PW Protect Two Separate 1Password 7 Vaults (Work vs Personal)
How do I use 1Password 7 such that even if someone jumped onto my work computer that had my work vault open, they would not be able to access my non-work vault?
It appears as though 1Password 7 simply provides access to any and all vaults associated with the 1P7 login.
I'm not comfortable using a password service that requires me to reveal my personal passwords on my work PC.
With 1Password 4, I can easily segregate everything by using separate Dropbox accounts - each one having their own password protected vault. It does not appear as though 1Password 7 allows for this type of segregation...
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @1phowto,
Thanks for writing in.
That is not something that's available right now for 1Password 7 but we do want to add profiles support, so that you can switch "databases" that's protected with different passwords. However, it is technically complex to support reliably and we may end up not supporting it due to unexpected side effects.
1Password 7 uses a single local database that is encrypted by the first vault or account password you add to 1Password, all extra accounts or vaults gets added to this local database with their own vault keys that is re-encrypted with the database password, so that you only need to unlock with one master password. However, they are not exposed to each other, they do not know anything about other passwords.
How do I use 1Password 7 such that even if someone jumped onto my work computer that had my work vault open, they would not be able to access my non-work vault?
It's the same risk if you leave your personal vault and left the computer. You must ensure you lock the system before you leave the computer all the time, especially in a high-traffic environment like work. Keep in mind that anyone can also just walk in, plug a USB stick in and compromise your system while it is opened and get access to both vault passwords if you come back and enter the master password for both vaults.
1Password does not nor can it protect you against system compromises or as simple as someone walking to your computer while it is unlocked and opened.
It appears as though 1Password 7 simply provides access to any and all vaults associated with the 1P7 login.
Yes, you must have the master password to unlock the local database, which has access to open any vaults you add to 1Password. It is not revealing the vaults to anyone else with access to your 1Password account, only the local database.
I'm not comfortable using a password service that requires me to reveal my personal passwords on my work PC.
We do understand but it is your choice to add your personal 1Password account to that work PC (note a lot of companies do not permit using personal accounts on work systems). We're not revealing the personal vault to the work vault, they're both isolated in the same database but the database is encrypted with a single master password.
However, we do understand 1Password may not fit your needs for further isolation like this.
0 -
Thanks for the thorough response.
I think I may explore the Family plan (though paying double for this feature would hurt) as that would allow me to administer the account using my personal e-mail address while "sharing" my work vault to my corporate e-mail address.
In this way the risk to me is minimized. If I forget to lock my workstation (we've all done it) and someone hops into my office to look at my account, only my work passwords are compromised. Or, let's say my employer gets a wild hair and decides to confiscate my assigned (but company owned) laptop while I'm signed into 1Password. They'd only have access to my company passwords, nothing personal.
I'm open to feedback on my logic here but I think this approach would address my concern.
0 -
Hi @1phowto,
Do you need access to your personal vault all the time? I'm thinking if you can try working around this by using Travel Mode to make the work vault safe, so it is the only vault that shows up in your Windows PC but you can use the web app to get access to certain personal items when you need it.
The problem is it doesn't minimize the risk as much as your approach as it only leaves the work account on the PC without any access to the personal account. The Travel Mode approach means the risk is limited to seeing your work content but not your personal content since you can set 1Password web app to lock faster and it is closed when you close the browser.
0