1Password on Mastodon

Is it possible to disable 1password login on the personal device?

riyazstormxriyazstormx
Community Member
edited January 12 in Business and Teams

Is it possible to disable 1password login on the personal device?
Can we restrict 1password login to only one device?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 13.1
Browser:_ chrome
Referrer: forum-search:Is it possible to disable onepassword login on the personal device? Can we restrict onepassword login to only one device?

Comments

  • GreyM1PGreyM1P

    Team Member

    Hi there @riyazstormx

    Can you tell me a bit more about the motivation behind this? If you're the only person who knows your account password (which is how it should be), then you can choose not to sign in to other devices. No one else can sign in to other devices anyway because they don't know your sign-in details.

    Let me know what you're looking for here and I'll be able to help.

    — Grey

  • riyazstormxriyazstormx
    Community Member

    Hi @GreyM1P
    Here we are using 1password shared vaults to store secrets & Credentials for our team. In our company devices are fully monitored by our security team so no one can compromise our secrets or credentials but if they can log in from their own personal devices maybe they can copy & paste because those devices are not monitored. We cannot track them so is not safe.

  • GreyM1PGreyM1P

    Team Member

    @riyazstormx

    In this context, there's no way to limit what 1Password accounts can be added to a 1Password app. If you're concerned that an employee might steal company secrets through their own 1Password accounts, that's more of a policy concern and a bit outside our scope as a result.

    Our recommendation is to strictly limit access to any shared vaults to those who absolutely need them, and to provide individual logins for a service to each employee if possible.

  • LarsLars Junior Member

    Team Member

    @riyazstormx - I wanted to follow up on what my colleague @GreyM1P wrote above with another suggestion (and maybe a question). If what you are trying to prevent is employees being able to sign into your company 1Password account from personal devices, there are indeed some steps you can take.

    The first one I want to show you is Firewall Rules. Those are quite powerful (indeed, take care or you can create a situation where some people cannot sign in at all). There, you could restrict sign-ins to only certain IP addresses (that you control) and no others. This would have the effect that people traveling might be prevented from signing in on new devices from hotel or conference wi-fi, but that wouldn't affect their ability to access the 1Password data they already have on their device, only changes/syncing.

    However, I do want to remind you of the unavoidable fact that neither we nor anyone else to date have figured out a way to allow you to both share and not-share a secret with someone else simultaneously, if you take my meaning. It may well be that taking the steps I outlined with Firewall Rules is a reasonable precaution for your situation. But if what you're worried about is malicious actors copy/pasting credentials or other secrets from your company 1Password account, no amount of firewall rules will prevent such an intentional bad actor from simply revealing the passwords to various assets and writing them down on a piece of paper. I don't know your threat model, and for that and other reasons it's not my place to tell you what you should do, but I'd be remiss if I left you with the impression that any of this would be a guarantee of protection against a truly malicious insider threat. The bottom line is that best practices are to rotate the credentials of any account member who either leaves the organization or of whom you suspect potential malice. That's the only way to be certain credentials - especially shared ones - are not used maliciously.

    Hope that helps!

  • riyazstormxriyazstormx
    Community Member

    @Lars @GreyM1P Great support, Ok I will look into that Firewall Rules
    thanks

  • GreyM1PGreyM1P

    Team Member

    @riyazstormx

    You're very welcome. If you ever need anything from us at 1Password Support, please do contact us. We'll be here to help. :)

  • rob29384059rob29384059
    Community Member

    I think the use case is to help protect against compromised endpoints. 1P running on an managed work laptop can be expected to be safer than, say, 1P running on a shared home computer. You can have a written policy preventing employees from install 1P on an unmanaged device, but you could also require admin approval to authorize new devices.

  • ScottS1PScottS1P

    Team Member

    Hi @rob29384059,

    Thanks for sharing your use case for this feature with us. While I can't promise if, or when, it may be implemented, I appreciate you contributing to 1Passwords evolution.

    Thank you,

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file