The administrators have come to be wary of how the dog Patty treats data. There's an example story from the 1Password Teams Security Design white paper (page 46): If you're avoiding having to change a password after a user no longer has access to the 1Password entry… well then you should be changing the password anyway, because you should assume they do have the password. If someone can use a password to log in somewhere, they can view that password. This is true for any solution-not just 1Password. Someone who is even slightly determined can simply edit the source on a page (or use a bookmarklet or extension to do it automatically) to change all the password fields on a page to plain text fields. Edit: Rereading that linked support article and it looks like the Teams plan also has the ability to prevent users from revealing or copying passwords.Īs you pointed out, it's important to recognize that concealing passwords only protects against casual or accidental password viewing/copying. When setting up a vault, you can manage the permissions and remove a user's ability to view and copy passwords, meaning they'd only be able to autofill the password. That's something 1Password has, but only on the Business plan. And I understand that even with an autofill sort of situation, there are still ways to figure out the password, but it at least takes a little more work than if I just show it to the person outright. That's maybe fine for a single login (maybe), but not if I'm sharing everything the company uses. I get that showing the password is the most convenient thing, but it means I'll have to change it as soon as the share period is over. Best I can tell right now, 1P will show the password to everyone I share it with, inside or outside the org. Both LastPass and BitWarden offer the option to hide passwords from the person they're being shared with. Given its reputation for ease of use, I'm thinking of bringing this to my small business, but there's one key feature it shockingly seems to be missing: the ability to hide passwords from team members. Like many, I'm trying out 1Password for the first time from LastPass (and testing out BitWarden). Is there a way, through Teams or Business accounts, to conceal the passwords you share (requiring them to use autofill through an app or extension)?
0 Comments
Leave a Reply. |