Account Owner vs. Family Organizer
I'm trying to move my family to use 1Password so I set up a Family account. Still working on convincing everyone before the January 2019 renewal π
But I was surprised to see there is no distinction between the owner of the account (me, the one that pays) and any other family organizer (FO). A secondary (not-paying) FO can demote, disable and even delete the primary (the one that pays for everything) FO account π± And if I am not mistaken, the primary FO will not receive any notification of any of these changes π€
And then, if the primary FO tries to sign in, the error messages do not help π "Cannot sign in." in case of a suspension, or "Cannot sign in. Please authenticate with MFA." in case of deletion.
Shouldn't the user that actually pays be protected against this?
I was also surprised any FO can access the "Billing" and "Settings" sections.
For now I'm the only FO, but family dynamics π may require I promote someone else to FO, and the paranoid voice inside my head is mumbling something about not-so-benevolent dictatorships π
Regards from Spain,
Antonio
1Password Version: 7.2.576
Extension Version: 4.7.3.90
OS Version: Windows 10
Sync Type: Not Provided
Comments
-
Welcome to the forum, @atnbueno! Thanks for the question. 1Password Families is different from any other type of 1Password account we offer in a couple of key ways. The first one is that it's by far the most economical option we offer, especially for families of four or five people: individual 1Password accounts cost $2.99/mo, but a 1Password Families account that up to five people can use is only $4.99 per month -- five individual accounts would be nearly $15/mo.
However, the second way in which 1Password Families is different from either individual accounts or something like a 1Password Teams account is that it's the only one of our offerings that requires a certain level of trust in the people you share it with. That's why it's not really suitable for small partnerships or businesses: for the very reason you describe. There are only two roles in 1Password Families, Member and Organizer. Family Organizers play a similar role to Administrators in 1Password Teams. But it also encompasses the Owner role as well. It's a good idea to have at least one other person be a Family Organizer (my wife is, in our family account, for example). If you have only one Family Organizer (yourself) and you are incapacitated or you forget your Master Password, the entire account must be deleted. If you have one other person, each of you can help everyone else recover their accounts if they forget their Master Password or lose their Secret Key, but you can also help each other in such a case.
But the design of 1Password Families definitely requires a bit of trust to set such a thing up. If "family dynamics" in your case are such that you would prefer to trust no one else with the power to delete other people or even delete the entire account, then I suggest you opt for individual 1Password accounts. That would give you each your own account that could not be deleted or taken away by anyone else, but it would also mean you could not share vaults among you. If you need both of those things - the ability to have both an Admin role and an Owner role...but also still share data amongst you, then you'll need 1Password Teams -- which is $3.99/mo per user (so more expensive than individual accounts), but allows for much finer-grained control of permissions and sharing.
0 -
Thank you for your answer.
Right now I'm considering (in case I have to FO'd someone else) keeping my old standalone license with a local backup. But I sooo don't like manual backups π
In any case, please consider adding non-login notifications, as well as clearer login messages (BTW, I forgot before about the message when you are logged in and your account is suspended: "Your session expired. Please sign in again." π).
Regards,
Antonio0 -
Hello again.
On first impression, it looks like a "local vault" (sync'd via Dropbox) is what my inner paranoid would need π It will still require some manual steps but I'm glad to have a plan B if I end up having a 2nd FO π
BTW, I have re-tested the demoting/disabling/deleting and the messages in my iPad are perfectly clear ππ» So I restrict my previous comments about unclear messages to the web interface.
Regards,
Antonio0 -
@atnbueno - I'm not sure why you'd want to keep a local vault and standalone license; it won't work for 1Password 7 for Mac, and if you have a 1password.com membership, you don't need a license for 1Password 7 for Mac, unless you delete your account or let it enter Frozen status. Whatever works best for you, though. Glad I was able to help provide some information.
0 -
Ooops. Talk about unclear messages π
Ignore my "old standalone license" mention. My interest in a local vault (using 1Password 7.x in Windows 10) is in the unlikely case of a problem (mainly hacking) of a secondary FO (which I still don't have).
I have a 1password.com account and I will keep having it, although in January 2019 I wll decide if I keep it a family one or if I change it to a personal one. It depends if I'm the only one that use it, as it is right now π
0