Advanced Protections for Family Plans

MONKi1PMONKi1P
edited February 3 in Families

I'd love to have Master-Password rules & Firewall Policy for the family. I've had the location restriction stuff enabled on LastPass which had that functionality. Maybe for a Family Plan+ option?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Could you please explain further just what additional functionality you're looking for in 1Password Family (Plan +)? Some of us are unfamiliar with LastPass's implementation. Thanks in advance.

  • 1Password has added Advanced Protection features https://support.1password.com/explore/advanced-protection/ They include Master Password policy which would help to make sure everyone in the family follows some basic rules for their Master Password and the Firewall rule feature that would allow geofencing form where someone is allowed to log in which is a feature that LastPass allowed each user to set for themselves.

  • williakzwilliakz
    edited February 3

    Thanks for the link. I see now that you're talking about migrating selected 1Password Teams functionality to 1Password Family. I've come across similar requests previously.

  • In a world where attackers can use VPNs to appear to be in your territory, geofencing looks a lot like "security theatre". To be effective it needs to allow only a quite restricted range of IP addresses.
    While the IP address range for corporate users may be known and fixed, that may not be the case for Family users. Our IP address is not under our control and changes every time the router re-starts, so there would be a significant risk of us being locked out. Also how would this work for phones and other devices connecting through a cellular operator's gateway?
    If I used a VPN for privacy reasons, would I need to update 1Password's authentication server with my VPN gateway address before being able to access 1password.com? Doesn't this partially defeat the privacy benefits of VPNs?

  • @missingbits point taken with the geofencing! Maybe that's less important for Families but the Master-Password requirements would be important. As the only guy who remotely understands security in the family, the entire burden falls on me and enforcing security measures on the system level would greatly enhance my social interactions with everyone ;) I come across as the crazy guy who is always annoying everyone, it can be exhausting.

  • @MONKi1P I know the feeling. I've been trying to persuade my work colleagues to move to a password manager and I think they see me as the crazy guy who is obsessed with internet security. They seem quite happy saving passwords in browsers, notes, spreadsheets, etc and pressing the password reset button whenever that doesn't work. While my family are generally more aware of the risks, I agree that automating the Master Password policing can only help.

  • @missingbits the struggle is real ;)

  • ag_tommyag_tommy

    Team Member

    @missingbits

    I've been trying to persuade my work colleagues to move to a password manager and I think they see me as the crazy guy who is obsessed with internet security. They seem quite happy saving passwords in browsers, notes, spreadsheets, etc and pressing the password reset button whenever that doesn't work.

    One of my old employers (and friend) felt this way about me. He went so far as to tell me he had four passwords he rotates. He called one day, saying he could not access his account. I was in with his permission in like 10 minutes after trying the four password and answering a reset question. (which I guessed due to what it was) Now I must say we had a close relationship. Every day each of our lives was in the hands of the other. So we trusted each other implicitly. Though he never did know my passwords because of 1Password. He could not fathom that I had something like a 23 character password to site XYZ and never knew what it was off the top of my head.

  • Well, there's the front door we all know about and work hard to protect, and then there are the back doors we weren't even aware existed and are wide open. Case in point: ACH transactions received by your bank are not checked in any way—they are implicitly valid and immediately honored. It's entirely up to you to pore over your automatic receipts/payments searching out any anomalous ACH items and to report them within 90 days or else tough. I recently discovered a payday loan outfit had first deposited $400 in my checking account then taken out almost $1,000 in payments (275% interest on the loan!). The loan was supposed to have gone to some guy elsewhere in the country, but his bank account number was entered incorrectly into the computer. Any help for that, 1Password?

  • ag_tommyag_tommy

    Team Member

    @williakz

    As you mention, the ACH system is a bank system. We are only able to assist with providing passwords where they are needed or requested. It would seem that as long as the banks do not institute reform or validation checks for transactions like this. Cases such as yours may continue.

    Several years back, I received a large (several thousands of dollars) tax refund for another individual. I called the bank to send it back. I had to travel to the bank and sign papers affirming that the money was not mine. It's like they didn't believe me. The deposit even had his name clearly indicated on the ACH information.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file