husband/wife password sharing strategy
I recently purchased 1Password 5.02 from the Mac App Store. I moved over from LastPass. I'm a bit confused as to the best approach. Here's what I'm looking to do:
I have an iMac I use for freelance projects, with several passwords unique to that, a personal MacBook Pro, and my wife has her MacBook Air. We both also have iPhones. I have passwords I want to keep separate for my freelance work on the iMac, but I also have quite a few passwords that I'd like to share with my wife and have available for both of our iPhones. Since I migrated over from LastPass, everything is currently sitting in a big pile on my personal MacBook Pro. I think I should create a separate vault for the freelance project passwords. How do I share the freelance passwords between my iMac and MacBook Pro, and how should I share my personal passwords between my MacBook Pro and my wife's MacBook Air (and also with our iPhones)?
thanks!
Comments
-
Hi @grizfan93,
Thanks so much for taking the time to write in and for asking such a good question :+1:
The good thing is that we have a very good starting base, you data sits all in your Primary vault. As you already mentioned, the best way forward is to create separate vaults for each one of you use cases and start moving items from your Primary vault to other secondary vaults.
To move an item or a group of selected items from one vault to another, please go to Item > Share > Destination Vault > Move menu.
After analyzing your scenario, here's how I think that you should set up your 1Password vaults for you and your wife:
You:
- Primary Vault which contains you private data.
- Freelance projects vault.
- Family vault which you should share with you wife via Dropbox sync.
You wife:
- Primary vault with her own private data.
- The Family vault that you just shared via Dropbox sync.
Please refer to this article from our Knowledgebase to learn more about how to share vaults using Dropbox sync in 1Password for Mac.
Please let me know if this helps :smiley:
Cheers!
0 -
Keep in mind that 1PW cannot search across or access multiple vaults at one time, so you (or your wife) will have to manually switch between vaults to search them individually or gain access to a specific login, credit card or whatever. In my specific case, my wife was never going to do that, so I had to adopt a different workflow from the one Rad mentions.
There's a fair amount of discussion about this in other threads; one of them being here: https://discussions.agilebits.com/discussion/comment/148607#Comment_148607
0 -
Hi @oshloel
I looked over your approach and I was curious about one aspect. As you say, not everybody may be willing to work over more than one vault which I get. I was wondering though why you kept items in both your vault and your wife's, could you not keep the shared items just in your wife's vault?
0 -
Yes, I could keep the shared items just in my wife's vault, but then I would be the one switching back and forth between vaults to find personal vs shared logins, our cc numbers, etc. Even though I would understand that and could do it, it still would require several more steps switching vaults for me to, say, make a purchase on a website (using a login not shared) with a shared credit card. That's counterproductive from my perspective. It's easier for me to just manage all of my and our shared items in my one vault and then do a quick copy to her vault if it's an item I've tagged as shared. That way we both have full access to everything in our own single vault.
0 -
Fair enough :smile: I don't know if it will change your mind at all or not but having joined AgileBits I've found the need to be switching vaults rapidly. What I find works well for me are the keyboard shortcuts.
I don't tend to use the Fill Login on current web page (⌘\ shortcut) much, instead I use the ⌥⌘\ shortcut which represents Show 1Password mini as that doesn't auto-submit if there is a single option in the current vault. With the 1Password mini menu open you can quickly switch between vaults using the ⌘1...⌘9 shortcuts where ⌘1 is your primary vault and then ⌘2...⌘9 for you secondaries. Now I'm a big fan of keyboard shortcuts but it means I barely think about the fact I use multiple vaults. It might not be a fit for you but it may also be the case you weren't aware of the shortcuts, certainly I know I've learned an awful lot about 1Password since I first joined these forums as a customer.
0 -
I agree. The keyboard shortcuts absolutely would reduce the extra "overhead" so to speak. I use the cmd-\ and opt-cmd-\ shortcuts often and was aware of the cmd-# shortcut to switch vaults but don't use it often. In general I tend to be a bit more mouse/trackpad oriented vs keyboard focused when navigating. I my situation I don't see a reason to switch vaults on a routine basis if I don't need to do so. As it is now, the only time I need to switch vaults or take an extra step is when adding/deleting/updating a shared item in my wife's vault (which is not that often) vs having to use either the keyboard or mouse to switch vaults on an ongoing daily basis.
Ultimately, it's nice that 1PW allows different approaches to skin this cat. Hopefully, AgileBits some day will provide an option for an integrated view across selected vaults as an added option.
0 -
Hi @oshloel
Others share your interest in such an integrated view and I've added your voice to the improvement. Hopefully we'll see it in a future update.
ref: OPM-1644
0 -
Thanks for the feedback. I think I will adopt the multi-vault approach. I like that keyboard shortcut approach, though I must say, I do sort of miss the LastPass shared folder method.
0 -
HI @grizfan93
If you need assistance with adopting the multi-vault approach just let us know. As you may have guessed, there is a large scope for fitting in with several different approaches, so it comes down to which best fits your needs.
- You can keep it simple with just a personal and secondary work vault and share these accordingly between you and your wife and all of your devices via a single Dropbox account.
- You can be more elaborate, with your own personal vaults, share a common vault between each of your own Dropbox accounts and then share the work vault with just your work Mac.
So the questions you need to ask at the moment are No. of vaults?
- Personal vault each + a common one
- Single vault between the two of you for everything
Dropbox. Do you need access to a Dropbox account each or do you wish to share one?
Once you know those the rest can fall into place. If you start off simple you can of course tweak it later to the more complex configuration.
Let us know how you would like to proceed.
0 -
Hi - I've been testing a few scenarios using Dropbox. At the moment, I have a single shared Dropbox folder and 3 vaults: my vault, a work vault and a shared vault for my wife and I. I see 3 vault files in the drop box folder, but at least here at home, I can only open 1 at a time, I don't even get the chance to switch between vaults. I'd like to set this up so I have can switch between all 3 vaults both at home and at work, and my wife can access her personal vault and the shared family vault.I hope that makes sense.
thanks!
0 -
Hi @grizfan93,
On the different Mac, you have to import the vaults to let 1Password know you want to use it. 1Password doesn't sync the information about the multiple vaults you have to other devices running 1Password for security reasons, you have to explicitly add each vault to each 1Password app.
To do this, just double-click on the other vault file you saw in the Dropbox folder, 1Password will open up and ask if you want to import it, if yes, enter the vault password. Once you finish with this vault, you then repeat the same process for the other vault.
After that, you should now see all three vaults in 1Password.
Your wife would have to do the same thing, double-click on the family vault to have 1Password import it and she needs to enter the vault password to finish the process.
I hope this helps and if not, can you explain a bit more about the problem you're having.
0 -
The vault (aka wormhole) that I share with my wife is just for secure exchange of info. It is mostly empty. I COPY stuff there, and she then MOVES it into her own personal vault. Works the same in the other direction. This method eliminates the need to switch between (or among) vaults in one’s daily routine, and makes it is easy to check whether one spouse has “picked up” an item that the other has “dropped off.”
The downside is that a change made to an item of common interest in one of our personal vaults is not automatically reflected in the spouse’s vault. We have not found this to be a major problem.
0 -
One could also use the wormhole vault for permanent shared storage of selected items, but then one has to deal with the mental overhead of remembering what stuff is in one’s personal vault and what stuff is in the shared vault. Or one could have two shared secondary vaults—a wormhole for exchanging stuff and another vault to serve as a permanent home for shared information that is not generally needed on a day-to-day basis (insurance policies, medication lists, software licenses, home inventory, etc.). Similar pros, similar cons. Whatever floats your boat.
0 -
Like @oshloel, I have WAF (wife acceptance factor) issues. His use case sounds EXACTLY like mine. And my solution has been exactly what he proposed.
1) My wife absolutely will not understand the concept of multiple vaults and vault switching
2) My wife absolutely will not take the time to update logins in a shared location. It will need to happen for her semi-automagically.
3) My wife doesn't care if I have access to all of her passwords. As it is now she only has two and I know both of them. :smile: I'm hoping to solve that with 1Password!
4) The ability to have a unified search/fill/update across multiple vaults would solve this for me. I'm fully aware of the keyboard shortcuts and am capable of adapting my habits. If I want buy-in from my wife they will not be an option.Add my +1 to this feature.
@Megan I think that you (or somebody at AgileBits had previously mentioned an issue with one user's primary vault being a secondary vault for another user. Are there any known issues that you're currently aware of?
0 -
Hi @alphbrav
I don't know if I would call it an issue but we just like to tread very carefully if you want to sync one person's primary vault as a secondary on yours. 1Password has default locations it likes to use. With secondary vaults on a single system that's fine as each is uniquely named. With the configuration you're referring to we need to make sure each of the two
1Password.agilekeychain's is in a different folder so they're not accidentally merged or a mistake is made and one is deleted.If you have any further questions do please ask :smile:
0 -
I've had similar confusion as to the best way to set this up. I think I like the "wormhole" approach. I want to make sure I'm clear on the basics:
- The shared vault requires a separate password, different from the Master Password.
- My wife will have her own Master Password (different from mine) and will also need to enter the password for the "wormhole" vault in order to access whatever is in there.
Do I have this correct?
0 -
Hi @Sapphire9,
No, not quite correct. In 1Password, when you unlock your primary vault, all secondary vaults get unlocked automatically. So you will each have your own Master Passwords, and except for the part where you setup sync and it asks to get the Master Password of the vault to add it, you shouldn't need to know each others' Master Passwords.
Hope this helps.
Rick
0 -
Hi @Sapphire9,
You're correct on both points. Each vault has its own password although of course it could technically be set to the same as another vault (although that does weaken your security when you do so).
Now with 1Password for Mac once you've added a secondary vault it won't ask you for the password after the initial sync. The encryption keys are stored locally in the encrypted .sqlite database file that contains all of your vaults on this machine or device. If you're only using it as a transfer conduit ("wormhole") then you probably won't be bothered if you forget the password for this secondary vault.
If you use a secondary vault to house stuff more permanently what I'd recommend after my own person experiences is to maybe store the secondary password in your primary vault. Of course it's never a total loss. Even if you can't remember the password for the secondary vault you still retain access because of how secondary vaults are handled on a Mac and you can always create a new secondary vault and move everything over. That's what I had to do when I realised I'd completely forgotten the password for my work vault.
If you have any follow up questions do please ask :smile:
0 -
@rickfallon, @littlebobbytables - Thank you for the quick and very helpful responses.
I just started using 1Password and I love it. Thanks again for your help.0 -
Hi @Sapphire9 ,
On behalf or @rickfillion and @littlebobbytables, I'm so glad to hear that we were able help you get things set up!
If you have any further questions about 1Password, we're here for you. :)
0
