New Solution to People Wanting Log-In Info On Their Various Other Entries

2»

Comments

  • paranoyd
    paranoyd
    Community Member

    In ways nobody could imagine... (muhahaha?)

    :)

  • Lars
    Lars
    1Password Alumni

    @paranoyd

    In any case, the real point is here is...we wake up one day and find out that we aren't nearly as protected as we all thought we were...

    And round and round we go! ;)

    I don't mean that to sound flip; it's merely accurate: attackers work continually to open exploitable holes in everything from our chip architecture to our compilers to anything else they can hack, and defenders work to plug holes, slow attacks and patch issues. Perhaps I lack imagination, but I find it difficult to imagine a future in which some version of this is not still going on. Short of the 'War Games' observation that the only winning move is not to play, it's like many other things: you do what you can, and hope the absolute worst doesn't come your way.

    That's not to say that security measures we each take aren't worthwhile, only acknowledging that there's no such thing as perfect security forever, or even at any given moment. Each of us has to draw the line at how paranoid - excuse me: paranoyd, LOL - we want to be. What may seem like prudent measures to me may seem like a ridiculous amount of unnecessary work to someone else, while simultaneously striking a different person as not NEARLY enough. With 1Password, we try to provide, in our own lane, proven tools which - used properly - heighten users' online security and increase convenience without sacrificing one for the other.

  • paranoyd
    paranoyd
    Community Member

    Well, not that "round" because I agree with everything you said. :)

    But, yes, there is a future where there isn't going on. And it looks like this:

    :)

  • Lars
    Lars
    1Password Alumni

    :dizzy:

  • paranoyd
    paranoyd
    Community Member

    I also view these things as the out-run-the-bear story....

    Dave and Mark are camping when a bear suddenly comes out and growls. Dave starts putting on his tennis shoes. Mark says, “What are you doing? You can’t outrun a bear!” Dave says, “I don’t have to outrun the bear...I just have to outrun you.”

    :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    No, of course not. But the cloud is another vector for an attack. So instead one vector with a local file there are now two vectors.

    @paranoyd: Well, I guess for an attacker that isn't very bright that would be true...but given that our servers never receive either the Secret Key or Master Password, both of which are needed to decrypt a user's data, they'd really be better off going after you than us: one-stop shopping.

    Right - this is not a cloud flaw per se. But, getting into the weeds, there really is no "cloud". It's a mental construct. There are just computers sitting someplace else that hold all my data. And it appears that a massive vulnerability has just been discovered that will affect those computers.

    Also, your computers (and mine), which are arguably easier to get to than AWS...

    As for all the encryption being done client-side, then could now an exploit be written that grabs my data on my computer as it is being shunted around RAM in preparation for being uploaded? If so, sure, that could happen I suppose to my regular non-uploaded data. But as I've said before...that's one vector. Now we have two.

    That really sounds like one to me, since an attacker with access to your computer's RAM should probably just grab your account credentials while they're in there! It sucks, but we're really the weakest link in our own security. With great power — being in control of our data and incredibly advanced devices — comes great responsibility.

    I also view these things as the out-run-the-bear story....

    That pretty much sums it up for me! :lol:

  • paranoyd
    paranoyd
    Community Member

    Hi there...so it's been a while but I wonder if you guys are still there. I am ready to transition my 1Password set up but I need a little help, since it's kinda a confusing set-up:

    Currently, I am using 1Password 6.8.9 on a Mac. I also have the iOS counterpart. This is my workflow:

    1) I have what I believe is called a standalone vault on my Mac.
    1a) I sync this manually to my 1Password on my iPhone (a minor pain, but I was trying to stay off the cloud).

    2) This standalone vault let's call HARRY'S PRIVATE VAULT

    3) I ALSO have some kind of cloud account that I have access to - that my wife and I share.
    3a) It's cloud-based, we both have the log-in password, and it contains passwords we both share.
    3b) When I go the "Accounts" preference on my laptop, it is the only account listed, and says "HARRY/SALLY" then "Subscribed"

    4) Let's call this HARRY & SALLY'S SHARED VAULT

    So I have a standalone private me-only vault. And a shared husband/wife cloud based vault.

    Here's where I want to end up.

    5) I want to go all cloud based.
    6) I want to transition HARRY'S PRIVATE VAULT (currently standalone and not-cloud based) to the cloud - but only I have access to it
    7) I want to keep HARRY/SALLY's shared cloud based vault - but shared so we both can access it
    8) Ultimately, I would like other people to have their own private cloud based vault, also. Like Sally, the kids as they grow.

    So I have two issues:

    9) Can I get what I want? Which is...
    9a) All cloud-based accounts "owned" privately by each individual (yes, I'm sure I can)
    9b) The parents sharing a cloud-based account that they each can access

    10) How to get there with my current system because I'm not starting from scratch?

    Perhaps that's the best way to start? How would you set up a newbie with what I'm looking for...so I can understand the framework. Then we can talk about how to transition there?

    Thank you again for your help!

  • Hi @paranoyd

    Yes, what you're describing is certainly possible, through 1Password Families. Each person within a 1Password membership gets their own unique "Personal" vault which nobody else has access to or visibility of. Beyond that any number of shared vaults can be created and shared with whichever people within your membership that you choose. We have two guides that should help you get there:

    Move your existing 1Password data to a 1Password account

    and

    Share passwords in 1Password Families

    Please let me know if you have any questions along the way. :)

    Ben

  • paranoyd
    paranoyd
    Community Member

    Thanks for the info. Helpful as always! Your share 1password led me to...

    If you have an individual account, you can upgrade to 1Password Families or 1Password Teams:

    Sign in to your account on 1Password.com and click Invite People in the sidebar.
    Choose your upgrade option.
    Learn more about 1Password Families and 1Password Teams.

    But I can't seem to find the "Invite People" option. Is that perhaps because I signed up for an individual account through the Mac App Store? Or perhaps because I'm still using 6.8.9? (Will I lose the standalone vault if I upgrade to 7? I don't mind...I'm transition it to the online vault...but I need access to it to transition)

  • ag_ana
    ag_ana
    1Password Alumni

    @paranoyd:

    But I can't seem to find the "Invite People" option. Is that perhaps because I signed up for an individual account through the Mac App Store?

    This is the reason. We will be happy to help you with this. To avoid sharing your account information here, can you send us an email to support+forum@agilebits.com from your account's registered email address so we can continue the conversation there?

    After you have sent the email, please feel free to post the ticket number you received so we can locate your message and connect it with this forum discussion.

    Looking forward to your message!

  • paranoyd
    paranoyd
    Community Member

    It seems I have a bunch of email addresses in my records with this account. But since I bought it on the Mac app store, I assume I should send from that address?

  • Please send from the email address associated with your 1Password account (the one you enter at https://my.1password.com to sign in), which may or may not be the same as your Apple ID email address. :)

    Ben

This discussion has been closed.