All employees use 1 computer, is it best to delete 1 Password desktop app and use internet account?

allyndreth
allyndreth
Community Member

We have 1 computer where all employees work - we used to keep separate vaults to use as our permissions but with 1Password 6, all our vaults are accessed by the primary vault. So, we just set up 'families/teams' to have each person with an individual log in with specific vault permissions to take care of this.

I invited our 1st team member but she signed up at home and now needs to authenticate the work computer. Does everyone need to print out the authentication key and enter it when they come to work? They do NOT need to work from home. Seems unsafe at best to have them have to carry around the emergency kit so that they can get set up at work..... Or, have I missed something?

Also, when at work, and we send someone to lunch break, they would need to log out of 1Passworrd/teams and the sub then log in? What would be best practices here?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:All employees share 1 computer, is it best to delete the desktop 1Password?

Comments

  • Hi Allyndreth,

    Yes, every employee would have to log back in with their master password and account key. 1Password assumes the computer is used by one person and caches the account key locally so that you only have to enter it once per computer. But since you are sharing a single computer between multiple people, that cached account key will need to be re-entered by each person every time.

    The best practice is to use the built in multi user capability of Mac OS X (System Preferences > Users & Groups). If every employee has a local login to the Mac, then they can treat that like their own personal computer. The account key will be cached correctly in that individual users account on the Mac.

  • allyndreth
    allyndreth
    Community Member

    Thanks for the feedback Chad. We cannot have separate login passwords as that makes everything worse as so many things are used and accessed by everyone. Only certain passwords to supplier accounts, bank accounts, credit card information for ordering supplies
    etc. are restricted by employee.

    We used 1Password with separate vaults each with an individual master password for access and gave those passwords to employees who needed that info, but with 1Password 6, it seems that all our vaults are accessed together - not useful! I thought Family/Teams would help with this issue as each employee has their own.

    Is there any way to have an employee accept the invite via webmail on the work computer, and store their authentication key in keychain? Oh' nope, I just realized that anyone can get that info if they look.

    Any way we can get back separate vaults with access individually on 1Password 6? How can we solve this problem? Any ideas?

  • allyndreth
    allyndreth
    Community Member

    Oops, to be clear, every employee cannot have an individual desktop on the computer with individual password as that creates chaos every lunch break, bathroom break, volunteers, casual reception replacements etc. Much better to get 1Password to wrangle privileges if possible. Casual folks just need to access the login for the scheduling app and EMR, folks who order supplies or reconcile banking with EMR need access to supplier accounts, ordering etc.

  • Hi @allyndreth ,

    We can certainly understand your situation. The way the feature worked before (where you could not unlock individual vaults) was not sustainable in the long run due to underlying architectural improvements that needed to be made. But that doesn't mean something can not be done. We are looking at ways to improve this, but do not have that solution available today.

    The best way around it today would be to use the web login to 1Password for Teams. Your employees would have to have their account key with them though, and check the "This is a public or shared computer" checkbox when logging in. I realize that is not ideal, but it's the only way to do it right now.

    Regards,
    Kevin

This discussion has been closed.