Family master passwords - only as strong as weakest?

Overfinch
Overfinch
Community Member

Hi, I'm a long time user of 1Password (and great fan of it). And I have taken the trouble to use a massive, horrible, master password. I'm thinking of moving to a Families subscription, but there is no way my wife or kids will ever use a master password anything as complex or strong as mine. If we move to Families, and they set up their own master passwords, will the security of my data be reduced down to the weakest master password in the family? If you can throw some light on this would be great, as Family subscription sounds very appealing - I just need to know whether I'll be going backwards in overall security. Thanks,


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:Family master passwords - only as strong as weakest?

Comments

  • prime
    prime
    Community Member

    @Overfinch everyone in the family on the family plan has their own private vault and their passwords will not affect yours. So you vault will not be affected by thier passwords at all.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @Overfinch: However, it's important to note that any family members you promote to Organizer will be able to manage (and access, if they wish) any non-Personal/Private vaults, so in that case the strength (and, frankly, confidentiality) of their Master Password can impact you and others part of the family plan. So, as always, with great power (recovery) comes great responsibility. I hope this helps. Be sure to let me know if you have any other questions! :)

  • Overfinch
    Overfinch
    Community Member

    Thanks guys. That does clarify it.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Glad to help! And we're here if you need anything else. :chuffed:

  • fryrpc
    fryrpc
    Community Member

    Are we also forgetting the Secret Key that would effectively bolster the encryption of those family members that use a master password that is not particularly complex - so from a vault encryption point of view a simple master password does not adversely affect its security?

    From an access point of view obviously this would not provide additional protection on devices where the Secret Key was already entered as only the master password would then be required for access. Therefore anything they have access to, shared vaults, would be accessible.

    Maybe if enforced 2FA was available this might help to ease some of this concern?

  • The secret key does help, yeah. 2FA would only help if someone tried to access the account on a new device, so it'd help, but not as much as it may seem (assuming someone's got access to one of your devices already).

    We should be encouraging our loved ones to use strong passwords with 1Password (or anything for that matter). I've taken to advising them to use pass phrases instead of passwords. A series of words (not necessarily based on something like dicewords) tends to be easier to remember than random characters.

    Rick

This discussion has been closed.