Disable personal vaults for team members
Hi there,
I've seen this question pop up in the forums a few times, yet the last one seems to have been about a year ago - so I thought I'd check on the status :)
Is there a way to disable personal vaults for team accounts? We have a few members storing deprecated passwords for sites in their personal vaults (simply by pressing "save" at the wrong time) and they are getting confused by several identical looking logins in their account (multiple personal, one from a team vault).
This is not about privacy, I don't necessarily want to see what's in their account - I simply want to restrict access so that they are unable to store their own passwords (as we are using mostly shared accounts for company wide accounts).
So I guess my question is - can you share a timeline for a feature that would accomplish this?
Thanks and best regards,
Flavio
1Password Version: 7.0.7
Extension Version: 4.7.2.90
OS Version: OS X 10.13.6
Sync Type: Not Provided
Comments
-
Hi, @ftrillo.
We don't have a timeline or specific plans to implement this feature right now. I'm surprised that no one on your team would need a private vault. I use my private vault on our team account for many things, including my team email account. It seems like not having any private vault would cause them to use less secure passwords for some items rather than save the items in a shared vault.
0 -
Hi @rob and thanks for the update!
They might need their personal vault - it's more a matter of data hygiene :) When they store commonly shared passwords in their personal vault (by accident) and I change the password for a shared account in the shared vault, they will still try to log in using the password in their personal vault. It's just something I'd like to avoid as it causes me to have to go around deleting credentials from personal vaults...0 -
Seems like such a situation may create a bit of a catch 22. :) If you were to disable someone's personal vault where would you have them store items that are individual to them? Using the example Rob mentioned... where would someone in this case store the credentials for their company email account? Or would folks in this situation not have such credentials?
Ben
0 -
@ftrillo: Then it seems like they'd either need to pay for a separate 1Password.com account or some other password manager just to store their email account credentials and other stuff specific to them, or, as Rob mentioned, they'd just use weak passwords for that stuff so they can remember it. Doesn't sound like great data hygiene to me. :(
0 -
I would also like to disable Private vaults for team members or even just in general for every account. Even as admin, I don't have access to their individual work passwords (such as email or timesheets logins) that are work-related and I should have access too. If I didn't have access to these passwords, if I need access, I would cause a lot of disruption by resetting passwords from my admin access to gain entry. Our policy is that personal logins shouldn't be stored on the company's 1password program at all.
To get around this, I have instructed that all team members are not to use their private vault and I have created separate vaults for them (titled with their names) and given only the 1 team member access. (and admin by default of course). It works very well apart from still seeing the empty private vault. Also, as a small business with less than 10 employees and low turnover, this is manageable to implement. With a much bigger company, it wouldn't be ideal.0 -
Thank you for taking the time to share your feedback with us :+1: :)
0 -
I second this request. My workaround is exactly what alyce_neale mentioned above - by creating a shared "personal" vault for each member, only granting access to myself and them, and instructing them to not use their private vault, I've been able to get around this. The problem is, some of our less-tech savvy workers end up saving in their private vault, unbeknownst to them, and I end up in a situation like today, where he knew it was saved, but had saved in the wrong vault. I don't really understand why you would allow a centrally-managed business account to have a private vault that no one, not even the account owner, can view or have access to. You either need to 1) Allow the ability to disable private vaults or 2) Give the account admin access to the private vaults by default.
0 -
Thank you for sharing your use case with us :+1:
0