Passwords sharing with specific users.

Hi guys.
I know you gave this some though, but I'd like to hear your input on this.

We're in the process of moving our passwords from passpack.com to 1password. And 1 feature stands out.
In PassPack the password was a single entity that could be shared with either a specific group of users (think all people who can access a specific vault) and with a specific user.

The Equivalent of sharing a password with a specific user in 1P is sending them the password. The biggest problem with that is, updating that password and making sure that every one who has access will have the updated one.

I'm specifically talking about those times when a new Vault doesn't make sense.

What are your thoughts on these types of passwords, that only 2 people need to share between them.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AlexUsov
    AlexUsov
    Community Member

    +1
    We also considering to move and would highly value the option to share a single password from a vault to another user with the following possibilities:

    • Share to a single / multiple in the organization or outside.
    • Option to change the password across all accounts if required.
    • Option to revoke access to one of shared account for every user.

    Good job guys, also waiting for windows beta ;)

    Thanks.

  • Megan
    Megan
    1Password Alumni

    Hi @altryne and @AlexUsov,

    Thanks so much for the feedback here.

    Honestly, managing access on a per-item basis sounds like it would only serve to complicate things. Let's say you give access to some passwords in a vault to a user. How does that user see these items? Well, in the vault of course. So, will all users have access to the same vault but see different items in it? Will they be storing each of these passwords in their own vault? That sounds ok at first, but it seems like it would very quickly become unmanageable once we're talking about a lot of items in the vault and a lot of users.

    By placing the items in separate vaults it's easy to see who has access to which items and it's easy to revoke and grant access.

    I'm specifically talking about those times when a new Vault doesn't make sense.

    I'd love to learn a bit more about the situations you're imagining here!

    Share to a single / multiple in the organization or outside.

    For sharing with people outside your organization, consider using the Guest feature. In the Admin console you'll see the option to add Guests, who will have access to only a single vault - this allows you to share important information securely, and simply.

    Option to change the password across all accounts if required.
    Option to revoke access to one of shared account for every user.

    Keeping a single item in a shared vault means that changing the password, and managing access, for every user is simple. This would definitely be something we'd need to look into if we decided to do per-item sharing.

    I hope this helps to explain our reasoning. We're excited to learn more about how people are using 1Password for Teams so that we can make it as useful as possible for everyone!

  • altryne
    altryne
    Community Member

    Hi @Megan , thank you for the thorough answer.

    I understand the sharing through vaults, my biggest concern is, for those situations where sharing the password to the whole vault does not make sense.

    For instance, we have a vault for designers.
    All of the company designers are in that vault.
    And for instance, I want to share a design related password, like maybe the Admin credentials to a service they use, or a license with one of them. If I share it with the vault, the whole team would be able to access it.

    If I share it with one of them, then I can only send it to him, and then when tha password ultimately changes, he won't be updated on it's change nor will he know the new one.

    When changing that specific password, there's no way of knowing who it was shared with, and who had access to it, making it virtually impossible to update the people who are allowed access to that account.

    Making a specific vault for those password is also tricky (we've considered doing this) as then, all of the people who will have access to that vault will see all of the other admin credentials, even though they are not suppose to see them.

    I hope what I explained above will shine some light on the problem we're foreseeing with transitioning to 1password for teams. And I would love to hear any suggestions, of even flow adjustments, so we could manage a large password fleet in a proper and maintainable way

  • We have a "Send Item" feature on the roadmap and I think it will help here.

    It would allow you to choose an item and share a copy of it with one or more 1Password for Teams users.

This discussion has been closed.