How do I give a child access to our family account without him getting access to my private vault?

eelstretching
eelstretching
Community Member

I feel like I'm going crazy here. I signed up for the family plan, and now I want to put 1Password on my son's phone. My mental model was that the private vault that I made when I set up the account (imported from my standalone vault) would be accessible only to me and that family members that I added would only see the shared vault and their own vault.

I went through the article on adding a family member and did what it said, and it implied that the above impression was correct (i.e., family members would have access to the shared vault and they would have a private vault, but that's it.)

But when I add my son's phone, he sees my private vault and he can look at the passwords in it. This isn't acceptable to me. I trust my family, but he's still a kid.

What am I missing? Judging by other posts on the forum, it seems like I might be out of luck.


1Password Version: 7.1.2
Extension Version: Not Provided
OS Version: OS X 10.13.6
Sync Type: 1Password Account

Comments

  • eelstretching
    eelstretching
    Community Member

    Yeah, it turns out that I'm just a ding dong. Minute after posting this, I re-read the instructions and realized what I had done wrong.

    It's working now.

  • AGAlumB
    AGAlumB
    1Password Alumni

    My mental model was that the private vault that I made when I set up the account (imported from my standalone vault) would be accessible only to me and that family members that I added would only see the shared vault and their own vault.

    @eelstretching: That's correct! Even when you're sharing a 1Password Families plan with your loved ones, each person you invite sets up their own account there, with a Master Password of their choosing, a Secret Key which is unique to them, and a Personal/Private vault which only they can access.

    I went through the article on adding a family member and did what it said, and it implied that the above impression was correct (i.e., family members would have access to the shared vault and they would have a private vault, but that's it.)

    Indeed, others in the family plan only have access to (be default) the Shared vault for everyone, and then other shared vaults you create and grant them access to. You can learn more about managing vaults here:

    Create and share vaults

    Just keep in mind that none of that applies to anyone's Personal/Private vault, as those are only ever accessible to their owner.

    But when I add my son's phone, he sees my private vault and he can look at the passwords in it. This isn't acceptable to me. I trust my family, but he's still a kid. What am I missing? Judging by other posts on the forum, it seems like I might be out of luck.

    Not at all, but I am sorry for the confusion. Because you've setup your son's device with your own account credentials — Master Password, Secret Key, email address, etc. — he's using your own user account. It would be best to invite him to setup his own account:

    Share passwords in 1Password Families

    However, you may also want to consider inviting him as a guest instead of as a regular family member. That way he will only have access to a single vault you share with him:

    Share with guests in 1Password Families

    Something to consider. Let me know if you have any other questions!

  • SecretDude
    SecretDude
    Community Member

    I made the same mistake as Eelstretching, and was horrified to see my life's passwords on my son's iPad, even if only for a few minutes. I'm sure the process is straightforward if you follow the right directions carefully, but clearly it's pretty easy for users to make this mistake when they first add another family member. I wonder if it's possible to look at the missteps users make when incorrectly adding new family members (probably the main misstep being logging in on a family member's computer with their own credentials), and look for a way to head off this error for future users? Maybe make a bold warning NOT to do this in some step of the process?

    Also, I examined what my young son has access to via his 1Password app. I see the "secret key" that's used to increase our family's security (beyond just our passwords) is readily available to him. I don't like that. A parent has that key and can furnish it to the child if needed, but I have a hard time thinking why a child would need direct access to this key. I think it would be nice to have a specific setting that the family account organizer controls, which can limit access to the family's secret key from the 1Password account (specifically for kids, and perhaps others). I assume the app saves the secret key to sync with the family account, but it doesn't seem to need to be accessible to every family member.

  • Ben
    Ben
    edited September 2019

    @SecretDude

    The Secret Key is unique to the person, rather than each family. Each person has access to their own (and only their own) Secret Key.

    We'll continue to evaluate how we can minimize the occurrence of people sharing their credentials instead of inviting family members to create their own accounts within the membership. Thank you for taking the time to share your thoughts on that.

    Ben

  • SecretDude
    SecretDude
    Community Member

    Ah, thanks for explaining that to me. For some reason I thought the whole family shared the key. I feel much better knowing the keys are for each individual!

  • I'm glad to hear that helps ease your mind @SecretDude. :+1:

    Ben

  • dschutz
    dschutz
    Community Member

    I'm still not grasping this either. I invited my spouse to create her own secret key, using her email address, creating her own password...and after doing this still she gets access to MY private vault. All I want is to give her access to her own private vault and our shared one for bills.

  • AGAlumB
    AGAlumB
    1Password Alumni

    @dschutz: If you don't give them your Secret Key and Master Password, they cannot use them to sign in as you and access your Private vault. You can change both of those in your account at https://start.1password.com/profile if that cat is already out of the bag. :)

This discussion has been closed.