What can I do and see as an Administrator?

Finally getting off my butt to setup a trial of 1Password Teams.

Do you have any documentation on what I can see and do as the administrator please?

Ideally a PDF I can give to staff that gives them a very clear outline of how secure (or not) their data is from me and the company.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • brentybrenty

    Team Member

    @musicwallaby: We sure do!

    Administrators: Get started with 1Password Teams

    But that's more for you to give you an overview of how you can use 1Password Teams. It sounds like you're also looking for information on our security model. Look no further!

    1Password.com security white paper

    But, more importantly, let us know if you have specific questions pertaining to your team and how you'll be using 1Password. We're happy to help! :)

  • @Brenty thank you but not quite :)

    The Security White Paper is great, read it ages ago and it sold me on you (personally, just not yet got round to Teams).

    But let's say I'm asked "As an administrator can you see all my passwords?", I'd love to be able to give them a cheat sheet that has that kind of info on it.

    The Administrator Roles and Powers section of the white paper says it's not ready yet, so it may be there's nothing but got to ask..

  • brentybrenty

    Team Member

    The Security White Paper is great, read it ages ago and it sold me on you (personally, just not yet got round to Teams).

    @musicwallaby: Ah, great! Glad to hear you're familiar with it! :)

    But let's say I'm asked "As an administrator can you see all my passwords?", I'd love to be able to give them a cheat sheet that has that kind of info on it. The Administrator Roles and Powers section of the white paper says it's not ready yet, so it may be there's nothing but got to ask..

    Gotcha. That's a very good point. Let's talk specifics. While we have yet to flesh out that section specifically addressing that particular example, the short version is fairly simple:

    • Admins never have access to data in a user's Private vault. Only each individual user ever has access to the data in their Private vault, with no exceptions. This is enforced cryptographically.
    • Admins with the appropriate permissions can grant themselves access to shared vaults. This is also enforced cryptographically when the keys are exchanged for sharing.

    The long version involves tying "How Vault Items Are Secured" and "How Vault Items Are Securely Shared" (p.17-21) into a story illustrating how all of this is applied in a team (or family) setting. While we haven't written that yet, if you have something in mind I'll be happy to use it to try to give a more concrete example for your situation, if that helps. :)

  • @Brenty thanks, that does pretty much cover it, guess from my POV it would be great if there was some kind of official "flyer" that might put non-technical staffs minds at ease.

  • brentybrenty

    Team Member

    @musicwallaby: That's a really interesting idea. What kind of thing do you have in mind? The hard part is probably deciding what to include and what not to, especially since different people will have different expectations and backgrounds. But I dig the concept. :)

  • @Brenty well, I see it this way, I spend a big chunk of my time training and teaching our staff to be suspicious and to trust nobody and don't tell anyone your password.

    Now I'm giving them a tool that they won't be familiar with (they're normal people, 1Password means nothing to them) and telling them to put all their work passwords in it.

    They're going to think I can see them because "IT people can see everything, right?" and it's not a password manager they've purchased themselves it's one their IT team have given them.

    Now of course I can tell them "I can't see them" but what I would find useful, and I totally get that YMMV and I may be the only person who's ever mentioned this, is a simple flyer for end users that explains their IT team can do XYZ and their IT team cannot do XYZ.

  • brentybrenty

    Team Member

    @musicwallaby: No, this is a great suggestion! I'll definitely pass it along to the team. I bet if we put our heads together we can come up with something. And I have no doubt you're not the only one who would appreciate something like that to use in a business setting. Thank you! :chuffed:

  • rudyrudy

    Team Member

    @musicwallaby,

    I would add "don't tell anyone your secret key" to the list of don'ts as well.

    Rudy

This discussion has been closed.