Family members clarification needed
I'm evaluating 1P. I've created a Families system. I am the administrator. I've imported my approx 500 records. I've created 2 vaults, one for me and one for my wife. I've MOVEd the records to one or the other of these vaults (by the way this is an onerous task hampered by a disappointingly poor UI design). I have created a family member id for my wife, and given her the rights to use her vault plus the shared vault. Now I want to make myself a member, so that when I operate as myself (rather than as the system administrator) I will work only with my own vault plus the shared vault. But 1P will not allow me to do this, because I have the same email address as the system administrator. Obviously somebody somewhere has solved this and hidden it together with the appropriate help pages at the bottom of the filing cabinet drawer marked "beware of the leopard".
1Password Version: couldn't find it, despite referring to help page
Extension Version: couldn't find it, despite referring to help page
OS Version: Windows 10
Browser:_ Chrome
Comments
When, as a newcomer to 1P Families, you are invited to manage your new system, you are given a web address https://my.1password.com/signin . I assumed that this web-based management software would be the functionality that would allow me to make progress. I have since searched your website and found that you offer standalone software with much more sophistication. Using that software would have saved me about three days onerous work. VERY angry.
I'm getting the impression that the technical crypto behind your system is excellent, but the surrounding administration and design has a long way to go. Anyway, my original question still stands.
Crikey, it's worse than that. When you invoke the browser extension, you are not given a choice of which identity to log in as. HELP !
Team Member
Hi @Basjoe
I see we've discussed the discoverability of the desktop/mobile apps in another thread. To your question about multiple accounts for yourself... that is not how 1Password Families was designed to work. Each account within a membership requires a unique email address. With 1Password Families each account gets their own Personal/Private vault, which only they can see the contents of. It isn't necessary to create a separate vault for each person beyond that, and doing so may lead to further confusion. For example, in the setup you've described, your wife now likely has 3 vaults: the built-in Personal/Private vault, the built-in Shared vault, and also the vault you created for her.
We typically recommend that multiple trusted individuals within the family be given Family Organizer roles, so that if any one person forgets/loses their 1Password credentials, the whole family isn't in hot water. We have a guide available on this subject here:
About family organizers in 1Password Families
Regarding the difficulty in getting started in general, have you reviewed our getting started guides? I feel they could've saved a lot of frustration here. Getting the 1Password apps is step 4 in the guide:
Get started with 1Password
I hope that helps!
Ben
Hi Ben,
Well, in the words of Clint Eastwood (in Where Eagles Dare) "I'm just about as confused now as I ever hope to be". You are saying that the administrator cannot see the contents of Personal/Private vaults of family members. In that case I don't see the point of Families at all. You may as well just get an individual account for everybody. Anyway, I think what you are saying is that I will now have to move all my wife's records to her Personal/Private vault somehow and delete the vault I created for her. (** see below) You can imagine how frustrated I'm getting. I've not even started testing basic functionality yet - it's all admin, and already halfway through the trial period. I will read through the guide you've linked to, thanks.
** You see, when I get the software up to show the vaults it show Personal, Her Vault, My Vault, and Shared. So is that Personal Vault being shown - her personal vault, my personal vault, or the system administrator's personal vault ? Or something else ?
Ben I'm reading through the "About Family Organizers" link you gave me, and the section "Use vaults to share" seems to completely contradict what you said. I'm not trying to pick a fight here or be difficult. Back when I was a somewhat younger working man I designed and built large computer systems for multinational companies (including working in crypto with guys from Canada-based Entrust). I say this to reassure you that I am not an idiot. But I just can't seem to grasp the underlying principles of the Families design. Perhaps some of the definition of terms like "Account" or "Family member" or even "Personal" have led me down the wrong track. Myself and wife are trying to draw up a system diagram to understand it, but it's not going too well right now.
@Basjoe In your role as family account creator and family organizer, you're nothing more than the first member of your family account, with the additional permissions to organize the account (inviting more members). But you are a member yourself, with personal vault and all. If you give another person the family organizer role, its account has the same organizing permission as yourself, and if you remove yourself from the organizer role, you're just a member as any other member you formerly invited.
So there is no need to separate your account into some "administrator" and some "user" role - your account is both.
If it comes to managing your items and move items around between vaults, you should definitely get the desktop app. It has features to move and generally handle items in bulk. The website is ok for account management, but not good for item management.
The idea behind the family account is that everyone has its own private space with the personal vault nobody else can look into, and additionally one or more shared vault everyone or someone else has also access to.
So if you imported 500 entries, there are perhaps 200 of your own, 200 of your wife and 100 shared between you both. To sort these, you can do this, for example:
As result, you have your own entries in your own personal vault, your wife has her items in her personal vault, and both of you have some items in the default "Shared" vault of the family account. No other vaults exist.
You don't need more shared vaults at the moment. Should you invite more members to your family, for example children, there may arise the need to share some items between some of the members, but not to all members. For this, you can create additional shared vaults and set access controls so only people have access who want/should have access. The primary purpose of additional vaults is different access between family members.
Team Member
@Basjoe
Let's start by clarifying that there is no such concept as a separate "system administrator" with 1Password Families. You, the person who signed up for the 1Password Families membership, are by default the Family Organizer. You can also promote other people to this role, and we recommend doing so, for the purpose of recovery:
Recover accounts for family or team members
As for defining account vs membership vs member: The membership is the container for accounts (members) and vaults. Generally, you would only need one membership. Each person would have their own account within that membership.
Each account will have a vault accessible to them called
Personal. This is a system created vault, and it is unique in that it is the only vault that nobody else can ever access. This is the vault most folks will store their non-shared information in. There is also a built-inSharedvault, which everyone in the family has access to. Additional vaults can be created by any member. Member created vaults can (optionally) be shared with other family members. By design, any Family Organizer can add access for themselves to any member created vault.Correct. Family Organizers cannot see any Personal vaults other than their own.
There are three primary advantages of 1Password Families over separate individual memberships:
That would be my recommendation, if her intention is to have some items that are inaccessibly by you, yes.
I do think the guide will help immensely, as it covers many of these basics.
Each account has its own unique
Personalvault which only it can see. If you log in as any other user, you will see aPersonalvault, but it will be distinct from any other account'sPersonalvault. No one ever even sees that anyone else'sPersonalvault exists.Could you please highlight the language in the guide that you feel is contradictory? I'd like to explore if there are any corrections needed, or if I can further clarify what I've said.
Thank you for sticking it out with me here. Hopefully we're getting closer. 😊 I'm happy to help with any follow-up questions you or your wife may have.
Ben
Ben, I really want to thank you for this. It's clear we had superimposed our system design experience onto a comparatively simple model, making it far too complex. I'm sorry you had to put in so much effort to clarify it all, but it is nevertheless much appreciated. We're still working our way through it, so that we can make the right organisational decisions and get the best out of it for our needs, and I thank you for the suggestions.
Team Member
You're very welcome! I'm happy to have helped.
😁 Indeed. Our family offering is intended to be fairly simple and approachable. There are more advanced features (such as varying levels of administrator access) available with 1Password Business. That is likely overkill for home use, but I figured I'd put it out there if that is indeed the level of flexibility you're looking for.
For sure. Please feel free to loop back if there is anything further I can provide.
Ben