Configuration advice

JoeSchueller

Hello... long time user here who hoped to be able to use iCloud keychain exclusively, but I bit the bullet and purchased the most recent version of 1Password today. I'm sad to admit that the engineering for all of this is feeling beyond me, so I'll solicit advice on how to proceed.

Here's the desired outcome...
I'd like my wife and I to be able to share accounts/passwords across our shared banking services/apps and other shared utilities. This should happen across my laptop, our shared iMac (separate acct's) and our individual iOS devices. Additionally, I'd like us to be able to store and manage our individual Google and Facebook (among other) identities.

So we have:

• A number of shared accounts
• A number of individual accounts (no duplication)
• A small number of individual accounts on the same sites

On top of that, we have:

• One individual Mac
• One shared iMac (separate user acct's)
• 4 iOS devices (2 each)
• 2 iCloud ID's

In the past, I simply put our Agile keychain in my dropbox account and simply gave her OS X account access to that local folder on the Mac. That was an OK solution, but felt somewhat suboptimal, and it forced me to put my Dropbox account on her iOS devices.

I'm ready to start clean with this iteration of 1Password, but it isn't straightforward to me. What's the "right" way to do this?

It seems I could set up 3 vaults: hers, mine, and shared; then sync each individually (iCloud for hers and mine individually and then dropbox or WiFi for shared), but the what's that user experience like? Do I have to manually switch vaults to look across the individual vs. shared vaults or is that seamless to the user? I'd like to understand the user experience before dropping yet another $10 on the pro version of the iOS app.

Am I better off putting all of our shared stuff and her stuff in the shared vault and then creating a separate vault for my individual stuff? Am I better off using iCloud keychain for the stuff that overlaps and only use 1Password for shared identities?

Why can't this be simpler?!?!

littlebobbytables

@JoeSchueller‌ So there are a few questions in there.

1. Vaults. Vaults are quite separate and you need to switch between them. Personally I actually prefer this but some people more want a single merged view that is easily searchable. I like keyboard shortcuts so switching between vaults for me is second nature ⌘1 for the primary vault, ⌘2 for my secondary and so on if you have more.
2. Sharing. I'd say your best bet is actually Dropbox but used in a slightly different way. You can sync your primary vaults via iCloud if you want but secondary vaults are only possible via Dropbox at the moment, we'll see if that changes but it all depends on how Apple allow sharing of folders or files. What you want to do is set up a second Dropbox account for your wife, then you share a folder that contains just your secondary vault. That folder and the vault will then appear in her Dropbox filesystem and she never needs actual access to your Dropbox. Here's a link to AgileBits' guide on sharing a vault using Dropbox. While it's technically under the knowledge base for 1Password 4 I don't believe anything has really changed since Yosemite or 1Password 5.

So you each have your own primary, personal vault which can only be unlocked by your own passwords and then the shared vault password which you both know. I've heard of one or two instances where a single main user has their spouses entire vault as a secondary vault - it all depends if you're expecting to maintain it or if your spouse is quite happy using 1Password and doesn't require assistance. The shared iMac won't pose a problem either for Dropbox as each account (I'm assuming you have fully separate user accounts on it) can log into their own Dropbox without interfering with the other user account.

hawkmoth

One additional thing to remember - If you want to use iCloud for syncing at all, starting with version 5, you must purchase the desktop application from the Mac App Store.

JoeSchueller

Thank you both.

I'm an old 3.x user who just bought 5 today (via App store) and I paid for the original 3.x pro on iOS, but would prefer to stay simply free in the 5.x iteration on the side iOS if possible.

I think what I'm going to do is stay on a single vault for everything so no one has to create/maintain/memorize a second password and not save GMail/Facebook passwords on 1Password at all (leave those in iCloud keychain) and do everything off of a Dropbox shared folder. (get her her own account and up my folder size with the referral). I'll update her iMac config to point at her local version of the shared Dropbox folder and install Dropbox on her iOS devices.

I believe this also allows me to stay "free" on the iOS side and minimizes my training overhead.

JoeSchueller

I'm also curious if most 1Password users use a blend of iCloud keychain and 1Password? Do you find them difficult to keep in sync?

Ben

I'm also curious if most 1Password users use a blend of iCloud keychain and 1Password?

I know we have users who do it and like the flexibility offered by doing so. Obviously we can only support the 1Password portion of the equation. :)

Do you find them difficult to keep in sync?

I don't do it, personally, so I can't comment.

Lamplighter

@ JoeSchueller:

Using a family license, I faced the same sorts of design issues in setting up 1P4.

The structure I decided upon gives each person on my "family license" their own Primary Vault, to do with as they wish because primary vaults are not shared with other family members. My daughter uses her Primary Vault for work and synchs it to her iPhone.

Then, on my MacMini, I created multiple Secondary Vaults, one for each member of the family, which I share individually via DropBox.
I consider the items in my primary vault to be "masters"; that is, it is the most current and the one copied into secondary vault(s) of other family members.

I use Tags to track which vault each Login is currently active, and if it uses "mobileSafari", etc. on iPads or iPhones. This way, I can easily re-populate an entire secondary vault or an individual login, if needed.

When my wife wants to share a Login with me, she creates it in her Primary Vault and copies it in to our "shared secondary vault". She lets me know when she has done this so I can copy it into my primary vault, sort of as an archive. (We have not yet explored the impact of other family members also creating secondary vaults to uniquely share among themselves)

Once set up, this structure has been pretty easy to maintain. But I can see that if there were larger number of users, or a lot of activity in creating new items, it might become cumbersome. But so far, for my family of 5, it's been fine.

Megan

Hi @Lamplighter,

Thanks so much for sharing your set-up! It sounds a bit complex, but I'm glad that it works for you. :)