Strategy for Limiting Vaults that Appear on My iPhone
I have some "super-secret" financial accounts that I'd like to keep in 1Password on my Mac and/or on the web, but I'd like to not have these passwords on the 1Password apps my mobile devices. The idea is to keep those super-secret account passwords off my mobile devices because these devices can be easily stolen. Since I use Face ID on my phone, if an attacker can bypass Face ID, they have access to all my passwords, including the "super-secret" ones.
I know I could revoke access to the lost/stolen phone, but it seems even better not to have the super-secret passwords on the phone in the first place.
I realize that travel mode doesn't help, because it's "all-or-none" when it comes to vault removal. I also understand that that Business users have more granular control over vaults, but I want to avoid the extra cost just for these few "super-secret" accounts.
I'm testing an approach that seems to work, but I'd like to get your feedback and learn of any potential problems. Here's the approach:
- Create a "new" user account under my family membership. This user has a unique Master Key and Master Password, i.e., different from my "original" account
- Store the "super-secret" passwords in the new user account
- All other passwords, documents, etc. remain in my "original" user 1Password account (which happens to be the administrator for the family account)
- Access the "original" account from my phone and from my mac using the 1Password apps I have installed
- Access the "new" account, with its super-secret passwords via the 1Password web interface (only)
- Optionally create an additional login user on my Mac if I want to access the "new" account on the Mac using the 1Password for Mac app (since I can't access both 1Password accounts from the same Mac login unless I use the web interface)
Since I only access the super-secret passwords a few times per year, I don't mind using the web interface to access the "new" account, even though the 1Password apps provide a better user experience. I won't have offline access to the second user account, since its data is not in my 1Password app. However, the few passwords that would be in this second user account would only be useful when I have online access anyway.
Are there drawbacks to this approach? I can think of:
- Need to manage and secure two Master Keys and Master Passwords
- No access to passwords in the new account if I don't have Internet access
- New account uses one of my 5 family membership slots
I can live with the above restrictions. Am I missing any issues or potential problems?
1Password Version: 1PasswordX
Extension Version: Not Provided
OS Version: Web
Sync Type: Not Provided
Referrer: forum-search:private vault travel mode family accounts
Comments
-
Since I only access the super-secret passwords a few times per year, I don't mind using the web interface to access the "new" account, even though the 1Password apps provide a better user experience.
Because you would only require this a few times per year, I was going to suggest Travel Mode. But your requirement of only accessing these via the Web interface would make this option a bit less useful, since you would not be accessing these items from the 1Password apps. It would still have the benefit of not having to manage two sets of credentials however.
I don't see any additional major issues with your proposed approach (other than the ones you listed, and the friction this method adds to your login process, although this might even be a benefit in this specific case).
Since I use Face ID on my phone, if an attacker can bypass Face ID, they have access to all my passwords, including the "super-secret" ones.
Not if you had Travel Mode enabled. However, I am curious, and I wonder if we are perhaps addressing the wrong concern here: how would you imagine an attacker to bypass Face ID? In other words: is your concern related to face recognition technology itself, or with an attacker accessing your device in general? Because in the first case, the solution seems to be to disable Face ID on your device, and instead to rely on your Master Password to unlock your 1Password app. And in the second case, remote wipe seems to be the natural mitigation to this risk.
===
Daniel
1Password Security Team0 -
My understanding of travel mode is that when I invoke it, the super-secure vault would be removed from all my synced devices. (Is that correct?) What I was wanting to achieve is a semi-permanent state where I only have access to a subset of my vaults on my mobile devices and access to all my vaults via my Mac.
I'm not that concerned about security of Face ID being bypassed. I suppose the most feasible situation would be if I was forced to unlock my phone in a robbery situation. This scenario isn't that likely, I grant you, but when I travel internationally in developing countries, the risk is there.
More generally, it seems to me that a best practice would be not to carry passwords on my mobile device that I never intend to access via my mobile device. Hence the desire to have just a subset of my passwords on my phone. I know that remote wipe mitigates the risk, but an ounce of prevention is worth a pound of cure, right?
Do I understand correctly that if I upgraded my plan to the Business plan that I could have more granular control over which vaults are synced to which devices, all within the same user account? In other words, could I achieve what I'm talking about if I upgraded?
And finally, if the Business plan will do what I want, can I upgrade my Family plan through the web site? It looks like I can update to Teams, but it's unclear to me if I can upgrade to Business. Can I subsequently downgrade back to Family plan at some later date if I don't want to continue with Business?
0 -
My understanding of travel mode is that when I invoke it, the super-secure vault would be removed from all my synced devices. (Is that correct?) What I was wanting to achieve is a semi-permanent state where I only have access to a subset of my vaults on my mobile devices and access to all my vaults via my Mac.
Correct; with Travel Mode on you'd only be able to access the vaults not marked as safe for travel through the 1password.com website. The idea is that Travel Mode would be enabled when traveling and disabled when safe. You can mark some vaults as safe for travel so they are not removed from your apps when Travel Mode is enabled.
Use Travel Mode to remove vaults from your devices when you travel
Do I understand correctly that if I upgraded my plan to the Business plan that I could have more granular control over which vaults are synced to which devices, all within the same user account? In other words, could I achieve what I'm talking about if I upgraded?
The options in this regard aren't different between 1Password Families/Teams/Business. With any of those tiers you could go with a 2nd user approach, but that would require a different email address for the 2nd user, as no two users within a membership can have the same email address. You could have one of the accounts have access to vaults A, B, and C, and that is the account you'd use on your Mac. Then you could have the other account only have access to vault C, and you'd use that account on your mobile devices. Of note the built-in "Private" / "Personal" vault cannot be shared, so you'd have to account for that in your setup.
Ben
0 -
Thanks for the clarification. It seems the two-user approach is the way to go...if I want to go to the trouble of segregating the "super-secure" passwords this way. Frankly, I'm not sure that I really want to go to all the trouble of a second account to mitigate a threat scenario that has < 0.01% chance of ever happening to me. (But then I could tell you about my plane crash, the murder on my front lawn, the terrorist attack, the house fire caused by my dog, and a dozen other things that should've never happened, but did. :) )
0 -
One last question set @Ben . Can I upgrade from Family to Business on the web? Can I go back later if decide to downgrade? Some of the features of Business are appealing, even to a business of 1 user. For example, the login attempt logging and ability to restrict login to certain regions of the world might be worth it to me. Do I understand correctly that my cost would go from $4.99/month to $7.99/month, and that I would, in essence, still have the equivalent of the family plan?
0 -
Upgrading and downgrading I believe would have to be handled by our business team. I don't see any way of upgrading from 1Password Families to 1Password Business or vice versa on my end, though I'm sure at least the former is possible. You can reach out to them directly at
business@1password.com
. They'd also be in the best position to address any pricing questions on the business end. :)Ben
0 -
Thank you, @Ben! I appreciate your very responsive answers. Have a good weekend.
0 -
Thank you; you as well! :)
Ben
0