Getting started with 1Password for your growing team, or refining your setup? Our Secured Success quickstart guide is for you.
Migrating another company's 1Password due to acquisition
Hello, We've just acquired another company and are tasked with the effort of migrating their 1Password contents into our 1Password environment. I've seen instructions for migrating from 1Password 7 to 8, but that's not really what I'm looking for. We need to get everything, vaults, users, etc. from their environment into our environment. Is there a dedicated migration system for this type of scenario? Or will everything need to be added to our environment manually?
BloodHound OpenGraph
Exploring a 1Password instance to map user access to vaults SpecterOps BloodHound is a tool for mapping identities and attack paths for Microsoft products, but has added OpenGraph to do the same for other products , with one of the first examples being 1Password. What is our Bloodhound users' experience with this new tool? How does this compare to using the native tools? I have no affiliation with SpecterOps or experience with their products, but am interested in identity and access discovery in an information security context.
1Password dev ressources vs IPO
Hello, since 2024, when 1Password started looking into/considered an IPO, i have the feeling all development ressources were focused solely on growing the userbase and everything else was deprioritized. For example: The terraform provider didn't get any updates (e.g. Ephemeral Values) Simple improvements are deep in the backlog: Collapsible tags Displaying the user on the "last edited" line Improvements for managing vaults/users in an enterprise context are missing: Admins still can delete Owners Vaults can be deleted by any admin without "four-eye-principle" ... There is no way to export vaults encrypted Maybe some ressources could be assigned to improvements instead of new features... /rant over
Removing slashes breaks URLs
Helping my father use his vault I manage for him. He had a website called https://rx.meijer.com/Landing/ and 1password kept get ridding of the trailing / character, and not just when viewing the record, and even after repeatedly editing the entry to confirm the / was there. We'd click the link, and the slash was not included when we opened the website from the 1password entry, breaking the website. Workarounds were using https://rx.meijer.com or https://rx.meiljer.com/Landing/#, but the trailing slash should only be removed if the domain has a slash with no characters after the slash.
Cleaning up old passwords in company account
Hi community, I am looking for experiences with using 1Password in medium-sized companies. We have been using 1Password very reliably for several years now. However, I am still dissatisfied with our processes for cleaning up entries in 1Password. Especially after employees have left the company, password entries remain in various vaults, and it soon becomes unclear whether they are still valid and needed. I would like to have a process for marking such passwords and assigning them to other colleagues. They should then be tasked with checking the password and removing entries that are no longer needed. It would be good if there were a process for this within 1Password so that we don't have to rebuild references to the passwords in other tools. It would also help me if there were a status for passwords that would allow me to see whether not only the password entry can be deleted, but also whether the corresponding online account has already been deleted. (In this process, the Google account would first have to be deactivated, for example, and only then would the associated password be deleted from 1Password.) Are there already options within 1Password for such clean-up processes? How do other companies implement such processes? It is important to me to keep our content in 1Password up to date so that no outdated passwords and accounts are retained for the company. Thank you very much for your tips and experience reports! Thomas
What is 1Password doing to simplify user access for companies using many vaults?
We follow role-based access, like many other companies would for providing the right and lowest amount of access to their users as their role requires. In order to do this with 1Password for appropriate credential sharing, we have to setup many vaults per each of our customers, as well as our own environments/projects. With us currently sitting at around 78 vaults, the UI, search and overall functionality is really starting to show a lack of scalability for the business. Sharing feature is not feasible due to expiration (nor would it be even if expiration wasn't there for the sheer point of manual process this requires) Duplicating passwords makes everything worse as credentials do not sync back to the original item. My questions are, What is 1Password doing about this? Is it something you are currently aware is an issue and working towards a solution? If you are aware, what is the priority? Do you have a timeline for any improvements? As there is no solution, either other companies are in the same boat as me or simply setting up less vaults and accepting the security risk that people get access to credentials not required for their roles.
Disable 1Password Updates
Our organisation has the following best practice security implementations Block running executables in folders writeable to the user (ie. %appdata%) End-users are not local administrators to their device We deploy 1Password for Windows using automation and the application is installed as a machine-level application installed at C:\Program Files\1Password A recent change is that 1Password now prompts the user to complete updating the app, however the user is unable to perform the update as they require administrator privileges. We update 1Password automatically already on a schedule and would like to disable 1Password updates altogether using a central method (ie. registry, scripted, 1Password pushed-policy, etc). How can we disable updates? Thanks.
Admin of multiple vaults vs overall security
My mom and dad have their own computer each. They are elderly and are awful at understanding how to secure their multiple websites access, and installing 1password on their computer and asking them to learn how it works is not an option. So I'm using password caching in their browsers and it works fine. But to create these multiple passwords, I've created two vaults in my family account. I set up myself each items in their vaults and copy/paste the new passwords in their browser cache and they're ready to go. Easy. But here's the security issue I'm facing (and anyone managing multiple vaults): Now there's only one main password (mine) securing ALL vaults (theirs and mine). From wanting to help them secure their computers, I'm becoming the greatest weak point in that security chain. If a hacker eventually figure out my main password, I'm becoming a liability to those other vaults. But beside setting up a super crazy password as the main password, what else can I do to "spread the risks".
