Vault access by multiple accounts - do I understand correctly?
Hi.
I'm about to set up a Family account. I've been using 1Password since 2008, but vaults and multiple accounts are new to me.
It's taken me a while to develop a mental model for all this - I've had quite a few misunderstandings along the way. Below is what I'm thinking today. I believe I have the right end of the stick now, but I'd really appreciate if someone could have a read through, and tell me if I'm wrong anywhere.
- We have three family members, so we'll create three accounts.
- Each account uses a Master Password, gets a Secret Key, needs an Emergency Kit (unless we rely on account recovery).
- The secret key is created automatically and stored on each client. It is used to encode transmissions, and never transmitted itself.
- The first account to be set up is the "Family Organiser".
- The family organiser can initiate account recovery for others in the family.
- The family organiser can create vaults, and can assign manage / edit / view permissions for each vault & account combination.
- Each account gets access to vaults as per those permission settings.
- A simplified view of how these permissions are implemented: each vault has a key, and each account keeps copies of keys for vaults they have access to.
- These keys are different from master passwords and secret keys, and aren't visible in the user interface.
Thanks!
Ashley.
1Password Version: 7.9.4
Extension Version: Not Provided
OS Version: macOS 10.13.6
Comments
-
@cssbz Yes, that's a good summary.
I would add that each user gets their own private vault which only they can see and to which they always have read/write access.
0 -
- You would create one family account and then invite the other individuals to that account. Technically there are three accounts in your case. They all live under the family umbrella account.
- Yes. Each account will always have those even if recovery is initiated. During recovery those are created anew for the user.
- Yes. I would highly recommend downloading and keeping a hard copy of the 🚒 Emergency Kit About your Secret Key
Like your account password, your Secret Key is never sent to us. But because you can’t memorize your Secret Key, 1Password stores copies of it for you, …
- Yes. About family organizers in 1Password Families
- Yes. Recover accounts for family or team members
- Yes, for additionally created vaults. Create and share vaults
- Yes. Each account also has access to a Private vault that only they can access.
- Yes.
- Yes.
0 -
Great! Thank you very much, both.
Some of my earlier confusion I suspect may come from the way that 1Password uses the word "account".
1Password seems to mostly use "account" to mean "store of data belonging to an individual, identified via credentials".
But 1Password also uses "account" for "product / service available for purchase". I can see the company is trying to avoid that, using "1Password Families" as the product name, but at https://start.1password.com/sign-up/family, the call to action is "Create an account".
At one point in my confusion before posting, I was thinking that we'd need four accounts (the three accounts for individuals, plus a "master" account for management). I may have carried this expectation over from eg FastMail, and the wording above allowed me to continue this misconception.
I was going to suggest that if the product name was "1Password Family Plan", that might have helped me. But I see from "umbrella account" in @ag_tommy's reply that there is more complexity lurking. (This is fine - I think I see the gist, and I don't need to dig into that right now.)
Anyway, I'm glad I seem to have the right mental model now, and I appreciate the help.
0
![[Deleted User]](https://wb.vanillicon.com/v2/b2b26d20f9d8e83917f1b2b1645573fc.svg)
