Share your sensible family vault setups...
Hi,
My wife and I had separate v6 standalone vaults, but now I've got a family plan and intend to migrate her across. I've already migrated myself across into my "Private" vault, and renamed the default shared vault to "Shared - All Family". I understand the technical aspects of how to create vaults and assign permissions, what I am looking for is people's experience in how they set up the different vaults in terms of sharing permissions, family organizers, and what works for them. A few thoughts on what I think I want, but open to all ideas...
- The default shared vault is of limited use because there's almost nothing that needs to be shared between all family members including he kids, so better to use some combination of personal vaults and new shared vaults with controllable permissions.
- I should have both read and write permissions to my wife's vault (So that I can clean up entries and keep it tidy as she doesn't have the technical knowhow/willingness to do it herself)
- I should have both read and write permissions to the kids vaults (Because I know they'll mess something up and come to me to sort it out). But the kids should not be able to see each other's vaults
- Neither mine or my wife's vaults should be able to be seen by the kids.
- I'm not averse to my wife having read access to my vault, still debating that and I trust her ethically speaking, but I don't want write access because I fear she'll mess something up :-)
- I'm debating if I should make her a family organizer, my inclination is no for the above reason. If I decided for her to not have any access to my vault, then I need some easy way for her to have at least read access to my vault in the event of my death etc. We each have financial accounts in our own separate names that should be able to accessed in such a situation.
- The wife and kids shouldn't need to switch vaults at any time to access things THEY need for themself - too much room for error introduced by that
So how have people in similar situations set theirs up?
1Password Version: 7.8.7
Extension Version: Not Provided
OS Version: Mac, Windows, and IOS
Comments
-
In my Families account we are all Family Organizers for recovery reasons. We use the Shared vault for the few items all of us need to access, and we have vaults for all pairs of people who need to share something specifically with each other.
If I decided for her to not have any access to my vault, then I need some easy way for her to have at least read access to my vault in the event of my death etc.
We solved this by putting a copy of each other's Emergency Kit in the shared vaults themselves :+1:
0 -
Thanks for your reply @ag_ana
and we have vaults for all pairs of people who need to share something specifically with each other._
It seems this would be the best way for me to set up the kids and wife's accounts
In my Families account we are all Family Organizers for recovery reasons.
I like the idea of making my wife a family organizer for the purposes of recovery, but what worries me is the ability to entirely delete family members accounts with no chance of recovery, and I would worry about her doing this accidentally.
We solved this by putting a copy of each other's Emergency Kit in the shared vaults themselves :+1:
This sounds a good idea. If my wife had my emergency kit then she could log in as me and assume full powers as me as family organizer. But in normal circumstances when logged in as herself wouldn't have the ability to accidentally damage anything (as she would if she were a family organizer herself)
- Kids vaults shared-pairs between each of them and me, but not between each other.
- Wife's vault shared-pair between her and me
- My vault remains as personal vault, and I am the only family organizer
- Wife has my Emergency Kit with master password saved in her own vault, so if she needed to she could log in as me and assume full powers including access to my personal vault
Is that right? What would be the disadvantage of this setup compared to say your setup? Thanks.... I really want to get it right from the start.
0 -
I like the idea of making my wife a family organizer for the purposes of recovery, but what worries me is the ability to entirely delete family members accounts with no chance of recovery, and I would worry about her doing this accidentally.
There are a few steps required before deleting an entire account, including a request for confirmation, so doing this accidentally is a bit difficult, you need to click on "Permanently delete account" for at least two times before you are allowed to do that.
This sounds a good idea. If my wife had my emergency kit then she could log in as me and assume full powers as me as family organizer. But in normal circumstances when logged in as herself wouldn't have the ability to accidentally damage anything (as she would if she were a family organizer herself)
Correct :+1:
Is that right? What would be the disadvantage of this setup compared to say your setup? Thanks.... I really want to get it right from the start.
The only disadvantage would be that nobody would be able to recover your account should you for any reason lose your Secret Key or Master Password. And being the only organizer, nobody would be able to then manage the account, the billing etc. in the future.
However, if she has access to your Secret Key with your credentials, this should not happen :+1:
0 -
There are a few steps required before deleting an entire account, including a request for confirmation, so doing this accidentally is a bit difficult, you need to click on "Permanently delete account" for at least two times before you are allowed to do that.
Fair enough. I guess it's a tradeoff. I do wish there was a way to backup a vault offline as it would alleviate some of these concerns about an unforeseen accidental error, like in this other thread you commented on, albeit slightly different circumstances: https://1password.community/discussion/comment/609290
The only disadvantage would be that nobody would be able to recover your account should you for any reason lose your Secret Key or Master Password. And being the only organizer, nobody would be able to then manage the account, the billing etc. in the future.
However, if she has access to your Secret Key with your credentials, this should not happen
Hmm, that is strong argument in favor of making another family organizer. I guess I need to think about it some more. It does seem an advantage but the ability of another family organizer to delete my account entirely scares me. Can a second family organizer even do that to the account holder? If I make her a family organizer too, can I revoke that status later? Can she revoke my family organizer status (even though I am account holder)?
0 -
Fair enough. I guess it's a tradeoff. I do wish there was a way to backup a vault offline as it would alleviate some of these concerns about an unforeseen accidental error, like in this other thread you commented on, albeit slightly different circumstances: https://1password.community/discussion/comment/609290
Agreed, it's a tradeoff. I know that the team is aware of these requests though, so perhaps this is something that they will be able to address in the future.
Can a second family organizer even do that to the account holder?
Yes, as they both would become admins of the account. Otherwise they would not be real admins, and you would still remain the only one in charge of the account, like now.
If I make her a family organizer too, can I revoke that status later?
Yes, you can make someone a regular family member again at any time. But it sounds to me like in your case the risk for you is too high, so you can certainly remain the only family organizer, as long as you are absolutely sure that your credentials will never be lost, or that other family members have the possibility to access your account through the Emergency Kit.
In our case, we decided that the convenience of having multiple family organizers was worth it, in case someone was unable to manage the account for any reason. Making sure your Emergency Kit is stored safely, and accessible by any other family member, is also a good alternative :+1:
0