it, ever. Of course, by doing that, I'd also be forgoing the ability to have vaults shared in common with the rest of my family in the main Shared vault, or any other vaults I'd created (we have one called "Parents" for stuff we both need but the kids won't, such as bank logins, etc).
In short, I'm quite glad to hear you say you and your family "have plenty of trust for each other." Families come in all sizes and configurations, but that very trust and caring for one another is perhaps the main thing that sets families apart from other groups of people.
Mom and daughter may want to share some info, that they don't want Dad and brother to see. The four people planning the surprise party don't want the fifth member to see any details of the planning. Two members of the family may have a joint ownership or a financial partnership that doesn't involve the others. There are plenty of reasons and situations where family members need or want privacy in groups of two, three, or four, independent of the Family Organizer status of the different members.
Indeed, it's this very trust that ensures they have that privacy. Mom and daughter can create and share a vault that Dad and brother can't see -- unless they take proactive steps to violate that trust. The four people planning that surprise party for the fifth person would be able to create a vault that the fifth person would not even be aware of unless (s)he opened the Vaults management section of their admin console in a browser, then specifically added themselves to the vault. The two members of the family with the financial partnership that doesn't involve the others could rest assured their data was not being shared with anyone else in the family because they trust those other family members not to violate their trust. And all of you trust that none of the other Family Organizers will not simply decide to delete your account, every day.
We're well aware that there are families bound by blood or marriage who do not have the kind of trust you and I enjoy with our own families -- and in such cases, I would reluctantly recommend to people who feel they are part of a family that might fall into this category that they forgo the cost-savings and ease-of-sharing benefits of a 1Password Families account, and stick instead with individual 1Password accounts. I know I would not want all my most important data in the hands of anyone I did not trust, who could remove my own access to it instantly. Unfortunately, the point here is that such a scenario isn't able to be addressed via software; it's a human issue for which there isn't a technological solution.
0