Families - Multiple Private Vaults?
Comments
-
Welcome to the 1Password Support Community, @Simolation!
Especially when creating vaults for work credentials, it is just unthinkable that everyone can just gain access if they feel like it. It has nothing to do with trust, but with privacy and security requirements.
There's a few things at play, here, and two of them are certainly privacy and security requirements. But another one is, yup, trust. The 1Password Families model is based on assumption of a level of trust that is neither expected nor appropriate in a business/organizational model. Someone (at least one person) has to own the account; they are the person billed, and they have full administrative privileges over the account, including removing (deleting) other members without warning or request. When one joins a 1Password Families account, especially as a family member and not a Family Organizer, this is something to keep in mind.
If one's personal privacy and security requirements (such as for storing work-related items) includes preventing any possibility that others could use or misuse your data (including maliciously deleting it), then I would strongly suggest a separate 1Password individual account for those work-related items. Even keeping them in your Personal vault would not be secure enough, since the Family Organizer could theoretically simply decide to delete your entire account at any moment. I also understand that work situations vary between individuals, but if one is employed in a traditional office job, I would hope one's employer would provide a password manager to employees (preferably ours). 😀 But if not, or if one has a nontraditional work setup, and confidentiality, integrity and availability of data is paramount, then a separate paid account would be the way to go; you can add as many 1Password accounts to all of our 1Password applications, meaning the experience is just as simple logically as if the items were merely in different vaults instead of entirely different accounts.
There are also other creative ways to do it. One example would be: you as an individual can sign up for a 1Password Business account, which comes with a free 1Password Families account, and use the Business account for work-related items and other items you don't wish to share, and put only the things you don't mind sharing into the Shared vault of your free 1Password Families account.
0 -
@chopin1012 - I'm sorry you feel as if we're trying to convince you that our way is the way it should be. I can't speak for others, but we've been answering similar observations since nearly the beginning of 1Password Families accounts, and for myself, anyway, it's more a question of convincing you (or at least observing) that our way is the way it IS, currently, regardless of what any of us might wish it to be, as well as pointing out multiple solutions for various individual situations, on how they can accomplish their goals...just not perhaps in the way they originally envisioned.
The reality is that family units are unlike any other type of user of 1Password, and in many ways, the most-complicated of all. Individuals are easy: you are the sole owner, lord and only occupant of your domain. Only you have the keys, no one else uses the account, and sharing is nonexistent (except for item sharing, which is not dynamic). Businesses are exactly what they sound like: organizations which pay for multiple users (employees) to all use a shared account. And just as with other company resources, it's understood that you do not own these items in the way you would in your personal life - the employer can remove or limit your access just as they can with company email or multiple other organizational resources.
But families are very different. They are not individuals (obviously) but neither are they companies or even traditional organizations of any kind. That's why in some cases, the existing 1Password Families model might not be suitable for some family configurations, used by itself. It is based on the original 1Password Teams that was rolled out in December of 2015, and although it's benefitted from many of the same overall improvements that other account types have seen in the intervening years, the basic vault and permissions structure has remained essentially the same. Were we to build a solution today that was designed initially for families specifically, we would likely do some things differently than we did ("spinning off" accounts that are deleted into individual accounts, if desired by the person being deleted, would be one example). But that isn't the model that exists today, and so our replies here and in other venues to people who point out things they wish they could do (or prevent) in the context of 1Password Families revolve around finding solutions to the specific challenges people present us with.
And honestly? Most of these things are indeed solvable with the current array of offerings. If someone is a member of a family and they do not trust one or more of their Family Organizers not to delete their account or try to snoop on them, I would definitely suggest an individual account, and leaving only those items in the Family account they don't mind others seeing. If someone in a 1Password Families account simply wants to be sure no one else in the family can see any particularly sensitive items, I'd urge them to store those in their Personal vault. It varies by problem.
0 -
Welcome to the 1Password Support Community, @fastbucks. That's a large family account you have there! I'm curious how many items are actually in your family-wide Shared vault? I have a brother, my mother, and my wife's two siblings and spouses, plus her father, but we don't have a shared 1Password account between all of us, and if we did, I'm hard-pressed to think of how many items we would really share between all of us in the Shared vault. We live in different cities, have different interests, etc - so I'm curious to know what utilization the family-wide Shared vault gets in your setup?
It's certainly neither my place nor my intention to weigh in on how you define "family," but in my case, although I consider everyone I just mentioned to be my family, with the exception of my wife and kids, they aren't the people I live with and share things like a family Netflix subscription, etc, with. I'd also want either myself or my wife or both to be "organizers" of our family account -- and we are, currently. But if I added my siblings and spouses to my account, I'm pretty sure they would want at least one of them to be Organizers as well. Which is why we don't have that large a family account, in our case.
Likewise, even though having both my wife and I as Family Organizers prevents any possibility of lost account(s) if one of us forgets our Account Password, if I felt some of my passwords/items were so sensitive I did not want even the possibility that my wife might be able to access them, I would store them in my Personal vault. And if I worried she might delete my account? I'd realize it was time for me to have my own 1Password account.
There may - and likely will - come a day when 1Password Families gets a makeover, and some of the features people have been asking for, such as multiple vaults which are not accessible to the Family Organizer under any circumstances, or "spinning off" accounts when people leave or are deleted, are a possibility. But that will entail a restructuring of the entire structure of how group accounts work in 1password.com, and it isn't a small undertaking. Until that day arrives, after multiple years of listening to potential edge cases surrounding family accounts, I've yet to hear a situation that cannot be managed by one or another solution. It may not be a user's exact preference for how they'd like it to be solved, but I do hope you'll forgive us for continuing to suggest options for people to remain secure while still feeling able to share items they wish to share, in the context of how things are today, not how they might be tomorrow.
0 -
Last thing for @chopin1012 and @fastbucks - I'm going to disagree with the idea that there is no privacy in 1Password Families accounts. There is, it's the user's Personal vault. And in fact, any member of a 1Password Families account can indeed create a new vault at any time and share it with only other non-organizer users. That vault, as created, IS private to only the people initially invited to the vault. A Family Organizer would have to notice the vault exists (not difficult), realize they were not part of it, and then make an active choice to violate the privacy of the members of that vault, not much different from the choice an adult might make to read the private diary of a child.
To be clear, here, the only thing that cannot be achieved is the creation of additional vaults into which the Family Organizer has no visibility under any circumstances.
- If all a user wants is privacy, their Personal vault will work.
- If a user wants to create vaults between multiple non-organizers, they can.
- If a user wants to share individual items between themselves and another user, they can using item sharing which is entirely private.
- If a user wants the peace of mind that no one else has any ability to affect their account or its contents in any way, they can (Individual/separate account).
0 -
I appreciate the responses. I also appreciate your explaining the undertaking required to implement changes to the Family account. I also do truly appreciate the suggestions, for example the use of tags to separate personal and work items. I understand fully this is the way things currently are. Our views regarding trust and security will remain different. I hope the 1Password discussion groups will continue receiving replies from 1Password staff as it makes it a great community. I obviously enjoy 1Password, or I wouldn’t continue using it. But I also feel inclined to leave feedback for features that I, as a consumer, really want, regardless of possible workarounds. I hope if a complete overhaul occurs in the future that requests for these types of vault control features will be included. Thank you for your responses and interaction.
0 -
Thanks @chopin1012 😊
We do really appreciate feedback as well, so thanks for sharing it with us here. We'll be sure to continue being part of the community too! 💙
0