Feature request - Sharing between family accounts
My sibling and his immediate family have a family account. I have family account with my immediate family. We want to share a vault and/or an item between families. Sharing with anyone https://blog.1password.com/psst-item-sharing/ has a time limit and we don't really want to be guests - https://support.1password.com/guests/ .
Please consider a sharing feature, similar to what was mentioned here - https://1password.community/discussion/127088/sharing-with-other-1password-users and https://1password.community/discussion/93393/can-two-independent-1password-users-share-passwords-with-each-other
If the other family is already using 1Password, why do they also want to be a guest of my family account? Or is sharing of a password simply something that is too complicated from a security standpoint to do between two family accounts? Seems like sharing with anyone or with guests is possible, so a non-technical person would be inclined to think it is possible.
Thank you
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
Guest vault access would be the option at this time as you mentioned. I'd recommend using it. It's really no different than having a second account signed in. You can even use the same password if you wish. Once the application is setup. You'd likely not need that log in information all that often.
It might be something that the team could implement at some time in the future. I'll let them know this interests you.
ref: PB-39302088
0 -
So the recommendation is I grant my extended family, who have their own separate 1Password family account, guest access. How does this end up working mechanically? https://support.1password.com/guests/ does not explain it well enough. The guest, who is already a paid customer, gets an invitation to be a guest from the inviting account. This gives them a link to 1Password? They click on the link and what happens? Do they then have to create a username and password to access the Shared Vault as a guest? Are you suggesting here the to use the same 1Password password with no Secret Key? That sounds like horrible advice, if understood properly, which might not be the case (but saying "You can even use the same password if you wish" - never sounds good, especially for a company called 1Password). Is it only accessible on the web? Or can they access the Shared Vault in the desktop and/or mobile apps? It seems like the Shared Vault to a guest would be less secure than them having access via their account, as all that is needed is this email invitation (an assumption), and possible username/password creation? Rather than if the invitation were directly to the actual second family account, where there is the security of the Secret Key of their own.
I am looking to share secure information amongst families - wills, passwords, account info, identification, etc. Basic info to help family members out when other ones die. I'm not sure I feel comfortable doing using guest access until this option is more clearly explained. This data isn't for the babysitter or realtor (examples given in the link above).
Thank you for your assistance
0 -
Apologies if that last post was somewhat abrupt, particularly the part about 'horrible advice'. I don't see anyway to edit a post after making so just following up to apologize and I'm just trying to understand how https://support.1password.com/guests/ works. It seems:
1. send invite via 1password.com to an email of someone you want to be a guest
2. guest has to accept (but what happens at this point of acceptance?)
3. person who made the invitation gets to invite the guest to one shared vault at a timeDoes this guest have to use a Secret Key to access the shared vault? Do they have a username (email) and password as a guest? I have a minor concern that guest might be more of a risk than sharing to another user who uses a Secret Key (which isn't currently possible) but do not know, hence the reason for initiating this whole topic.
Thank you.
0 -
No worries @Jack229 It's all good.
The person you invite will become part of the family, but they'll only have access to a single vault. They will in essence have 2 passwords, and 2 secret keys. One corresponding to their account and one to yours, for example. They can use the same password if they elect to do so. They can even use the same email address to keep things tidy if they wish to do so.
It's the same as inviting anyone to the family but with the portion of setting a designated vault that they can access.
Let me know what else you might have questions about.
0 -
Great, thank you for that clarification about the 2 Secret Keys, much appreciated. Does the second key end up in iCloud Keychain? I've never been a user of this and fastidious turned it off on any device I've had, however, for some reason I believe my Secret Key is there because I setup 1Password on a new device without needing it (ie. it seems it easily works its way onto iCloud Keychain. I am aware I can regenerate the key, should I wish to).
There is no chance my family member, who may be less in tune with this, would get challenged by 2 Secret Keys in iCloud, if this occurs, setting up new/refreshed devices?
0 -
Assuming you have iCloud keychain turned on, the yes, the Secret Key would be saved to the keychain. We save it there to aid in setting up new devices just like you experienced and as a backup of sorts. You should see my keychain with about 7 or 8 testing accounts. Haha. Correct, you can regenerate the key if needed. Most folks would not need to do so unless they have concerns about the key being compromised.
If they are adding the account to the apps, they would need to provide the Secret Key, email, and password. Once the account is set up on the device, I would not expect the Secret Key to be asked for on a regular basis unless they fully sign out of the account, clear their browser history, or when making the switch to a new browser. Most times, if you/they have the desktop application installed and the given account signed in, it all happens auto-magically due to what we call the shared lock state (The connection between the desktop and the browser).
I would recommend saving the 🚒 Emergency Kit to a place they can access it should they need to do so.
0 -
So guest access can happen via the desktop app? and mobile app? Not just web browser. Once open can the user log into both their Family and Guest accounts at the same time? Or is it only one at a time?
Agree saving the emergency kit to a place they can access is wise. Provided they've done this with their own Family account they could just save the guest emergency kit as a document in their own 1Password account.
Are you able to enlighten me on an iCloud Keychain scenario:
my sibling's Family account: email1, key1, pass1
Guest account: email1, key2, pass2-key1 and key2 get stored in iCloud Keychain
-my sibling opens a 1Password app on a new Apple device or freshly reset/formatted device
-enters email1
-does key1 or key2 get automatically selected based on whether pass1 or pass2 is entered?
-or are both keys available to access 1Password, so by using pass1 or pass2 it simply opens the Family or Guest account based on password?Wondering how iCloud Keychain works with multiple Secret Keys. Clearly it must, hopefully seamlessly, since you are using it a lot with your many testing accounts. Hopefully some of those testing accounts are using the same email.
Thanks for your insights.
0 -
Hey @Jack229
The only impossible scenario is that two members of the same family cannot sign into the same device at the same time. For example, a husband and wife from the same family cannot be signed into the same application. There are a couple of workarounds to this. Multiple users on the device or multiple browser profiles, for example. You should have no trouble signing into your account from your family and your account in their family. I've had as many as 6 or 7 different accounts signed in simultaneously. Nowadays I try to limit it to a max of 3 at any one time but that is a self imposed limitation.
They way you described saving the Emergency Kit is the way I do it for my testing accounts. It's not a big deal if I lose one of those. The only one I take a lot of extra precautions with is my personal account.
Each account entry is saved in the keychain. You will find the Secret Key and the email address for one 1Password account saved as a single entry. It's not designed to be human-readable, but it can be done. All of my testing accounts use different addresses.
When you initially open one password on a device, you'll be prompted with a list of accounts found in the keychain. You select the one you wish to use and provide the password. You'll be signed in. For example, I see a found account named Toms family and one named Toms (Individual test). I specifically saved the names of my accounts to help avoid confusion. Most users with one or two accounts might see Jack's Family (for your family) and then your relatives. You might see (insert name) family for theirs.
Yes, keychain will work with multiple Secret Keys.
0
