Vaults, sharing, and flexibility
Just getting started with Teams and playing with the feature set to see how well it fits my needs. I'm curious about the decision to stick with the vault mechanism and wondering whether AgileBits would consider other sharing models to give more flexibility. I know that there are good use cases for vaults, but I've never found them to be the granular enough for my most pressing needs (or those of clients that I support). They would be handy for a few cases, but I'm not sure I'm getting enough to justify $5/mo for each user of my team (which is top of the barrel for password manager pricing).
I'll run through a few of my use cases. I know that I can handle these with current features in other password managers like Dashlane and Lastpass. I just don't love them quite like I love 1password and want to keep giving AgileBits my money! ;)
The main issue I find with vaults is when wanting to share overlapping sets of passwords with different groups. Let's say I want to share a collection of passwords with a spouse for emergency use and also want to share a couple of those passwords with a business partner. I either have to start chunking up vaults into smaller pieces (and manually computing the right splits for my "policy) or keep the same password in sync between two vaults.
I run into a similar issue with some of my consulting clients. I'll often create passwords (or have them create passwords) in the process of setting up an encrypted backup, a server, or a new cloud account. I've used Dashlane before to exchange those passwords. Dashlane is not as polished as 1password in features they share, but it's got some great tricks when it comes to sharing. If my client owns the password, they can even audit my access to it to make sure I don't download it before I truly need it.
I want to be able to create pairwise encryption keys to protect files I send over email or share via Dropbox with clients and colleagues. A lot of my small business clients need this functionality, and I'm always forced to send them to a 1password competitor. It's technically possible to do this with Teams, but it's going to mean littering 1Password with a lot of single-entry vaults (and that feels like a UX nightmare).
As a health practitioner, I need to pass my records (and passwords) to a colleague in the event that I die or become incapacitated. In this scenario, I'm going to be handing over passwords from my private vault. I want some safety nets here to prevent misuse. In other password managers, a notification will be kicked off when the designated "share-ee" requests access to the passwords. This is as much an authorization/policy/audit challenge as it is a challenge for vaults.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Thank you for the feedback, @cjcampbell !
We really like vault-based sharing and updated Mac and iOS clients to make it easier to work with many vaults spread over multiple 1Password for Teams accounts.
I agree that there are cases where it would be easier to share a single item instead of setting up an entire vault. This is something that we are considering and will be able to implement in secure way now that every user has their own public/private key pair.
0 -
You should read how boxcryptor.com was solving this problem for file based access. I really like they why they did it and they have a good documentation about it.
BTW cause the agile team is a good source for me to get good crypto advices I'm keen what you guys think about the boxcryptor solution.
0 -
You should read how boxcryptor.com was solving this problem for file based access. I really like they why they did it and they have a good documentation about it.
@random_31731ec7aea: Do you have a link to that specific documentation? I haven't made my through the entire site yet, and you've piqued my interest. I'd love to give that a read! :)
0 -
https://www.boxcryptor.com/en/technical-overview
See Term "File key"The boxcryptor documentation is not so in details like agilebits one. What I'm mean with good documentation is when your read thrue technical overview, you understand their design.
They use a File key (Item Key) for every File/Item. Since thy don't differentiate between directory (Vault) and file (Item) they can easily give you access to a Item with out the rest. I guess this concept can transportated to your concept, cause for what I saw at the moment they are quite similar. I could write more details, but I guess it is not necessary for your guys :-).
0 -
@random_31731ec7aea: Thank you! I'm at the tail end of my 'day', so I'll have to make that my breakfast reading. So far it really sounds interesting! :chuffed:
0
