Family organizers shared vaults
The way our family plan is setup needs to have a way to create shared vaults that are not visible/manageable by Family organisers. My brother and I are both Family Organisers and would both like to share some sensitive passwords with our respective wives who are Family members in the plan. But we would prefer those vaults not be accessible to each other.
Is there a way to implement privacy for Family Organizers too so the creator of a shared vault can remove access to view/edit shared vaults even from Family Organizers?
Thanks.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Family Organizers have full access. Short of creating a new family and segmenting the larger family I can't imagine a way to accomplish this, because the FO have the ability to help with recovery of accounts. Account recovery needs to allow folks back into their accounts/vaults.
I'd be happy to file a feature request, but even then I can't guarantee if/when it could happen. If it was created it would likely be some time for creation and development. My thought would be separate accounts. If you need to share a vault between the two families you could always add them as a guest to yours and you to theirs. That would give you access to a specific vault that could share amongst the families.
Perhaps some of the others here in the community have ideas they can share.0 -
Today I've switched my individual account, after having used it happily for many years, to a family account. Since I'm the Defacto "tech support" person in the family, it seemed like a no brainer.
Having said that, I 1st decided to make a test account and import it now in my "Family" to test these features myself, and within minutes came to the same conclusion as @SimonLL - even if a non FO (Family Organizer) creates his/her own vault to share. The FO can see this vault AND can add him/herself to it, no questions asked.
I think this is a design/logic flaw. @ag_tommy you mention that FO have the ability to do account recovery. Which is fine, but really account recovery and having the ability to grant myself access to any shared faults others make; are two different things entirely. Determining the access to a created vault should rest with the creator. And access to that vault would be restored to the creator if his/her account was recovered. There's no additional need for an FO to be able to manage permissions on any given additional fault created.
As is, I'm reverting my account back to individual account. I just cannot in good faith recommend my dad for example to put in all his sensitive things, and know that if he places those in a shared fault for any reason which are his and his alone; that i can give myself access to those as well on a whim. He might not be super computer savvy, but he knows how to handle sensitive data and will ask me what my level of access is, knowing I have the main account and handle billing as well.
TLDR: I'd be happy if this could be a feature request to deal with this issue.
- Additionally created vaults default the creator as full-access "owner"
Visibility of these additional vaults are for the creator. FO cannot see these under "Vaults"
Unless FO is at least added as "view"FO should not be able to assign rights of his/her choosing to any additionally created vaults of other accounts under the family; aside from the additional vaults the FO him/herself created.
- Responsibility for vault access lies with those that created it. If they want a back-up person to manage it, then they can assign somebody as full-access/owner them/herselves.
0 -
Ideally, your dad would place sensitive details in his Personal/Private vault. That vault is his and his alone. No one else has access. You cannot grant yourself access to his Personal/Private vault. I'll certainly get your comments before the team. Thank you for taking the time to share those with us.
ref: PB-39719556
0 -
@ag_tommy Thanks for the reply.
I know that private faults are inaccessible to the FO; but in my "family" case. My dad and mom would need to share sensitive accounts pertaining to them; that they wouldn't want shared with their kids. We're not talking about WiFi passwords. Examples: Shared bank/pension accounts etc.
Me being the FO, could potentially help myself to anything in there. And yes, you could argue that each could keep those logins on their own respective private vaults. But then that's more micro-management if you keep the password updated 2-3x times a year. You'd have to copy a long string of passwords (which is why you'd want to use a password manager in the first place) from one private fault manually to the other. That becomes even more complicated to do once you start using passkeys.
But thanks again for your consideration.
0 -
That makes sense for sure. :) We do much the same here in my family.
0