How to avoid accidentally changes to Shared Vault

hal1password
hal1password
Community Member

This is really a "best practices/configuration" advice question.

My questions are the numbered paragraphs below.

Background

Someone to whom I recommended 1Password and helped to setup their vaults, just had a problem. Situation is the Family Account owner (User A) has one elderly family member (User B) who repeatedly has problems with passwords including accidentally changing. My original recommendation was that User A setup a shared vault for User B (the "AB Shared Vault") where User B would store all their login credentials.

Today they just discovered that the AB Shared Vault had bank login credentials for User A, but the credentials for User B were not to be found. It was discovered when User A was unexpectedly receiving two factor notifications.

I suspect this was really an error in my original configuration advice and possibly a user error. 1Passwords recovery feature was able to retrieve the missing credentials.

User A typically accesses their bank account information via the bank's app. However, they recall that recently they accessed the information on their iPhone and instead of the app they wound up using the browser. They're not sure how that happened. I suspect this is when the credentials in the AB Shared Vault were overwritten. I suspect User A may not have turned off Safari's autofilling so Safari provided their login credentials which 1Password offered to save those credentials in the AB Shared Vault for same bank which were originally User B's credentials.

User A wants to be able to see, use and recover all passwords for User B. However, they don't want to be able to accidentally update anything in the Shared Vault. User B wants to place all their passwords in the AB Shared Vault and nothing in their Private Vault. Ideally would like to be able to prevent that user from having any Private Vaults. All users are macOS and iOS users.

I believe there were two sources to the problem. One for User A, at least on their iPhone their "All Vaults" application setting included the AB Shared Vault and then their not seeing with they were updating User B's credentials.

I'm now thinking the recommended configuration should have been:

(a) User A creates the AB Shared Vault, but changes the access privileges so that User A only has Manage & View access and User B has Edit & View.

(b) User A configures their account so that the AB Shared Vault is excluded from the "All Vaults" search. User B configures their account such that the "AB Shared Vault" is the only vault in their "All Vaults" search.

(c) User A sets their default vault for saving to "Private" and User B sets their default vault for saving to the "AB Shared Vault". (Please see question 4 below regarding iOS settings.)

Now as to my questions:

(1) Is my thinking with respect to the preferred configuration correct?

(2) If User A has manage and view but not edit access to the AB Shared Vault, would User A be able to recover credentials which User B has accidentally deleted or changed? Or would User A, first have to give themselves edit access to the AB Shared Vault?

(3) Are the 1Password account settings for what is viewed in "All Vaults" account wide and shared across devices or for Users with multiple devices (Mac and iPhone) do they need to set that setting on each device used by the respective user?

(4) The 1Password on macOS has a setting in Preferences>Vaults whereby one can set the default vault for saving? Where is the equivalent setting on iOS? Does the iOS app follow the setting which is set in the Mac 1Password setting? If not how do I get it so for User A all credentials default to be saved in Private and for User B all credentials default to being saved in the AB Shared Vault?

(5) On iOS the 1Password app under "Settings>1Password Browser" the "User Agent" setting can be set to 1Password, Safari(iPhone), Safari(iPad), Safari(Mac), Chrome, Firefox. What is the significance of this setting? What would it mean to use "Safarin(Mac)" on an iPhone?

Thanks.


1Password Version: on iOS 7.9.6, on macOS 7.9.5
Extension Version: Not Provided
OS Version: macOS 10.13.6, 11.6.7, 12.4
Browser:_ Safari, Chrome

Comments

  • ag_tommy
    edited August 2022

    @hal1password

    1. Based on my read-through, yes, I believe the options you listed above would work. I am not sure if it is possible for user A to have manage permission but not edit permissions. Seems counterintuitive to me, and I suspect you may experience trouble with this setup. As a safety net you might consider temporarily adding a third user with full capabilities while testing this setup. * See item 2 below.

    2. This would be my concern. Granting edit access may be needed. It may be easier to introduce a third person here. That person could enable or disable features as needed. An advantage of a third user as an admin is they could recover the account for the others, provided they are all part of a family. 🚑 Recover accounts for family or team members This alone would be a huge plus for the setup and it was one of the reasons I went with a family membership vs. an individual oh so many years ago. I realize it might add a tiny bit of complexity, but IMO it is well worth the work. It is a valuable tool when a loss occurs. I am speaking from personal experience here. Without it, the data would be lost. Please look into this feature if nothing else. Again my best suggestion might be a 3rd person (admin) as it seems both users might be older.

    3. You would need to set the setting individually on each device for each user. They do not sync.

    4. The two OS's do not share their settings. On 1Password 7 for iOS: Settings > Vaults > All Vaults - Vault for Saving. On 1Password 7 for Mac: 1Password > Preferences > Vaults - Vault for saving

    5. This is a setting to tell the internal browser how to report itself. My suggestion would be to use the Safari browser and not use the internal browser. Get to know 1Password for Safari on your iPhone or iPad It has become incredibly powerful with our extension and IMO superior to what the internal browser within 1Password was. Also, Use 1Password to fill and save on your iPhone and iPad would be useful for apps, but it can fill sites too.

This discussion has been closed.