2 users, one Mac.

Mark Fosdick
Mark Fosdick
Community Member

I tried to find an example of this and was unable to so hopefully you guys have a way to do this.

I have OnePassword on my Mac and my iOS devices and I use one vault. My partner wants to use OnePassword as well. We both use the Mac, same account on the Mac, and she has downloaded the Andriod app for her. Ideally I would like for her to have a separate vault that's do not have access to and a shared one for both of us. How would we do that?

Thank you,
Mark

Comments

  • Megan
    Megan
    1Password Alumni

    Hi Mark Fosdick,

    Thanks so much for your interest in 1Password! The best option here is to create a separate user account for your partner. Multiple vaults for multiple users on the same OS user account is a bit tricky, mostly because the primary vault has a few special characteristics built in to it. If you were to create a secondary vault for your partner, there are two things to be aware of:

    • the encryption keys to the secondary vault will be stored within the primary vault. This means that the owner of the primary vault will have access to the secondary vault. This is done to ensure that users who want to separate their data into multiple vaults don't have to remember the Master Password for each vault. It makes things slightly less ideal in your situation though.
    • 1Password will default to opening to the primary vault. It is simple to switch to a secondary vault - simply use the shortcut ⌘# (Command-'vault number') to unlock a secondary vault directly.

    While this option is certainly doable, it doesn't give you quite what you are hoping for, because the primary vault holder will be able to see the contents of the secondary vault. There's also no easy way to share a joint vault between the two of you.

    This is why a separate user account on your Mac is the way to go.

    While this set-up complicates things for you slightly, it will give you the set-up you desire with respect to vaults. Your partner can create a fresh user account and install 1Password as a new user. She can set up her vault with her own Master Password and sync to her Android device. One of you can then create a secondary vault and include all your shared Logins and then share this vault using Dropbox.

    I'm sorry I don't have a perfect answer for you here, but I do hope this helps! Please let me know if you have any further questions. :)

  • Mark Fosdick
    Mark Fosdick
    Community Member

    Thank you Megan!

  • Megan
    Megan
    1Password Alumni

    Hi Mark Fosdick,

    Happy to help! You know where to find us if you have any further questions or concerns ... but I hope the set-up process goes smoothly for you. :)

  • AgileByte
    AgileByte
    Community Member

    mostly because the primary vault has a few special characteristics built in to it.

    Could you please fully detail the difference between the Primary vault and all other vaults?

    How does this apply to iOS as opposed to Mac?

    What about if you're using DropBox to sync vaults?

    Thanks,

    Doug

  • Megan
    Megan
    1Password Alumni

    Hi Doug ( @AgileByte ),

    Could you please fully detail the difference between the Primary vault and all other vaults?

    As I mentioned above, the primary vault holds the encryption keys for all the secondary vaults. This means that, when you unlock your primary vault with your Master Password you will also have access to all secondary vaults, without having to enter the passwords for those vaults.

    When we designed multiple vaults, the idea was that your primary vault would always hold your personal information and would never be shared. Secondary vaults could contain the information that you wanted to share with various groups: family, co-workers, etc.

    How does this apply to iOS as opposed to Mac?

    The same applies on iOS. The Master Password for your primary vault will allow you to switch between your secondary vaults without having to enter the password for each.

    What about if you're using DropBox to sync vaults?

    Each vault has separate sync settings. Dropbox is our most flexible sync option, as it works between Mac, iOS, Android and Windows, and is capable of syncing multiple vaults. To set up sync for a secondary vault, simply open the Preferences > Sync pane while viewing your secondary vault. You can select the location in Dropbox to store this vault. You can even share a non-primary vault.

    I hope this helps to explain a bit more about how multiple vaults work, but if you do have more questions, we're here to help! :)

  • AgileByte
    AgileByte
    Community Member

    When we designed multiple vaults, the idea was that your primary vault would always hold your personal information and would never be shared. Secondary vaults could contain the information that you wanted to share with various groups: family, co-workers, etc.

    Hi Megan,

    Thanks for the detailed responses.

    Unfortunately, my Primary vault does not contain the information I would never want to share. I started using 1Password for the main reason that it supported sharing vaults, so my Primary vault is the one that I want to share with people. (It contains should-be-shared, work-related information.) My first Secondary vault is my "Personal" vault, which I started after getting used to using 1Password. I then added another secondary vault which will contain all the information I am importing from SplashID (which has over 1,500 records since I have been a user of that for over a decade and across multiple platforms).

    So... How do I fix this problem? (Note that I haven't shared anything yet.)

    Is the password to the Primary Vault referred to as the "Master Password" in the various documentation and options screens? Or are there two separate passwords, a "Master Password" and a "Primary Vault Password"?

    The same applies on iOS. The Master Password for your primary vault will allow you to switch between your secondary vaults without having to enter the password for each.

    How can I just unlock my secondary vault(s) in iOS? I don't see a way to do that. It always asks for the Master Password.

    Next: Is it possible to get rid of the Master Password? Can I tell it I don't want my other vault passwords stored in any other vaults (Primary or otherwise)? I want to always enter the password for the particular vault that I'm using, and not unlock anything else. I am really concerned about this sort of thing and don't want my personal information unlocked on a work device (for example) even if the data may inadvertently reside there due to DropBox. And, I definitely don't want all my vaults to be compromised if the Master Password is compromised. I want all the vaults to be independent from each other - or if I want them to be un-independent, I can just add a record to one of the vaults. I don't like that this stuff goes on behind the scenes without my knowledge or ability to disable.

    Thanks,

    Doug

  • Megan
    Megan
    1Password Alumni

    Hi Doug ( @AgileByte‌ ),

    So... How do I fix this problem? (Note that I haven't shared anything yet.)

    You'll want to re-organize your vaults so that your primary vault holds your personal not-to-be-shared information, and use your secondary vaults to share data with family and co-workers. You can easily move multiple items between vaults by selecting all the items you wish to move and then using the Item > Share menu.

    How can I just unlock my secondary vault(s) in iOS? I don't see a way to do that. It always asks for the Master Password.

    Unfortunately, at this time it is not possible to open 1Password 5 for iOS directly to a secondary vault. Our developers are looking into options here, and I'd be happy to let them know you're interested in a feature like this.

    Is it possible to get rid of the Master Password? Can I tell it I don't want my other vault passwords stored in any other vaults (Primary or otherwise)?

    1Password is pretty much designed around the Master Password. I don't think we'll be getting rid of it any time soon. :) As I've mentioned above, we designed multiple vaults to ensure that you still only have to remember one password, even if you organize your data into multiple vaults. That being said, you do have a few options to get the behaviour that you want out of 1Password.

    I want to always enter the password for the particular vault that I'm using, and not unlock anything else.

    Again, as I've mentioned above, you can open a secondary vault directly on your Mac using the 1Password > Switch to Vault menu (or the keyboard shortcut).

    I am really concerned about this sort of thing and don't want my personal information unlocked on a work device (for example) even if the data may inadvertently reside there due to DropBox.

    If you don't want your personal data to be available on your work device, the solution there is simple as well: simply don't add the personal vault to 1Password on your work iOS device. Because each vault has individual sync settings, you can choose which vault goes on which computers/devices. If you have a work phone, for example, you could choose to install only your work vault in 1Password 5 for iOS there.

    And, I definitely don't want all my vaults to be compromised if the Master Password is compromised.

    I am so glad you are thinking strongly about the security of your data - thats what we like to see! I'd like to give you just a few resources here to learn more about 1Password's security. First of all, it is important to note that your data file is encrypted with an exceedingly secure encryption algorithm called AES. Even if someone were to acquire a copy of your 1Password data file, it would be extremely difficult (approaching impossible in a human lifetime) for them to actually gain access to your passwords without your Master Password. To learn more about cloud data security, have a read through the following article:

    https://guides.agilebits.com/1password-for-mac-knowledgebase/4/en/topic/cloud-safety

    And you can see the thoughts behind our data format's design here:

    http://learn2.agilebits.com/1Password4/Security/keychain-design.html

    Also, you can check out our blog for many more articles that go into the nitty gritty math behind what makes 1Password so secure:

    http://blog.agilebits.com/tag/cryptography_/

    Finally, if you are concerned about your Master Password being compromised, you may want to have a read through our security guru's article on how to create a strong Master Password that is also easy to remember and type: Towards Better Master Passwords.

    I do hope that this helps, but if you have more questions ... we're here!

  • AgileByte
    AgileByte
    Community Member

    Thanks again for the response. @Megan

    I think the short term solution for me is to move everything out of my Primary vault. That way it will become solely a repository for the vault passwords. Then, on the Mac, I never need to use the Master Passwords.

    Then, I will have several secondary vaults, all in different directories in DropBox, and can unlock just the one (or ones) I want on the desktop.

    I will still need the Master Password to access all the vaults in iOS. But, at least there I can choose not to sync certain ones. Unfortunately, if the Master Password is compromised, they can always re-add the missing Dropbox vaults as it doesn't seem to ask for any passwords once you add DropBox syncing (or I am mis-remembering).

    Cheers,

    Doug

  • Megan
    Megan
    1Password Alumni

    Hi Doug ( @AgileByte ),

    I'm glad you're figuring out a solution that works for you! It seems a bit complex to me, but then I very much enjoy the convenience of accessing all of my data after entering my Master Password. With TouchID on iOS ensuring that I don't have to type my Master Password in on my iOS device in public, I'm really not too concerned about my Master Password being compromised. Your life might be a great deal more exciting than mine though. :)

    But, at least there I can choose not to sync certain ones. Unfortunately, if the Master Password is compromised, they can always re-add the missing Dropbox vaults as it doesn't seem to ask for any passwords once you add DropBox syncing (or I am mis-remembering).

    Please do keep in mind that this scenario requires that an attacker both knows your Master Password and has access to your iOS device. In such an unlikely situation, to add a vault to your iOS device that is not previously synced, they would need to enter that vault's Master Password. Our security guru has written a lot about this type of attack. In particular his post here might shed some light on this for you:

    But an ordinary criminal who gets a substantial portion of your Master Password through shoulder surfing (already unlikely) would have either steal data off of your computers or devices or find a way into your iCloud or Dropbox account to capture your data. Unless you are being targeted by trained specialists, I really don't see this happening.

    Again, it's a great thing to be concerned about your data's security, and only you can determine where the balance between security and convenience comes in. With 1Password, we've done our best to ensure that users have options to find the balance that best fits their needs.

This discussion has been closed.