1Password slack app of organisation shows my private logins

Hello,

I've been using 1Password for many years on my private account, connected to my personal email address.

A couple of months ago, I got an invitation to a shared (team) vault. The invitation was sent to my personal email address, and I was able to join the shared vault. The organisation who invited me to the shared vault uses the "1Password for Slack" App. Now, it was brought to my attention (by the admin of the organisation) that ALL my login attempts are tracked in the according Slack channel. In other words, not only my login attempts to the single shared vault I joined, but ALL my login attempts, even with in my private account, which as absolutely nothing to do with the company.

Although no detailed information is being shared in the automated Slack channel, I have high concerns in terms of my privacy. I simply do not want that an external organisation / company knows when & how many times I logged into my various (private) accounts. I am kind of shocked that this kind of tracking is even possible, or at least seems to be the default.

Hoping for a solution / quick fix for this, as it's an absolute no-go for me!

Sincerly,
Lucas


1Password Version: 7.3.2
Extension Version: 4.7.5.90
OS Version: OS X 10.14.6
Sync Type: 1Password membership
Referrer: forum-search:slack

Comments

  • MeekMeek

    Team Member

    Hey @anteante,

    Thanks for writing in! First off, I want to assure you that the only sign-in attempts that will show up in the business Slack channel are sign-ins to your team account - it is not possible for sign-ins from your personal account to show up in that Slack channel.

    That being said, I think I know what you are seeing. If you are signed into both your team account and your personal account in the 1Password apps, then unlocking 1Password will authenticate you with both accounts (team and personal). So if you unlock 1Password with the intentions of using your personal account, 1Password will authenticate you with both, and so that is why you see it show up in the Slack account (i.e. you're seeing the authentication attempt to the team account).

    If you'd rather not have this happen, then open up 1Password > Preferences > Accounts and make sure you've only added your personal account to the app.

    If you have any more questions, please let us know.

  • jpgoldbergjpgoldberg Agile Customer Care

    Team Member

    Hi, @anteante, just letting you know that our security team is looking into this.

  • Hey @meek,

    thanks for your reply. I get your point, however removing the other (team) account from 1Password > Preferences > Accounts is not an option, as I have to work with the shared vault (from the team account) on a daily basis.

  • Hi @jpgoldberg,

    thanks a lot, I appreciate it.

  • PilarPilar

    Team Member

    Hi @anteante

    I wanted to follow up Meek's comment. If you have both your personal and work account configured in 1Password then when you unlock 1Password you will indeed be authenticating to both accounts. Even if you did not intend to use a password in the work account, you have unlocked it and hence your work will get a ping informing this is the case. There are a couple of work arounds that I can suggest for you:

    1. Use different user profiles in your Mac for work and personal use. With Mac, it's very easy to change from one profile to another.
    2. Use a combination of 1Password for Mac and 1Password X in different browsers. For example, you can download both Chrome and Brave and use Chrome for your personal browsing and Brave for work.

    I'm sorry for the confusion, and I hope that one of these 2 work around will help you.

  • Hi @Pilar

    thanks a lot for your suggestions, I definitely will try that.

    Just to be clear, would it be possible to use the 1Password app (not the extension) on my "work" iMac with just the shared vault, and use the 1Password app on my "personal" MacBook Pro with _ just_ my personal vaults? Or would mean getting rid of say the team account on my MacBook result in "loosing" it on both machines, because they are synced?

  • BenBen AWS Team

    Team Member

    @anteante

    You can have different accounts signed into 1Password on different devices. :) As such what you are asking about should be possible,

    Ben

This discussion has been closed.