Share with external users

From time to time we have the need to share sensitive information with our clients.
Right now, we create a textfile with the sensitive data, encrypt it with a password and send the encrypted file and the password on 2 different channels to our clients. This is tedious, error-prone and exposes the sensitive data by storing it in an unsafe location.

Unfortunately, it doesn't seem like 1Password would support an easy solution for sharing sensitive information with third parties.
Is this a planned feature?

Asking the client to signup for a 1Password guest account for a (most of the time) one-off transfer of sensitive data is not acceptable.

If there is not such a feature already, I think it could look like this:

  • select multiple items and share it "externally"
  • choose a password to protect this data
  • set an expiration date OR max request count
  • track every access
  • keep the tracking history available for another 30 days after the access expired
  • the external party only needs to open a link in their browser and needs to enter the password. No other tools required.

WDYT?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_maxag_max

    Team Member
    edited March 31

    Hi @lszrh. Welcome to the 1Password Support Community.

    The exact feature you're describing that would facilitate the sharing of sensitive data stored in 1Password with an outside entity doesn't currently exist. Both parties need to be active members of the same 1Password business or team account before they can securely share items. We've seen a number of similar requests for this functionality before, and this is absolutely on our team's radar.

    Right now, the best recommendation I can give regarding sharing is to invite outside entities as guests for limited sharing. Each guest can be assigned access to a single vault on any given time, and from there data can be safely shared and accessed. When the guest no longer needs to access the said vault, access can be revoked at any time by an administrator.

    I do fully realize you're already aware of guests, and you mentioned they're not acceptable for your situation, though this is currently the best, most secure way to share information with users outside of your organization. I appreciate you taking the time to write up what you envision in this type of feature. I'm going to pass on your helpful feedback to our team for future consideration. Keep me posted if there is anything else that I can help with today.

    ref: internal/business-roadmap#108

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file