Role-based access to objects for estate planning
I'm working on estate planning for myself, just in case something happens to me. Currently I have all my objects stored in a single vault with one master password. However, I'd like to grant my estate executor access to a subset of my accounts (financial, social media, etc.). But a majority of my passwords they should not have access to.
Is there a way to "sync" specific objects into another vault or protected storage area that has a different master password from my main account? I'd love the ability to tag certain accounts as ones I want sync'd or accessed via a different master password.
If that's not possible or too hard, then being able to print account username/passwords for a subset of accounts that I can store in a safe would be OK and NOT give them any 1PW access. For example, add the ability to tag an account as exportable then allowing me save only those accounts digitally or print to hardcopy.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
@TravelSD: Thanks for reaching out. It's definitely an important topic. It isn't possible to sync specific items, only vaults. But there are a few things that could help.
You could export and print data, but as this is insecure it would be better to create a separate vault for this purpose, keep the specific items you both need to access there, and share it with them. This works with an executor or family (or team members) and is easy with a 1Password Families (or Teams) membership:
Create, share, and manage vaults
And while typically we think of doing this with others who are "full" family or team members, Guest accounts are also very handy for this. Any 1Password Families or Teams plan includes a number of Guests in the base price, and these are limited accounts which only have access to a single vault you hare with them. So they're actually pretty handy for this sort of thing. That way you've got this vault that you can still use, but which is shared with another person so they can as well, without giving them access to everything.
I hope this helps. Be sure to let me know if you have any other questions! :)
0 -
The team concept sounds interesting, except that it's not really feasible to manually sync my dozen or two accounts between two vaults.
Personally, I'd find it more appealing to stay with a single account plan and permit a single guest account with selective access to objects. In 1PW I could tag an object as 'guest access' and then leave my guest password printed in a safe along with a guest emergency access printout so they could install 1PW and access the guest objects.
It's unlikely that a guest would need access anytime soon, so it's hard to justify spending the extra $ on a team account just for an emergency purpose. Not that I don't mind paying you guys for a great product, but allowing single guest for a personal account would be ideal.
0 -
The team concept sounds interesting, except that it's not really feasible to manually sync my dozen or two accounts between two vaults.
@TravelSD: Oh, I wouldn't want to do that either. That's why I suggested keeping the shared items in the shared vault and all of the stuff only you need to access in your Personal/Private vault. If you do this there's no manual sync for you or the person(s) you're sharing with — you simply sign in to your 1Password.com account to access everything available in your account.
Personally, I'd find it more appealing to stay with a single account plan and permit a single guest account with selective access to objects. In 1PW I could tag an object as 'guest access' and then leave my guest password printed in a safe along with a guest emergency access printout so they could install 1PW and access the guest objects.
Individual 1Password.com accounts simply cannot share with anyone. There isn't any way to do this cryptographically. When you invite someone to a 1Password Family or 1Password Team, the setup process involves exchanging the equivalent of public encryption keys between members to facilitate sharing vaults without having to manually give each other keys — or vault passwords.
It's unlikely that a guest would need access anytime soon, so it's hard to justify spending the extra $ on a team account just for an emergency purpose. Not that I don't mind paying you guys for a great product, but allowing single guest for a personal account would be ideal.
Depending on the situation, a 1Password Teams account may not make sense. After all, not all of us are using 1Password in a business setting where we need strict access controls and other advanced features. That's why I suggested 1Password Families as well, which is obviously more affordable for families. However, as a single user, 1Password Teams can actually be cheaper for this use case, as you'll be paying only for your own membership and the Guest account is included. Just a thought. :)
0 -
Which "teams" option do I need for allowing myself access two vaults, and a guest to access one vault? Looks like Pro is needed for RBAC? And how would I migrate data from a single user account into a Family or team setting? Can all current clients (Windows, iOS) support both shared models?
0 -
Which "teams" option do I need for allowing myself access two vaults, and a guest to access one vault? Looks like Pro is needed for RBAC?
@TravelSD: As I mentioned earlier, any 1Password Families or Teams plan includes a number of Guests in the base price. I had to look up "RBAC" though. :lol:
All 1Password Families and Teams use permissions, but those available to the 1Password Teams Pro plan are just much more flexible. 1Password Families uses 3 non-configurable "roles": Organizer, family member, and Guest. These are mirrored in the 1Password Teams Standard plan with Owner, team member, and Guest, but you can also assign vaults to certain groups (which 1Password Families does not use). The 1Password Teams Pro plan expands on this with custom groups and more granular permissions.
But I'm not sure that any of this matters for your purposes, as in any of these cases you can invite someone as a guest and give them either read-only or full access to a single vault.
And how would I migrate data from a single user account into a Family or team setting?
Just to you your account menu in the 1Password.com web interface and click "Invite People". :sunglasses:
Can all current clients (Windows, iOS) support both shared models?
Which "shared models" are you referring to? If you're just asking if the apps support 1Password Families and Teams, the answer is yes. :)
0
