How private is Private?
With 1Password Families, what is needed to gain access to the Private vault of any given member?
Can I, as a Family Organizer, access the Private vaults of other family members? Can I use my knowledge—assume I've gained it somehow—of a family member's current email address, Master Password, and Secret Key to gain access to their Private vault? Will the Account Recovery process, assuming I can pass all its qualifications, end up granting me access to a family member's Private vault?
I have no current need or desire to access family members' Private vaults, but I wish to know and to inform them of whether and under what circumstances I or other Family Organizers may do so. Thank you in advance for your response.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
No one can access another person's Private vault in 1Password Families without their Master Password and Secret Key.
A Family Organizer can delete another user or change what they can access in 1Password, but they can't view other users' Private vaults. With all user-created vaults, a Family Organizer can add themselves to the vault, which would allow read/write access, but this isn't the case with Private vaults.
If you have access to another family member's Secret Key and Master Password (and you know what email address they used to sign up), then of course you can sign into their account. Users should not be sharing Secret Keys and Master Passwords with each other.
By the same token, if you as a Family Organizer know another user's email credentials, then yes, you could initiate the Recovery Process for the account, receive the email sent to the family member, and then respond as it -- set up a new Master Password and get a new Secret Key for the account, in other words. If you do that, you would be able to see the contents of the user's Private vault, but here again, general security practices would be that you don't share your email login credentials with others. That's not something 1Password can really prevent -- access to someone else's email credentials. To be clear, this isn't something we support or recommend doing, and it requires knowledge outside of 1Password that people ordinarily wouldn't possess about one another...but it IS possible.
It's a bit like saying "if I'm able to install code running as root on another user's computer, would I be able to capture their Master Password?" Well, yes. We can't protect a user against a competent adversary who's managed to compromise a user's device in such a way, and we can't prevent the scenario you describe if a Family Organizer has managed to acquire a user's email credentials (or their Secret Key and Master Password), either. If anyone else were to acquire the credentials for an email account that was used to sign up for 1Password Families, the attacker would have to a) know there was a 1Password account set up using that email account and b) convince/socially engineer the Family Organizer (you) into putting the account into Recovery process. Even then, the user themselves would presumably be receiving the emails that would be sent out regarding Recovery on their account, and could message you to say "wait, this wasn't me." But if it's the Family Organizer who has both intent to violate the user's privacy and has that user's email credentials, then yes you could do that.
The bottom line here is that unless you possess sign-in credentials for either a user's 1Password account or their email account that arguably should be private and you should not have, you can't see the contents of their Private vault. 1Password is designed to be quite secure in this regard.
0 -
Thank you for your detailed response, @Lars. You've given me just what I need to provide my family members with accurate info so they can operate their accounts within 1Password Families on the basis of informed consent.
FYI, along with my Family Organizer role in 1Password Families, I act as trustee, executor, power of attorney, medical representative, and trusted contact for my various family members. Additionally, I'm the "IT guy" who advised them on and initially set up most of their (single) email accounts, bought, set up, and configured their computers and home networks, and helped them to create and record their Apple, Google, and other major IDs and passwords. Finally, I'm the one who purchased 1Password Families, created their accounts (invitations, activations, and confirmations), filled in and saved their Emergency Kits, and created, populated, tested, and then removed myself from their non-Private, non-Shared primary 1Password vault. Now, about those credentials I should or shouldn't have...
0 -
I mean, it's not my place to say what "should" be the case in a specific situation - but as a general observation, those kind of credentials are not the kind of things people typically share freely with others, especially if they're concerned about security, for exactly the reasons I gave in my earlier reply: it allows things to occur that a) wouldn't be possible under ordinary circumstances and b) likely the users would not want to happen.
If the greatest degree of transparency and informed consent for your family members is your goal, I might suggest pointing out to them that they can prevent the possibility of such things happening by simply regenerating their Secret Key and/or changing their email password. Just a thought.
0 -
Thanks again @Lars. I shall so advise them.
Assuming one or more of them opt to create new Secret Keys and Master Passwords (same as your 'email password' above?), would I, as Family Organizer, still have access (by adding myself) to their non-Private, non-Shared primary vault (edit: was 'account' before)? I believe that's all I really require to carry out my other roles unless they adopt the "bad" habit of storing access info for the usual billing accounts (credit cards, utilities, subscriptions, medical, etc.) in their newly and thenceforward forever private Private vaults.
0 -
I'm not sure what you mean by "primary?" Do you mean that in addition to these family members' 1password.com accounts, they also each have a standalone Primary vault? If so, then the Master Password they use for their local 1Password app would be the vault password of that Primary vault, and any 1password.com accounts they add to the app would be a separate thing. You could still not see/use their data in their Private vault of their 1password.com account, but if you knew the Master Password they used for their local 1Password app, then again, you'd be able to unlock their copy of 1Password, which would unlock all standalone vaults as well as all 1Password accounts added to the app. That's how we're able to do it with only ONE password. If you meant something else by "Primary," can you clarify?
0 -
Sorry to throw confusion into the conversation, totally my fault. I meant vault, not account—I've edited the post above.
As background, in the initial set up of their accounts in 1Password Families, for each member I created a vault that is neither exclusively private nor intended to be shared with other family members as those two vault types come preconfigured with each family member account. This new vault which I term "primary" (lower-case 'p') is the one they (with me helping) populated with their access info for use in the routine course of accessing online resources. Should they have problems doing so for one reason or another, I can add myself to the vault, work with them to fix the problem, then remove myself and life and logons will go on. Looks like you guys already picked all the perfect names for the main vaults. Hey, "Main"—I like it...
0 -
Thank you for the clarification :+1: Primary is also the default name for standalone vaults, so that's where the confusion came from.
0
