Feature Request: Update passwords across all vaults
1P is a great benefit for working in our teams and with external co-workers. Especially the **"update password" **dialogue box with the option to choose which entry in which vault should be updated is very beneficial, when you have to change a password, due to a colleague who has left the company and shouldn't have access anymore.
The most efficient way to organise passwords for us though, is to have duplicates of passwords in different team vaults. Like the same log-in stored in a "Web/IT" team vault and in another "E-commerce" vault for a different team.
In this case an option to "update password across all vaults" option in the dialogue box popping up after updating the password through 1Password Mini/Chrome extension is necessary in order to save a lot of potential confusion with same passwords stored in different vaults.
1Password Version: 5.5 BETA-27
Extension Version: Chrome Extension 4.4.3.90
OS Version: OSX 10.11.1
Sync Type: Not Provided
Comments
-
Thanks for the feedback, @plambertz.
I think I understand where you're coming from, but I'm uncertain why you would prefer to duplicate logins across multiple vaults. As you say, having the same login with different information in different vaults would create a lot of confusion. It's not just passwords that could be different; you could edit an item in one vault and forget to update the other.
Could you elaborate on your reasoning for having multiple copies of a login? Perhaps there's another way.
0 -
I'm not the OP, but I could see some people wanting to structure their passwords in multiple vaults for easy organization, particularly with different but overlapping groups.
For example: Dave's team needs access to systems A, B, C along with many other passwords unique to their team. George's team also needs access to systems A, B, and C, but none of the other passwords for Dave's team. George's team has their own password list. You could split A, B, C out into its own vault, but then what about when Tina's team needs access to only system C, and having access to A and B would not be appropriate? It will quickly become a nightmare to try and segment the vaults appropriately, particularly as roles change, people move between teams, re-organizations occur, etc.
Having a system wherein there is only one password per item that can then be linked to one or more vaults could be very useful, similar to how one might tag an email in Gmail with multiple labels because that email fits into multiple contexts.
0 -
Thanks @EnerJi this is exactly what I've been talking about. I couldn't have explained it better. We have a team of around 1000 people spread around 44 countries, which we want to connect with 1password. So it is quite certain that there will be overlapping passwords, exactly as you have explained. I thought about connecting the multiple copies, so that one can update the passwords in all different vaults at the same time with an option in the dialogue box "update data across all vaults" instead of the current option of only being able to chose on vault in the dropdown. Your idea of a single password file being connected to multiple vaults is very smart, too.
0 -
Thanks for the explanation @EnerJi and @plambertz.
That's certainly something for us to mull over. I don't think I have a solution to propose that would scale to very large teams (with what we currently offer). It'd be neat if we kept references between "duplicated" items across different vaults so that propagating updates could be done easily.
Thanks for the feedback.
Rick
0 -
Thanks @rickfillion and @dteare for listening and considering our feedback!
0 -
You're welcome.
Rick
0 -
An enormous +1 to this request!
0 -
Thanks for the vote. :)
0 -
Another enormous +1 to this request.
I've just started trying out the beta and being able to share a single login across multiple vaults would be an absolutely key feature for us, for the same reasons noted above. I'd have thought this would be a requirement for most organisations too?
We have lots of different teams, who mostly have their own sets of passwords for particular services. But there are a significant number of services that multiple teams need access to. Creating a single shared vault is not a solution, because the passwords that need to be shared vary team by team.
The only way to do this currently is to create duplicates across multiple vaults, which is a recipe for disaster.
I'd go so far as to say that I don't think 1Password would be an option for our organisation without this feature.
Would be great to know if there are any plans to implement it?
Ben
0 -
Hi, @Ben_Hobson, and welcome to our forum!
We're considering this for the future, but it's not something we're able to implement right now. At this point, to keep things in sync, you'd need to have just one copy of the item stored in a vault that's shared with whoever needs it.
0 -
+1 +1 +1
This feature would make onboarding so easy. There would be a simple rule that an IT team could follow that would be able to grant all new team members access to the right passwords. For example, marketing is placed in the marketing vault and community in the community vault. Currently, our IT team needs to drop new marketing team members in the marketing vault, product marketing vault, marketing and engineering vault, etc. It's hard to streamline this process when new team members need to be in multiple vaults.
Thank you though for 1Password for Teams! I love the one-time-password and notes features! Such a great user experience.
0 -
Yes, I can also attest that as a potential paying customer what I really want to see is the ability to control (and audit!) people's access PER SECRET (account, note, etc.). Shared Vaults / current 1Password for Teams are an improvement from an old school 1Password environment where everyone had the same password and shared the vault on the local file system but the best scenario is to be able to permission items individually only to the people that need access. We have some 40+ teams in our group and are facing having to have at least 40 vaults for all of our secrets but then on top of that not every secret is appropriate for all members of that team. The other part of this is having some sort of immutable audit trail any time a secret is decrypted so that we can see exactly who accessed what and if a staff member has left we can change just the passwords that they accessed rather than everything they might have been able to access.
0 -
Thanks for the feedback folks! Obviously this would be a very different approach than what we have now, and keeping it secured cryptographically would be an interesting challenge... Consider that for the setup you've proposed, with the level of security we currently offer, each item would potentially need its own encryption key.
That said, we're always interested to hear how folks are using the service, or would like to use it. This is all feedback we can take into consideration as we move forward.
Thanks!
Ben
0
