This is a staging forum for AgileBits, not an official support forum. Visit http://discussions.agilebits.com instead.

Feature Request: Shared Passwords

ziger
ziger Junior Member
edited August 2010 in Mac
<div class="IPBDescription">Sharing passwords between accounts</div>Okay, I have 1pass for the whole family, and that is great... But I have two situations where I would like a better way:



The first is some way to share key information with my wife. Particularly financially related websites. We only have one login to our bank account, and we both need to be able to access it. Right now, if I get hit by a bus, my wife logs in via my account on the mac, waits for dropbox to update, and then goes and does things as me. When and if I get released from hospital, there will be a whole host of things I'll have to answer for (who are these pictures of? Why do you have software I don't? I tried to use xxx and it isn't working. What is it?) <img src='http://forum.agile.ws/public/style_emoticons/<#EMO_DIR#>/skype_smile.png' class='bbc_emoticon' alt=':-)' />



I would much prefer a way to set up a shared sync folder that my wife can get updates from. Something that either leverages the local network, or my server to pass the data to my account - or better, a shared dropbox folder. We do some stuff by e-mail right now, but that gets complicated - either we miss the timing, or I forget to e-mail an account I changed a password to, or the like...



The second would be to have a back door to other accounts - either my wife's or my kids... or to have them autosync as above.



Zig

Comments

  • This feature would be great. I work on a team that manages hundreds of passwords. We have not be able to find a good way to "share" passwords. It would be great if we could have multiple agile keychains. This way, we could "sync" one keychain with dropbox, and have another we could keep on our local machine for passwords specific to us.



    Does anyone know if there are any plans to add support or a feature to manage "shared" passwords?
  • [quote name='Devin' timestamp='1281664714' post='8562']

    This feature would be great. I work on a team that manages hundreds of passwords. We have not be able to find a good way to "share" passwords. It would be great if we could have multiple agile keychains. This way, we could "sync" one keychain with dropbox, and have another we could keep on our local machine for passwords specific to us.



    Does anyone know if there are any plans to add support or a feature to manage "shared" passwords?

    [/quote]



    I agree that this would be a great feature to share passwords with co-workers or family members. In fact I'm trying to find a simple way to do this currently with my wife. We share some accounts logins and we have some accounts that we keep private -- hey, everyone needs some privacy. Maybe we could simply divide passwords into "public/private" or "shared/non-shared".
  • Carl
    Carl Just Me
    [quote name='ratdogdsgn' timestamp='1282683120' post='9741']

    I agree that this would be a great feature to share passwords with co-workers or family members. In fact I'm trying to find a simple way to do this currently with my wife. We share some accounts logins and we have some accounts that we keep private -- hey, everyone needs some privacy. Maybe we could simply divide passwords into "public/private" or "shared/non-shared".

    [/quote]



    In order to deal with the administration required by workgroups/corps/etc. a special 1P Enterprise version would have to be created which would add all the necessary features to accommodate this.



    However, imo, what I refer to as "Profiles" would be relatively easy to add.



    Basically, you have a profile manager which allows you to assign a name and point to a different keychain. In the browser (and within the app), you could then use a menu to change the current profile to something else which basically loads another keychain (requiring you to have the master pw for it (and enter it)) and allows you to use it. This is how it would work in its simplest form. If you want to allow multiple profiles to be open at once then it gets a little more complicated. For example, when adding a new entry, which profile (keychain) does the item get added to? Definitely solutions to that issue but a bit more involved than simply having the means to switch between keychains ("Profiles") easily.
  • I really like the idea of the "profile" solution. It would be nice if the 2 (or more) keychains were integrated into one listing, however, switching to a shared keychain "profile" would be awesome and I'm sure we'd be happy to pay for an update to an enterprise version.



    If our team could create a shared keychain on dropbox and then each member could add an additional profile, this should solve our issue of managing and knowing continually changing shared passwords.
  • Carl
    Carl Just Me
    [quote name='Devin' timestamp='1282745827' post='9809']

    I really like the idea of the "profile" solution. It would be nice if the 2 (or more) keychains were integrated into one listing, however, switching to a shared keychain "profile" would be awesome and I'm sure we'd be happy to pay for an update to an enterprise version.



    If our team could create a shared keychain on dropbox and then each member could add an additional profile, this should solve our issue of managing and knowing continually changing shared passwords.

    [/quote]



    Well an Enterprise version would need more than just that. For example:



    1. Users would want their own separate logins, etc. outside of the corporate ones. These obviously wouldn't be shared across the workgroup.



    2. In corporate, there would be an administrator that has full access to the corporate entries while the users would only be able read them. This prevents users from modifying/deleting entries.



    3. The Admin may want to create sub-sets/super-sets depending on which function/group the user is in. For example, the accounting team does not need the logins the technical team uses. This further introduces the issue of ACLs for groups etc.



    4. Workgroups would want a way to share entries either with other or back up to the admin for inclusion in the read-only.



    I am sure there are a couple of other scenarios that need to be dealt with as well.
  • Well, I'm not sure if there's an enterprise version in the works, but since I work in a small team, we'd be more than happy if profiles were added as a feature to the regular version. All those features seem nice in terms of an enterprise version, but are way overkill for our current needs.
  • benfdc
    benfdc Perspective Giving Member
    One solution would be to create a new OS X user account to which both you and your spouse have the log-in password. Keep "shared secrets" in that account's 1P keychain.



    Alternatively, use a non-1P solution for your shared secrets. An OS X-specific solution would be to keep one or more files in an encrypted dmg image stashed in a folder shared via OS X or Dropbox. If you need a cross-platform solution, there's always Truecrypt or a cross-platform secure wallet like KeePassX. If you're not worried about someone standing behind you looking at your screen, the simplest solution would be a password-protected OpenOffice / NeoOffice spreadsheet--ODF document encryption is pretty solid.



    Using something other than 1P for shared secrets has the advantage of reducing the chance of confusion over whether you are using your shared or your personal 1P keychain.
  • I'm another one that really wants this capability, and there are others I've found in the forums ([url="http://forum.agile.ws/index.php?/topic/1482-multiple-keychain-files/"]MultipleProfiles[/url]).



    I think the concern of accidentally placing new information into the wrong profile is easily handled with 2 options=1-checkbox :

    1) Always ASK which Profile to place new information in (if you HAVE multiple profiles).

    2) Don't ASK which Profile to place new information in = always place in my DEFAULT-profile (can be moved to another later)



    When Browsing, I would like to be able to switch between Profiles, but if it's enabled, I think it would need to have some visual-clue as to which Profile you are using. Maybe a change to the 1P button (like iPhone-badge#s), or even a small banner-like-thingy at the top of any pages that are not using your default-Profile - maybe something like the banner-thingy when Safari asks if you want to save a new password?



    Maybe, even tie the ideas of Profiles with Identities? I think the concepts are very similar, and all that it would need to meet the needs of both is to add the ability to tie a key-chain to an identity. Identities already have a limited idea of unique-information per identity (Yahoo/MSN/etc)... Maybe have a little padlock-badge by the identities that have additional-keychains, instead of a whole other column for profiles (like is mocked-up in the other forum page I linked above). That may imply that you have a default-Identity that is associated with your main keychain - I'm not sure...