Watchtower feature request - Shared vault reporting reused passwords

Penguinvitamins2
Penguinvitamins2
Community Member
edited October 2019 in Business and Teams

Hi
We have a number of shared vaults and separate them per team. However, some login objects require to be shared amongst teams. We currently copy these objects to more than one vault. But Watchtower reports these items as reused password and skew results. Strictly these are copied items for the same device, not a re-used password.

It would be useful to share specific objects without copying them i.e. the Vault Owner creates the login object in a vault, then allow it to appear in another shared vault as read only. Alternatively I would like to see Watchtower determine duplicate login items (both object name+password = the same rule) and separate these from reused password stats

Thanks
Stefan


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Watchtower feature request

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Penguinvitamins2: Thanks for getting in touch! While I can certainly understand the impulse, each vault is encrypted separately in order to facility securely sharing any of them with one or more people without giving them access to all others. So an item cannot live in more than one vault. I think that your suggestion for perhaps filtering actual duplicates from Watchtower is a good one, and something we can perhaps do in the future if that can be done in such a way as to not not tell people about actual security issues. But, in the mean time, you can always create a separate vault for items you want to share with Group A and Group B -- in additional to separate dedicated Group A and Group B vaults) and give all of those people access to it, rather than having two copies of the same item, one in Group A vault, one in Group B vault. Cheers! :)

  • Penguinvitamins2
    Penguinvitamins2
    Community Member

    Thanks @brenty for the response. Yes, your suggestion to create a separate vault for across team sharing is, for now, our only option but not ideal (Scenario: It is often required to share just a few system credentials to a limited amount of staff members in Team A and B due to their roles. So each time a separate vault is needed to accommodate this. With Regards, Stefan

  • @Penguinvitamins2

    Thanks for the feedback. We have had similar comments from a few other customers. There are a some things that make doing this differently challenging. Off the top of my head:

    1. For technical reasons. The system is designed to handle encryption at the vault level. Handling it at the item level would theoretically be possible, but would require what I imagine to be significant changes to the system.
    2. From a UI/UX perspective. Having sharing happen at multiple different "levels" adds complexity both from a design/development perspective but also from the customer's perspective. It would make it more difficult to determine who has access to what.
    3. From an administrative perspective. Management is currently done at the vault level. It is possible to specify vault managers, who can make changes to the properties of the vault. If item-level permissions become a thing that adds a layer there as well.

    I don't think any of these are necessarily unsolvable problems, but they do require a significant amount of thought and careful consideration if such a thing is to be implemented. There would have to be a fairly high level of demand in order to justify the fairly high level of effort planning and building such a thing would take.

    Ben

This discussion has been closed.