How to migrate from old complex family 1Password setup to new subscription model?
Currently using 1Password 6 (and 4 on windows) with 7 family members including elderly parents and kids of varying ages in various cities, all with iPhones, most with apple computers but some with windows. My (the father) dropbox has separate shared folder containing each family member's agile bits keychain for each user. They all have dropbox on all devices and on each device 1Password syncs with each individual's vault agilebits keychain. My wife and I use the same primary vault. We can access all the other family members vaults and move items between vaults which is very helpful for helping them all set up logins and for me to see logins/passwords as needed to help them manage things. Particularly since I am not in the same city as most of them. None of them share with the others and they can't see all the stuff in my wife's and my vault. It all works and everyone is very happy with it. Thank-you Agilebits!
But Agilebits is clearly migrating to and encouraging use of subscription model. My current system's days are therefore probably numbered. In the interests of being proactive I am trying to figure out how to recreate the function that I now have to keep everyone safe. I would like to be able to see and administer the vaults and their contents, move/copy useful vault items to those that need them and allow family members to add and modify items in their own vault only. I would also like to be sure that the children can take their vault with them when they become independent or if something happens to me. Would be a huge pain for them to have to recreate a new password vault.
I would also like to manage this as inexpensively as possible and via the most user friendly setup possible so that my wife or kids could manage things if I no longer can.
Specific questions:
1) In Family program everyone gets their own individual vault that the Family manager can not access which is a problem for the benign IT despot (father) who needs access to all data that allows for support of computers, phones, etc while making sure everyone has access to their own stuff but not the other kids's or elderly parent's stuff. Could I use a Family Plan and set them all up as guests?
1a) Can a guest account be set up to import or acquire an existing vault? From its dropbox keychain? Some other way?
2) Would the kid's then be able to take their vault with them when they take over their own IT support and want to setup their own Family or individual account?
3) Would there be any option for another sibling of the elderly parent's to get access to their parent's vault to help out?
4) If supported users have their own private vault and I set them up with a vault shared just by that user and me/my wife how likely is it that they will inadvertently start putting items into the vault I have no access to? No real problem with them having their own vault but it is very helpful to access logins for IT support on my own schedule (which is enough of pain in the neck already without having to transcribe long passwords by hand over the phone.)
5) If I set up more than one Family account would it be possible for my wife to use 1Password 7 to access our, what used to be called "primary" vault and also access vault she shares with her father on a 2nd separate Family account? In other words, can a user be a member of more than one Family account?
6) Can a Family manager mange more than one family from a single 1Password7 installed on one computer?
7) Could I use 1Password6, syncing with vaults on dropbox, for one Family and for the other family use 1Password7 on the same computer with the vaults on agile bits servers?
8) Is it correct that 1Password7 can not be used to sync with vaults on dropbox?
9) Would Teams support allow for individual support by phone?
10) Would Teams allow importing existing vaults from agile bits keychains in dropbox?
11) How could a migration to the subscription model be done for users in 5 cities without taking anyone "offline" for long? Would be nice to figure out how to set up a new system in parallel while using the old system and then switch all at once, or better, allow users to use old system till I visit them or vice versa for on site changeover..
12) Can I run a Teams account and my current system at that same time and gradually shift users from current to Teams account?
13) What questions should I have been asking but didn't?
14) If I leave well enough alone how long before I have to make a change to subscription model?
Thanks in advance
1Password Version: Mac 6.8.8/win 4/most recent iOS
Extension Version: most recent(for most part)
OS Version: macOS 10.12 and 10.13, win 7 home and win 10
Sync Type: dropbox
Comments
-
@samgruner - wow, what a well-explained post! Glad to help.
But Agilebits is clearly migrating to and encouraging use of subscription model. My current system's days are therefore probably numbered.
Encouraging, yes. But I wouldn't say your current setup is in any danger of being unsupported at present. 1Password 7 for Mac debuted in late spring with full support for standalone licenses, local vaults and Dropbox/iCloud syncing. But -- especially for someone in your situation with multiple family members in different locations, over multiple platforms, I'd say you're literally the ideal candidate for 1Password Families.
Could I use a Family Plan and set them all up as guests?
You could, but I don't see how this would benefit you or them. Guests get access to only a single vault (that you determine, can be different for each guest), but they don't get their own Personal/Private vault, and they don't get access to the family-wide Shared vault. If you feel like you must have access to some of their data, you'd be better served either putting each family members' data that you need access to in the Shared vault, or - if you don't want the various family members to see/use each other's stuff - you could simply create a vault for each person labeled "shared with son," "shared with wife," etc (or whatever), and then invite ONLY that family member to the vault. That way, each family member would have: 1. Their Personal vault, 2. The family-wide "Shared" vault (with things everyone needs access to) and 3. Their own individual "shared with" vault whose only "members" are you and that person -- a different vault for each person.
Would the kid's then be able to take their vault with them when they take over their own IT support and want to setup their own Family or individual account?
Not directly in the way I think you're imagining it. But it's relatively trivial for a child leaving the nest to subscribe to his/her own individual 1Password account that you have no access to, add it into their existing app(s), then transfer over all their data and then either withdraw from the family account or - if you and the child decide - have him/her stay a part of the family account as well. You add as many accounts as you own or are a member of into any of our 1Password apps.
You'll have to explain your question #3 to me a little further, because I'm not sure I fully understood what you're asking there.
...how likely is it that they will inadvertently start putting items into the vault I have no access to?
This is definitely a thing. Anytime you have more than one vault, you can inadvertently place items into a vault you didn't want it to go into. There are a few defenses against this, but the only sure-fire one is vigilance (and maybe occasional checking). 1Password for Mac (for example) Preferences > Vaults has a "Vault for Saving" selector, which is where new items that aren't specifically assigned will be placed by default...but whether you're adding items by the Plus button or saving them in a browser, you'll also have the opportunity as the item is being created to place it into any vault you have access to -- you just have to remember to do it (hence the "vigilance" part of my answer). But assuming you actually like and remain in contact with your family (LOL), you can always call them and prompt them to move over any items or ask if they've got stuff that was accidentally mis-filed and needs moving. For the record, this isn't any different than with a Dropbox setup: users can create as many local vaults you wouldn't even know about much less have any access to, and if they "misfiled" stuff into one of those, the same problem not only could but would occur.
In other words, can a user be a member of more than one Family account?
See above. Short answer: yes, as many accounts as you like: individual, family, business (believe me, you don't even want to know how many accounts (most of them fake/demo/for testing purposes I have added into 1Password for Mac).
Can a Family manager mange more than one family from a single 1Password7 installed on one computer? You don't really do much of the management functions from your 1Password app; you do it from the web interface, but yes -- a person could theoretically be owner/Family Organizer of any number of teams/families accounts.
Could I use 1Password6, syncing with vaults on dropbox, for one Family and for the other family use 1Password7 on the same computer with the vaults on agile bits servers?It's possible to use both local data (synced however you wish) and 1password.com account(s) within the same 1Password app, sure -- but it definitely increases the possibility of confusion/errors down the line, if you're not paying attention to what goes where. Simplicity is key -- don't overthink or overcomplicate it.
Is it correct that 1Password7 can not be used to sync with vaults on dropbox?
No. What IS correct is that a 1password.com account syncs via the 1password.com servers -- you would have to explicitly allow standalone vaults within 1Password 7 for Mac, and then choose to sync only those via Dropbox.
Would Teams support allow for individual support by phone?
We do not offer telephone support for 1Password.
Would Teams allow importing existing vaults from agile bits keychains in dropbox?
1Password 7 for Mac will import Agile Keychains because that format has been deprecated in version 7. You don't need a 1Password Teams account (or any specific type of account) to do this. In fact, if you decided to go 100% standalone, you would STILL need to convert older Agile Keychains, since they are formally deprecated in version 7. What type of account you have doesn't matter.
How could a migration to the subscription model be done for users in 5 cities without taking anyone "offline" for long? Would be nice to figure out how to set up a new system in parallel while using the old system and then switch all at once, or better, allow users to use old system till I visit them or vice versa for on site changeover..
If you insist on being physically of virtually present to oversee each person's transition, it might be stressful/problematic for you, but here again, it needn't be. The steps to switch over are relatively simple:
- You, as Family Organizer, invite your family members to join. Each person you invite receives an email inviting them to join, with a special sign-up link. When they click it, they go through the same process you did to sign up: receive a randomly-generated Secret Key, choose a Master Password (which can be the same as their existing one, if that one is at least ten characters, or they can pick a new one), and complete the sign up.
- You are notified they have signed up, and you confirm their sign-up. Once you do, they are full-fledged members of the 1Password Families account, with their own (empty) Personal/Private vault and access to the Shared vault.
- They add the account into their existing 1Password app (use a desktop app, it's vastly easier than a mobile app).
- They then migrate their data from existing standalone/Dropbox vaults into the 1Password Families account.
- They then remove the old standalone vaults by selecting each vault in turn and removing it (in 1Password for Mac, it's Vault > Delete (name) vault). The Primary vault must be last; other secondary vaults can be in any order. This will leave them running only their 1password.com account and its vaults.
If you're worried about some family members' ability to do this correctly or completely -- and there are indeed pitfalls, like not removing the local vaults after you've migrated your data, etc. -- then I would recommend you use some form of screen-sharing/VNC/RDP for the remote folks, and physical oversight for the locals, until you're satisfied it's correct for each person.
Can I run a Teams account and my current system at that same time and gradually shift users from current to Teams account?
I am not sure why you would choose a 1Password Teams account when a 1Password Families account is vastly cheaper and accomplishes essentially the same thing, in the context of a family. In 1Password Teams, you will pay $3.99 per user, per month. In 1Password Families, you will pay only $4.99 per month for the entire family (unless you have over five members, in which case it's a dollar extra per month per family member, or $6.99 for 7 people).
What questions should I have been asking but didn't?
This list has been pretty exhaustive. ;)
If I leave well enough alone how long before I have to make a change to subscription model?
We don't normally pre-announce future plans, as many factors (some beyond our control) affect them. But 1Password 7 for Mac is brand-new, and will fully support standalone data and Dropbox syncing for its entire life-cycle. I can't offer any thoughts about 1Password 8 or beyond, as frankly, we haven't even started thinking about nor designing it.
0 -
Wow. Lars you are incredible! Prompt, detailed, with plenty of useful context. Thank-you. Plenty to mull over.
0 -
Glad Lars a was able to help! Be sure to let us know if you — or your loved ones — have any other questions along the way. We're here for you. :)
0 -
This content has been removed.
-
Thank you for the kind words :)
0