Powers of Family Organizers / Multiple "Private" vaults (revisited)

BLD
BLD
Community Member
edited September 2022 in Families

This thread from over two years ago is closed:
https://1password.community/discussion/94579/powers-of-family-organizers-multiple-private-vaults/p1

I really apologize if this question is answered in a more recent post, FAQ or KB article. Please feel free to say RTM with a link, if so.

Has any progress been made on the issues raised in that thread for a Family account?

I really painfully still want:

  • any family member to be able to create shared vaults that even organizers cannot get into
  • any family member (or ones designated by the organizer(s)) to assist with recovery (even for the organizer).

And ala Apple's new Legacy Contact feature, something similar for 1P would be great.


1Password Version: 8.9.4
Extension Version: Not Provided
OS Version: macOS 12.6 / iOS 16.0.2
Browser:_ Safari / Chrome / Firefox
Referrer: forum-search:https://1password.community/discussion/94579/powers-of-family-organizers-multiple-private-vaults/p1

Comments

  • BLD
    BLD
    Community Member

    1Password support -- can you please comment on this?

  • GreyM1P
    edited October 2022

    Hey there @BLD

    The features you mention about permissions and recovery are available when you use a 1Password Business account, but not 1Password Families. In 1Password Business accounts, the owner of the account can allocate Admin and Recovery roles to certain users. There's more information about that here:

    Use custom groups in 1Password Business

    Generally speaking, in the small groups that make up a family, typically about five, we find that the most common setup is to have one or two Family Organizers who can recover other family members in case they get locked out. All Family Organizers are equal in terms of permissions and powers, and on the family scale, we try to keep things as simple as possible, which is why there are only two types of user in 1Password Families: Family Member and Family Organizer.

    I'll pass on your feedback about this to the product team for them to consider. If you want to use those features right now, let me know and I'll be able to direct you on how to upgrade to a 1Password Business account. Thanks for your suggestion! I can't make any promises about if or when any changes will be made to 1Password Families, of course, but our product team read each and every suggestion they're sent. Please let me know if you have any questions, or would like any further help. :)

    — Grey

    ref: IDEA-I-1991

  • BLD
    BLD
    Community Member

    So nothing has changed in the past two years, despite all that clamor from many users for change. That's depressing -- feeling the same about the lack of exact URL matching for suggestions. As good as 1P is, these two major drawbacks which have failed to be addressed in a very long period of time despite numerous users begging for them is quite discouraging.

    1P Business has far more functionality (and expense) than I need -- so for 1P to continue to insist that a "family" must allow the organizer(s) into all shared vaults is just head-scratching. And any family member should be able to help recover another family member's account by default -- why limit it to just organizers?

    I understand offering different tiers of service at different price points. I do not understand these limitations on the "family" tier -- they're not reasonable.

  • @BLD

    Our product team are continually assessing what to work on next based on customer demand and to work towards our long-term goals.

    Particularly for family accounts, we've preferred to keep them consumer-level, with as little complexity as we can get away with. Having only two tiers of user in a family account, Organizer and Member, is something that our 1Password Families customers can easily understand. We're keen to not overwhelm customers with too many options or features that can get confusing.

    In a business environment, there's significantly less trust than in a family setup – only certain teams should have access to certain things. It's at that point that the custom groups and permissions and additional roles come into play. The "principle of least privilege" is very common practice in business environments for a variety of confidentiality and regulatory reasons, which generally don't exist at home. So in that sense, we've set up 1Password Families to have simpler implementations of what you would find on a business account, so as to avoid difficulty for customers and to avoid bloating it with options that may well go unused.

    I've linked to this thread in our internal conversation about 1Password Families, so your comments can be seen by the product team.

    As the Family Organizer for a (fairly) large family account myself, I could only give you advice based on what's worked for me and is seen as generally good practice for family accounts. Only I am set as a Family Organizer – all other users are Family Members. I have a copy of my Emergency Kit in a safe place that I could use to get back into my account if I ever got stuck, so I don't need anyone else to recover me. There are vaults in the family account (not Private vaults, of course) that are shared but to which I have no access. Yes, I could give myself permission to view them, but the other members of my family know this, and either trust that I won't do it (which I won't), or use their Private vaults and then use Item Sharing.

    I do understand you feel this is a "limitation" of 1Password Families, as you said, and I'm sorry you feel that way. The more advanced features that you're looking for are available in 1Password Teams or Business accounts, just not in 1Password Families right now. We'll see where we go with that. We've not heard many customers asking for this functionality in 1Password Families, and I imagine if (purely hypothetically) 1Password Business accounts were rebranded as something like "1Password Pro" or similar, anyone who wanted that kind of functionality would just use that tier instead. 1Password Families is deliberately tipped towards ease of use vs more complicated features – if it's too difficult to use or understand, people won't bother and will resort to their old bad habits of password management, which is the worst possible outcome, I would say.

    You'd be very welcome to email us to see what we can do to help you upgrade a 1Password Business account at support+forum@1password.com – include a link to this thread in your message, and our team will be able to take a look at some options. I'll also be happy to answer any questions you have here.

  • BLD
    BLD
    Community Member
    edited October 2022

    I really appreciate the in depth responses you folks at 1P put into your forums.

    But what you have written is simply echoing what has been said by your team in the past.

    I find your assertion that you've not heard many families asking for this surprising -- the prior thread from two years ago as well as others on this forum run into the 10s of users that have taken the time to write something up requesting this in a public forum. Since not all users are going to take the time to write (and I have no idea what private support requests you are getting), that sample indicates to me that many users disagree with the limitations in the family product.

    Again, I strongly agree with the overall philosophy of simplifying product tiers -- and adjusting pricing with additional complexity and support. But I just as strongly believe you have too severely limited your middle Family tier. The significantly larger expense of 1P Business for what I feel are fundamental omissions make that a non-starter for me, and I believe likely many of the others who have posted about this. If you truly feel that lifting these restrictions on 1P Family itself are onerous on implementation and support, perhaps you could consider a 4th tier in between Family and Business (1P Small Group) that is only slightly more expensive. But frankly, I think 1P Family itself should just be changed to not have these problems.

    1) Any family member should be able to help in access recovery for any other family member. Since recovery requires the participation of the member being recovered, I don't see why limiting that ability to Organizers makes sense.

    2) 1P already recognizes the need / desire of individual family members to keep data protected even from Organizers through private vaults. The inability to create or share vaults only with specific other family members is no different. This is akin to saying kids are not allowed to have secrets between themselves not shared with their parents. 1P is forcing a particular model of "trust" for the definition of a Family.

    3) Finally, to prevent the need of insecurely writing down Emergency Kits anywhere (as has been pointed out in other posts, even a bank safety deposit box is not necessarily secure), 1P's direct support of a "Legacy Contact" like Apple is doing would be a great peace of mind. But this has just given me an idea... I can encrypt a copy of my Emergency Kit, store it in Apple's iCloud data, and provide the key to my family members. It's protected from any access by Apple or compromise of its data, and family members can't get to it except through Apple's Legacy Contact program.

This discussion has been closed.