New "Share with anyone" feature

Hello,

While I think the new sharing feature can be pretty useful, as an admin in a corporate context, I am sweating in nightmares. Your blog article says that we are in full control, but the only control we have is to look at who shared what. That's not full control.

We need to be able to control it in a way that allows us to disable that feature. If we can't prevent our employees from sharing passwords outside the company - with anyone - that's a security breach disaster waiting to happen.

How did you guys not think about this before you released this? Or am I missing something?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • robrob Agile Customer Care

    Team Member
    edited October 12

    Hi, @cryptochrome.

    We've talked about this a bit here, and we're interested in bringing additional controls to administrators beyond viewing share activity and deleting shares (you can delete a share from the Activity Log). That said, your team members can already copy and paste passwords out of 1Password into Slack, emails, and text messages, so we're aiming to give them a way to do that with a bit more security cushion (automatically expiring the link and optionally restricting the recipient list). I'd love to hear more about your case, though. Is there another aspect we haven't considered?

    Note that at the vault level, you can remove the "Copy and Share Items" permission in a business account or "Export" permission in a team or family account if you want to prevent sharing items in a given vault.

  • cryptochromecryptochrome Junior Member

    Hi @rob - Just for me to understand (and sorry if I jumped to any conclusions), if I remove the "export" and/or "send items" permissions it will disable the new share feature?

    The problem I have with this is not that it is more secure than pasting something into a chat. The problem is that the sheer existance of the feature can encourage people to use it. As in "oh look, there is a share feature available to me now, I guess that means I am now allowed to share the password to our firewall". I am exaggerating deliberately to make the point.

    Without the feature, I can prevent people from pasting something into a chat if I disable the "view and copy passwords" permission. They can still login to sites/apps, but they can't see and copy the password.

  • robrob Agile Customer Care

    Team Member

    Just for me to understand (and sorry if I jumped to any conclusions), if I remove the "export" and/or "send items" permissions it will disable the new share feature?

    Yep 👍

    Without the feature, I can prevent people from pasting something into a chat if I disable the "view and copy passwords" permission.

    Disabling "view and copy passwords" will also disable the sharing feature. 👍

  • robrob Agile Customer Care

    Team Member

    The problem is that the sheer existance of the feature can encourage people to use it.

    That makes sense.

  • cryptochromecryptochrome Junior Member

    Thank you!

  • robrob Agile Customer Care

    Team Member

    No problem :)

  • I will add that apart from being able to disable the feature for all users, we would very much welcome:

    • a heads up for business users that feature is being implemented because it's a significant change for Security teams (at least a week in advance would be really appreciated)
    • ability to customise sharing settings to ie. only allow up to 7 days and disable sharing with link to enforce certain best practices.

    Is this something that can be considered?

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file