What can I do and see as an Administrator?

Finally getting off my butt to setup a trial of 1Password Teams.

Do you have any documentation on what I can see and do as the administrator please?

Ideally a PDF I can give to staff that gives them a very clear outline of how secure (or not) their data is from me and the company.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @musicwallaby: We sure do!

    Administrators: Get started with 1Password Teams

    But that's more for you to give you an overview of how you can use 1Password Teams. It sounds like you're also looking for information on our security model. Look no further!

    1Password.com security white paper

    But, more importantly, let us know if you have specific questions pertaining to your team and how you'll be using 1Password. We're happy to help! :)

  • musicwallaby
    musicwallaby
    Community Member

    @Brenty thank you but not quite :)

    The Security White Paper is great, read it ages ago and it sold me on you (personally, just not yet got round to Teams).

    But let's say I'm asked "As an administrator can you see all my passwords?", I'd love to be able to give them a cheat sheet that has that kind of info on it.

    The Administrator Roles and Powers section of the white paper says it's not ready yet, so it may be there's nothing but got to ask..

  • AGAlumB
    AGAlumB
    1Password Alumni

    The Security White Paper is great, read it ages ago and it sold me on you (personally, just not yet got round to Teams).

    @musicwallaby: Ah, great! Glad to hear you're familiar with it! :)

    But let's say I'm asked "As an administrator can you see all my passwords?", I'd love to be able to give them a cheat sheet that has that kind of info on it. The Administrator Roles and Powers section of the white paper says it's not ready yet, so it may be there's nothing but got to ask..

    Gotcha. That's a very good point. Let's talk specifics. While we have yet to flesh out that section specifically addressing that particular example, the short version is fairly simple:

    • Admins never have access to data in a user's Private vault. Only each individual user ever has access to the data in their Private vault, with no exceptions. This is enforced cryptographically.
    • Admins with the appropriate permissions can grant themselves access to shared vaults. This is also enforced cryptographically when the keys are exchanged for sharing.

    The long version involves tying "How Vault Items Are Secured" and "How Vault Items Are Securely Shared" (p.17-21) into a story illustrating how all of this is applied in a team (or family) setting. While we haven't written that yet, if you have something in mind I'll be happy to use it to try to give a more concrete example for your situation, if that helps. :)

  • musicwallaby
    musicwallaby
    Community Member

    @Brenty thanks, that does pretty much cover it, guess from my POV it would be great if there was some kind of official "flyer" that might put non-technical staffs minds at ease.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @musicwallaby: That's a really interesting idea. What kind of thing do you have in mind? The hard part is probably deciding what to include and what not to, especially since different people will have different expectations and backgrounds. But I dig the concept. :)

  • musicwallaby
    musicwallaby
    Community Member

    @Brenty well, I see it this way, I spend a big chunk of my time training and teaching our staff to be suspicious and to trust nobody and don't tell anyone your password.

    Now I'm giving them a tool that they won't be familiar with (they're normal people, 1Password means nothing to them) and telling them to put all their work passwords in it.

    They're going to think I can see them because "IT people can see everything, right?" and it's not a password manager they've purchased themselves it's one their IT team have given them.

    Now of course I can tell them "I can't see them" but what I would find useful, and I totally get that YMMV and I may be the only person who's ever mentioned this, is a simple flyer for end users that explains their IT team can do XYZ and their IT team cannot do XYZ.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @musicwallaby: No, this is a great suggestion! I'll definitely pass it along to the team. I bet if we put our heads together we can come up with something. And I have no doubt you're not the only one who would appreciate something like that to use in a business setting. Thank you! :chuffed:

  • @musicwallaby,

    I would add "don't tell anyone your secret key" to the list of don'ts as well.

    Rudy

This discussion has been closed.