Multi-vault feedback
We've been using multi-vault configurations in our company for a couple months now and wanted to provide some feedback about the feature.
Our use-case
We are a small company (10-20 people) where security is important and we use lots (hundreds) of different cloud-based services. Some of these services allow us to create a company account under which we can create a user per employee who needs access. However, many have no such concept so when we need to share access to those services we also need to share credentials.
This is where multi-vault 1Password steps in. To manage the shared credentials, we use a shared .agilekeychain with which we can keep our shared credential vaults synced across employees and devices. In fact, we actually run with multiple shared .agilekeychains as a simple way of limiting access to more sensitive credentials. Every employee gets access to the least sensitive .agilekeychain while the others are only shared with those who need access.
What we've learned
It's too easy to merge into rather than open an .agilekeychain
It's not that opening an .agilekeychain as a secondary vault is difficult to pull off when you know the right steps (find the "file" on disk and double-click). The problem is that it's not the intuitive thing to do. Multiple employees in our small company managed to merge their primary vaults into the shared .agilekeychain, sharing their private logins with everyone. While I didn't actually hit the merge button, I too went down that same route myself when setting up my shared vault for the first time (in sole, primary vault: open preferences and configure sync).
While this might appear like a subjective polish item, the failure mode is disastrous (personal bank creds pushed to company) and so is our top item for feedback. For this reason alone, we are no longer able to use Dropbox syncing and almost had to abandon 1Password. We did, however, find a solution using Google Drive. Drive can enforce read-only access to the .agilekeychain, mitigating the worst aspects of this problem.
It ought to be possible to edit vault meta-data after creation
Color and picture are probably the most important for safety reasons, but name should be editable too. As you add more and more secondary vaults it's an important safety feature to be able to quickly visually distinguish between vaults so that you minimize the risk of putting something in the wrong place. Being able to adopt a new color and/or picture scheme after the fact would be very useful. Often times the value of a different color/picture for each vault is overlooked by inexperienced users creating a secondary vault for the first time.
A permissions scheme is needed
While we've found a stop-gap solution through Google Drive, it does have some drawbacks:
- Because we're Google Drive syncing is not supported everywhere, the .agilekeychain is only accessible from desktop clients. Again, in our use case it happens that most shared credentials are for sites we rarely need to access from our mobile devices.
- Because an .agilekeychain is not a vault (I think of it as a sync channel), even users with read-only access to the .agilekeychain can edit their local vaults that sync through it. The changes won't be synced because of the limited file permissions, but it can still be confusing because there's no message in the UI that those changes are failing to push. Also, if for any reason the user is, even temporarily, given write access to the .agilekeychain the queued changes will push to the world.
Ideally we'd have a sync-platform-neutral way of administering shared vault permissions. Perhaps different passwords to open the .agilekeychain with different levels of access. Being sync-platform-neutral has obvious benefits. But also, not relying on underlying file system permissions lets you be more nuanced about what "read-only access" means. For example, if you want to track last accessed meta-data that's actually something that even "read-only" users would need to be able to write.
In the shorter term it could be useful to have some UI indication of the inability to sync certain changes, perhaps with some ability to sweep those changes into another vault (probably the original intent).
Thanks!
Thanks for listening; we love your products. I have tried not to prescribe solutions. Where I have, feel free to take them or leave them. Sometimes it's easier to describe a problem by getting into possible solutions.
Comments
-
Hi @jcottr,
Thanks so much for all the detailed feedback! It's greatly appreciated. :)
It's too easy to merge into rather than open an .agilekeychain
We've made some significant improvements to prevent this, which will be coming in 4.3. I hope the coming changes will be helpful! :)
It ought to be possible to edit vault meta-data after creation
We hope to add this ability in the future. I don't have a timeline, but it is on our radar.
Because we're Google Drive syncing is not supported everywhere, the .agilekeychain is only accessible from desktop clients.
We are looking into alternate syncing solutions, such as Google Drive. We don't have anything to announce at this time, but we are considering adding more sync options to our mobile apps.
Thanks for listening; we love your products.
Awesome to hear! Thanks again for the feedback. :)
0
