Best Practice? Vaults vs. Folders
I have three sets of passwords and sensitive data.
- Personal, which includes things like my bank account credentials
- Work related such as the credentials to my company's intranet
- and things for Family and Friends such as the password to my wireless router
I'm struggling to figure out what's the best way to organize these groups and wondered if other 1Password users can recommend some best practices?
It seems like the easiest solution is to simply use a separate vault for each of these three groups except there's a snag. I use a very long diceware master password as recommended by Agilebits' blog entries, and when I demonstrated this to my next-of-kin, they made lots of typos. So I don't relish the idea of having two or three separate master passwords, one for each vault. What I would like to do is just have the one master password to access my vaults AND all other vaults shared with me. Likewise, my next-of-kin can use their password to access their vaults AND any shared vaults. Is this possible? The documentation doesn't make this clear.
I know there are a lot of tradeoffs involved which is why I'm curious about other users' experiences. The shared Friends and Family vault for example won't have nuclear launch codes embedded in it and I can tolerate a weak password on that as long as there was some sort of audit trail.
Thoughts?
Comments
-
You've got two choices here; you either split data across multiple vaults, or you duplicate data across multiple vaults. Multiple vaults are a must here since you can not have your family and friends accessing your work logins. Personally I'd be very wary of letting anyone else have access to my personal logins.
Whether you keep your work logins in with your personal ones of not really depends on whether you want to sync your personal logins to your work machine or not. If you do (or you don't mind) then having personal and work logins in the same vault does no harm and saves you a master password to remember.
That just leaves the decision of whether to put the shared family and friends stuff in it's own vault or duplicate the logins across your, and all of the other people's vaults. I guess that depends on how many shared logins you have. If you have lots then the duplication becomes a drag when you need to update the passwords.
Personally I would not tolerate weak passwords on a shared logins vault, particularly because of the wireless router. What other shared logins do you have?
0 -
Hi @hodnettd
I hope that @RichardPayne's suggestions above were helpful.
So I don't relish the idea of having two or three separate master passwords, one for each vault. What I would like to do is just have the one master password to access my vaults AND all other vaults shared with me. Likewise, my next-of-kin can use their password to access their vaults AND any shared vaults. Is this possible? The documentation doesn't make this clear.
It just so happens that 1Password's new multiple vault feature was specifically designed so that you still only have to remember one password, no matter how many vaults you create. Your primary vault holds the encryption keys for all of your secondary vaults. This means that unlocking your primary vault will give you quick and easy access to all of your data, regardless of which vault it is stored in.
We still recommend using secure passwords for your secondary vaults, but the passwords will only have to be entered when the secondary vault is added. As a precaution, you might want to store the passwords for your secondary vaults as a 'Password' item in your primary vault, just in case.
Just as a further point of interest, it is unlock a secondary vault on its own. In the main app, use 1Password > Switch Vault menu. (In the 1Password mini, click on the lock image on the lock screen to select the secondary vault.) Please note that when you unlock the secondary vault alone, all other vaults will remain locked. You won't be able to copy items between vaults, and you will need to enter your Master Password to view another vault.
Please let us know if you have any further questions or concerns!
0 -
It just so happens that 1Password's new multiple vault feature was specifically designed so that you still only have to remember one password, no matter how many vaults you create. Your primary vault holds the encryption keys for all of your secondary vaults. This means that unlocking your primary vault will give you quick and easy access to all of your data, regardless of which vault it is stored in.
@Megan , remember that @hodnettd did not mention which platform he's using. What you described only applies to OSX as far as I'm aware. It certainly does not apply to Windows which requires re-entry as master passwords whenever you switch vault.
0 -
Oops. Thanks! That is an important clarification to make. The above does apply to Mac and iOS (I spend most of my time in those topics in the forums, so it's sometimes easy to forget that Windows doesn't quite follow that model).
0 -
Fortunately, I am using OS X and will see how using the primary vault to store the keys for the secondary vaults, goes. I admit to some trepidation that I'll want to share with someone and discover that they're using Windows but we can cross that bridge when we get to it.
For the curious, I was thinking of storing things like my Redbox and Netflix accounts there, and things like my local grocery store's rewards card. So my girlfriend could access her vault and from there, access the websites needed such that I'll be reminded to pick up popcorn and the latest crime thriller on my way home. In those scenarios I'm not so worried about the access as much as I want to know who and when.
0 -
Hi @hodnettd,
I admit to some trepidation that I'll want to share with someone and discover that they're using Windows but we can cross that bridge when we get to it.
Windows can handle a 1Password setup with more than one vault, but it's not strictly "multiple vaults" in the same way you're used to on Mac. On Windows, you can use the 'File > Open Datafile' menu to open a different keychain. So, you can have multiple datafiles/vaults/keychains stored on the computer and/or in Dropbox, but you have to unlock and view each one separately.
I was thinking of storing things like my Redbox and Netflix accounts there, and things like my local grocery store's rewards card. So my girlfriend could access her vault and from there, access the websites needed such that I'll be reminded to pick up popcorn and the latest crime thriller on my way home. In those scenarios I'm not so worried about the access as much as I want to know who and when.
It's very important to have shared access to the Netflix account, I know! :)
0 -
This could come in handy for an idea I have for a friends business :)
0 -
In some sense, your “Family and Friends” password collection will only be as safe as the least secure password that one of your family and friends is using to protect it. The strength of the password of the shared vault doesn’t make much difference if Uncle Joe’s master password is
testing123
.This isn’t really a 1Password issue; it is true whenever secrets are shared.
0 -
Hi @benfdc,
That's another good point to note.
It is our hope though that, since 1Password is remembering most of users' passwords for them, they will be more willing to remember one nice strong one. :) And I'll throw my favourite password blog post in here too. All users who are creating a Master Password for the first time should have a read-through our guru's post: Towards Better Master Passwords. It has a lot of tips to help users create a password that is both memorable, and easy to type!
0