Families - Multiple Private Vaults?

Longtime1Puser
Longtime1Puser
Community Member
edited September 2021 in Families

Since 1Password 8 does not support local vaults, will it support multiple private vaults for each family member? (I'll have already filled out the survey for supporting some local hosted option)


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

«1

Comments

  • JohnnyFJohnsson
    JohnnyFJohnsson
    Community Member

    please someone from the 1Password support staff correct me if I am wrong, but I think you can do that already. The only downside I see so far is that family administrators can potentially see all additional vaults other than the main private one. But a regular family member should only be able to see vaults they have been invited to.

  • Lars
    Lars
    1Password Alumni
    edited September 2021

    @Longtime1Puser - only one vault is your default "Private" vault, but you can create as many vaults as you wish in a 1Password Families account, and invite any array of fellow members to each one -- or nobody at all, which would make such a vault yours alone.

    To your point, JohnnyFJohnsson, Family Organizers cannot "see" all vaults automatically. Because they are administrators of the account, they would have the ability to add themselves to any vault except a users' private vault, but that would have to be a proactive decision on their part; they are not invited automatically, nor can they see/use the data in any vault of which they are not a part.

  • Longtime1Puser
    Longtime1Puser
    Community Member

    Understood. Is there a way to prevent administrators from granting others access to those other vaults?

  • Lars
    Lars
    1Password Alumni

    @Longtime1Puser - the only way to accomplish that is to be the only Family Organizer. 1Password Families is designed with a certain level of trust implicit in the model; families are not individuals, and they are not organizations or companies. We're aware families take many forms as well, but if one is genuinely worried about other family members taking the proactive step of adding themselves to vaults they were not invited to, just because they have the power to do so, I'd suggest individual accounts for that family -- either in lieu of or potentially in addition to the 1Password Families account.

    To be clear once again, each user can indeed create as many vaults in a 1Password Families account as they wish, and make them available to only themselves. But owners (which is essentially what Family Organizers are) do indeed control the entire account, including the ability to delete the account, or individual users within it.

  • Moving this over to our Families category, as ultimately this is something that would need to be built out on the service side first. It isn't something 1Password 8 could address on its own.

    Ben

  • JohnnyFJohnsson
    JohnnyFJohnsson
    Community Member

    Hi @Lars thank you for the clarification :)

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Lars, you are welcome :)

  • kaffeeundsalz
    kaffeeundsalz
    Community Member
    edited October 2021

    @Lars I have a follow-up question. What information exacly about additional vaults is exposed to other family members? I understand that family organizers can always grant themselves access to any vault except my personal one. With this being clear: When I create an additional vault with me as the only one having access to it – would other family members still be able to know that it exists? What it's called? What access privileges it has? Or is the mere existence of additional vaults hidden from other members unless I manually add them?

    Sorry if this has been answered before. I could't find any information about this.

  • @kaffeeundsalz

    If the other family members are Family Organizers then they would be able to see the names of any additional vaults created on the Vaults page in the sidebar at https://start.1password.com/. If they are not Family Organizers, and you haven't given them access to the vault, they would not be able to see even the fact that it exists.

    Ben

  • kaffeeundsalz
    kaffeeundsalz
    Community Member

    Thank you @Ben. This answers my question perfectly.

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of Ben, you are very welcome @kaffeeundsalz :)

  • robert1p
    robert1p
    Community Member

    Is there a way for users to create additional Private Vaults (such that Family Organizers do not have access)? I have a number of items I'd like to store in a vault, but do not want to clutter up my default Private Vault. I also don't want the items to go into a vault that is accessible to other Family Organizers.


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided

  • Hey @robert1p:

    Thanks for your question! At this time, currently only the default Private vault is accessible only to the individual, and any other created vaults would in theory be accessible by family organizers. This is something that we're exploring, and while I can't promise anything, I have added your input to the internal discussion we have on this topic.

    Jack

    ref: dev/b5/b5#1467

  • robert1p
    robert1p
    Community Member

    Great. At this point I'm using the Archive feature, but it leaves a lot to be desired (as it doesn't work with tags, etc).

  • Thanks for sharing your experience, @robert1p. Hopefully this is something we'll be able to better accommodate in the future. 🤞

    Ben

  • tsoukan
    tsoukan
    Community Member

    I'll second a request for this feature.

  • oliverblitz
    oliverblitz
    Community Member
    edited March 2022

    I feel it would just be good practice that I - as a family administrator - would not even theoretically be able to breach trust and add myself to my parents' shared items folder. I don't want to have that option.
    Family circumstances can change rapidly sometimes; thinking only about the things I've seen inheritance do to normally peaceful families.
    In the interest of doing things "right" from a security standpoint, I'd welcome it if only the creator of a (selectively) shared vault could change the visibility and members' rights in their vault.

    (edit: sorry for bumping an old thread before looking at a more current thread for this issue. I just landed here directly from a google search)

  • Lars
    Lars
    1Password Alumni
    edited March 2022

    @oliverblitz - it's something around which discussions continue to take place. One of the issues here is that shared 1password.com accounts are all architected more-or-less the same way. Some versions (such as 1Password Business) have had more features added to them because larger accounts need things like finer-grained controls and a variety of other features. But the essential structure is the same: there are Owners of accounts (the person who first signs up is by default the sole member and sole owner, until they invite others; they can also make other members co-owners with privileges identical to their own). There are Administrators (with all the powers of Owners except billing responsibilities and the ability to delete the entire account), and there are members. All of this was part of the structure of the original 1Password Teams that we launched publicly in December, 2015.

    1Password Families was our second offering, and it had a couple of notable differences from 1Password Teams: first, it was much less expensive ($58.99/yr total for up to five members, instead of (at the time) $167.88/yr per user for 1Password Teams), and second, it was comparatively feature-limited. There are no formal "Administrators" in 1Password Families because although you can pay to add extra members beyond the included five to a 1Password Families account, the presumption was that 1Password Families accounts would usually be five or fewer individuals. No need for multiple levels of hierarchy, just members and one or more Owners. "Owner" in 1Password Teams was renamed "Family Organizer" in 1Password Families, and some of the more-advanced administrative features of 1Password Teams are not present. But for ease of explanation, a Family Organizer is the "Owner" of the account. That usually means: the person who pays for it and provides it to the others (parent with children, for example). We recognize there are many different configurations of families, but in the organizational/business world, the concept of "owner" has a specific meaning: they have access to most of what you do as a member/employee, just as your company email address is provided to you without charge by your employer, etc. So it is within 1Password: Owners can do everything except view the contents of a team members' Private vault. They can delete users, suspend them, help them with recovery if they lose their Secret Key or forget their Account Password, even delete the entire account.

    In the organizational world, none of this raises many eyebrows: it's generally understood that you do not own your company-provided devices, nor your company email account or other software subscriptions/licenses/tools you're given access to at work, and that your employer can remove or alter your access to them for any reason. That's part of what it means to be employed. In a family, the expectations are different. You've highlighted one of the things people might reasonably want (the ability to create multiple private vaults, even shared with other family members, that the Family Organizer cannot add themselves to, or potentially cannot even see). Another request has been that if a Family Organizer deletes a member, instead of their data being simply gone, they would be "spun off" into a trial-basis individual account, and questioned via email whether they wished to continue their account as an individual, paying for themselves and keeping all their Private vault data.

    All of these (and more) are reasonable ideas, certainly well worth considering. And consider them, we do. However, enacting any of them would require us to invest significant resources to create some of the more-intricate use cases of any currently in existence within 1Password. Allowing accounts to be "split off" when deleted is non-trivial to construct on many levels, as would be re-architecting the 1Password Families offering to allow users to create vaults/sharing the Family Organizer cannot see/administer. Which circles back to the first point I made earlier: cost. We have a lot of love for families of all kinds, and we recognize most family budgets aren't the same as company budgets, so we wanted to make 1Password Families affordable. And it is: 1Password Families is by far our most–affordable option. It is also our least-used account-type. We have many more Individual accounts and Business/Teams accounts than we do 1Password Families accounts. And that is where some of the internal discussions remain: considering whether to expend substantial resources to re-tool our least-used and most affordable option, to make some of these features possible.

    Your point regarding family circumstances being different between families, and perhaps even changing rapidly, is well-taken. For the present, however, I would offer the same advice to you as we have offered in the past: if members of a family who are invited to join a 1Password Families account feel uncomfortable or unsafe with the structures as they exist (Family Organizers being able to delete their account, etc) - or even worry such a thing might become a problem in the future, then I would recommend an individual account for that person. It is the only account we offer where you are the sole occupant and Owner of the account; no one else can affect or change anything about it. Yes, that means you would not be able to easily share vaults/data with other members of your own family. But it would mean you would be the only person able to access/control it as well.

    Another option that makes almost exactly as much sense, cost-wise, would be for anyone thinking along these lines to create a 1Password Business account, and store their own personal data there. All 1Password Business accounts come with an included 1Password Families account, which could then be set up as a sharing-only account you could use the Shared vault to keep things like the family Netflix password, etc, while retaining total control over your own personal items. The cost difference would be $7.99/mo ($95.88/yr) with an included (free) 1Password Families account, vs paying for a 1Password Families account ($59.88/yr) plus an individual account ($35.88/yr) = $95.76/yr.

    Anyway, thanks for the opportunity to go over the current state of things and how we got here. And of course, feel free to ask any questions. 😃

  • oliverblitz
    oliverblitz
    Community Member

    Thanks for taking your time for this super detailed breakdown, @Lars . I gotta say: whenever I contact your support, the reply is top notch and speedy.

    I can certainly follow your logic about the heavy investment any such restructuring would require. Thanks for suggesting different kinds of solutions as well!

  • Lars
    Lars
    1Password Alumni

    @oliverblitz - you're quite welcome. :) Happy to help anytime.

  • chopin1012
    chopin1012
    Community Member
    edited March 2022

    I appreciate your breakdown of features, pricing, etc. However, having just come from a stand alone license, I have a use case that doesn't necessarily deal with trust issues. My wife wants a vault for her work passwords. Her employer will not be investing in a 1Password business account (so that option isn't a possibility, nor a good solution). We both must be family organizers, as well as two other members, but that means all organizers can theoretically share that new vault with the entire family. This isn't about trust. It's about security protocol. Please strongly consider making one change: when an additional vault is created, beyond the default shared vault, the creator decides with whom it is to be shared. Family organizers can still let people in if locked out, but they shouldn't have the ability to share that vault with everyone. The advertising for 1Password Families says you can control with whom your vaults are shared, but it doesn't advertised that family organizers also have that control. I think it would be a huge improvement to either eliminate that control or make it optional. There is also the issue that I have to make certain family members organizers, but those family members don't all have good personal device security, and having their children or a stranger who has access be able to share my vaults or my wife's vaults doesn't make sense. This is a frustration coming from the stand alone option.

  • Blake
    edited March 2022

    There is also the issue that I have to make certain family members organizers, but those family members don't all have good personal device security, and having their children or a stranger who has access be able to share my vaults or my wife's vaults doesn't make sense.

    There's definitely an implicit level of trust built into the design of 1Password Families. Each member of a 1Password Families account will have their own Private vault as a default place for them to store their data. This vault is one that not even the Family Organizer(s) can view/use/change the contents of, and while it's important to recognize that any Family Organizer cannot see your data in the Personal/Private vault they could still delete your (or any other family member's) account. That's what it means to be a Family Organizer, and that's where you have to make a judgement call as to whether someone should be trusted with that level of access.

    If your wife is concerned that giving a Family Organizer administrative control might put your data at risk, then the best solution is to have her sign up for an individual 1Password account where they are the only person with access and privileges.

  • Lars
    Lars
    1Password Alumni

    I'd just add to what Blake said that if your wife plans to use a 1Password app (for Windows, Mac, Linux or mobile) or 1Password in the browser, then she can add both her individual work account and her 1Password Families account she shares with the rest of you. They will remain cryptographically separate, but both will be visible and usable within 1Password.

    Alternatively, if she doesn't want to purchase an Individual account just to store work passwords, she could use her Private vault for work passwords as well as personal passwords. That may or may not be a suitable solution depending on her specific situation/needs, but it would allow those sensitive work Login and Password items to be viewable only by her.

  • chopin1012
    chopin1012
    Community Member

    I appreciate the quick responses and understand the workarounds. I hope changes to allow a vault creator to control with whom it’s shared can be part of a future update. I would personally prefer that type of use capability.

  • kaffeeundsalz
    kaffeeundsalz
    Community Member
    edited March 2022

    she could use her Private vault for work passwords as well as personal passwords

    This is how I tend to do it. It usually works fine because the 1Password client lists tags in its sidebar, which means I can use one tag for all items that belong to a specific project and quickly filter the password list by just clicking that tag in the sidebar. For me, this eliminates the need for additional vaults in the majority of cases.

  • Lars
    Lars
    1Password Alumni

    @kaffeeundsalz - yep, that's what we recommend. It's a human instinct to choose different "containers" for things one conceives of differently (work, home, projects, whatever one's personal categories look like), and in 1Password, vaults are the thing people most-commonly land on. You can create as many as you like with no additional cost, and there are many reasons to create new vaults, especially in group accounts. But the power and flexibility of tags has some distinct advantages as well, and this is definitely one of them, when it comes to 1Password Families accounts. Putting all items for which you want there to be zero opportunity for anyone else in the account to see/know/use into your Private vault, and using tags to manage and categorize them, works very well in the vast majority of cases.

  • Simolation
    Simolation
    Community Member

    We switched from KeePass and Enpass to 1Password Families to enjoy the benefits of sharing some accounts and credentials. But I really do not understand why you can't specify that you want to create another “Private Vault” or a vault that can be shared. The benefit of sharing passwords is not equals to giving control over everything to everyone in the family, or at least the family organizer. Especially when creating vaults for work credentials, it is just unthinkable that everyone can just gain access if they feel like it. It has nothing to do with trust, but with privacy and security requirements.

    There is no technical reason to not allow that. Also, the solution of buying a Business Accounts for everyone which then includes a free family account for everyone or family plus individual accounts make no sense at all.

    I hoped for an easy way to keep track of my credentials with the option to create one or two shared vaults which I can share with my family. That every vault is a shared vault is more or less a dealbreaker from a security standpoint. On the other hand, why can't I share vaults in the individual plan? Encrypting the key with another key pair is technical, not difficult. Every “solution” presented here increases the price a lot, as you'd have to combine multiple different accounts just to achieve the most basic use case I can imagine.

  • chopin1012
    chopin1012
    Community Member

    Thank you for your response to this. I have appreciated the timely response from 1Password, but it has felt as though they’re trying to convince me that their use vision is how it should be. I totally agree with you that trust and security within a family plan are and should be distinct. My having a family account does not mean I should trust access to my additional vaults to every organizer. I should always have the right to make that choice for myself. Additional private vaults would be quite welcome, and I hope developers will listen. There are several people on these forums who feel the same way as this is not the only thread expressing interest. I truly love 1Password, but sometimes it feels as though the developers ignore user preference and instead try to convince us of what we want. There’s a time and a place, but additional user vaults or the ability to create additional vaults and select who can and can’t have access should just be part and parcel to the 1Password family experience. Thank you for voicing your thoughts!

  • fastbucks
    fastbucks
    Community Member

    Hi, I want to add another datapoint on this usage pattern. I have a family account that I share with my siblings and their respective spouses, as well as my parents. Members of my family want to have separate vaults with their spouses, that are inaccessible to family administrators under any circumstances. These would contain things like shared bank accounts - logins that, from a security perspective, should never shared, regardless of the level of trust.
    I also want to add that in the current world, there needs to at least be transparency for users that the vaults they are creating are accessible to administrators. Having championed 1Password in my family, and talked up its security posture, it was immensely awkward having to explain to people that their vaults were not in fact completely private.

  • chopin1012
    chopin1012
    Community Member

    Aside from my wife’s work accounts, which I mentioned in an earlier comment, I have the same use case and concerns that you have. I have three couples total on the account. I created a vault to share bank accounts, credit cards, etc, but realized any administrator could technically see them, so I don’t share them. I trust my family, but that doesn’t mean I want to share or should have to grant potential access to those items. It’s not realistic to not have the adults as administrators. I had talked up having additional vaults shared between spouses. I then let everyone know the limitations. So far, no one has utilized any additional vaults, so that capability is unused because we can’t make them truly private.

    I second transparency, but it’s insufficient. Trusting family does not mean giving them access to our passwords, and the solution shouldn’t be paying for additional subscriptions or not utilizing available features.

    I would suggest the continued comments and other threads along this line signal that there is interest from users for either additional private vaults or the ability to toggle administrator access off for selected vaults. Having access to passwords shouldn’t be required to help a family member regain access, from a technological perspective.

This discussion has been closed.