How do we use 1Password?

Idea Grove uses 1Password to manage passwords for ourselves and our clients.

We use 1Password to manage the accounts we share as an agency. The benefits include:

  • Store documents securely. A potent cocktail of AES-256 encryption and PBKDF2 key derivation ensures that no one but us can our data.
  • Stay safe crossing borders with the extra protection of Travel Mode.
  • Benefit from multi-factor security with a master password, a secret key and two-factor authentication.
  • Runs on Amazon Web Services, the largest and most secure infrastructure provider on the planet. Alongside great scalability and high availability, AWS also enables us to use KMS Hardware Encryption to further harden the SRP Verifier.
  • First and only password manager to use WebCrypto, providing direct access to the system’s secure random number generator, making truly secure cryptography possible in the browser for the first time. WebCrypto is over 10x faster than traditional crypto libraries, so we don’t have to wait to get first-class security.
  • Unlock 1Password on your mobile device with your fingerprint or a PIN code.
mpandaccountkey.858c44aa368a4185b446da82c389aa07

Our favorite security feature is Watchtower. Watchtower tells you about password breaches and other security problems on the websites you have saved in 1Password. They continually update Watchtower as security breaches are reported, so we can change our passwords right away.

watchtower-mac

We also like 1Password because it is very user-friendly and has a Chrome extension, a Mac desktop app, and a Android and iPhone app.

Here are some instructions for Admins to add or remove people: https://support.1password.com/add-remove-team-members/

  1. Go to https://my.1password.com/invitations
  2. Click the round, blue plus sign on the left of the screen
  3. Add an email address
  4. Select their role (Team member or guest)
  5. Click Invite
  6. In the same screen, you will see a green list of pending approvals. Click Confirm to finalize people’s sign up.

Here are some instructions on how to setup 1Password for Team Members and Guests:

Team Members (IG leadership and admins):

Team Members can be added to multiple vaults and can have a private vault, as well.

  1. You will get an invitation via email. Click on the CTA.
null

2. Input your name and last name.

null

3. Create a Master Password (this password is your own, no one will have it).

null

4. Log in.

null

5. Download your secret key (You will need it to sign in to your vaults from your phone and in case you lose your very own master password. Save the PDF in a safe place).

Screen Shot 2018-09-29 at 7.32.47 PM

6. You will see this screen. Wait for an administrator to approve you and add you to the Shared Vault.

Screen Shot 2018-09-29 at 7.33.28 PM

7. Download the 1Password app for Mac and the Chrome extension.

8. You will receive an email like this as a reminder to download the app and Chrome extension:

null

Guest Accounts (IG employees):

Guests can only be invited to ONE vault and cannot have private vaults.

Steps 1 to 5 above apply.

6. You will see this screen. Wait for an administrator to approve you and add you to the Shared Vault.

Screen Shot 2018-09-29 at 7.35.11 PM

7. Download the 1Password app for Mac and the Chrome extension.

Recovery

If you forget your master password or emergency kit:

  1. An administrator has to initiate the Recovery Mode: Select the user, click Actions, click Begin Recovery.
null

null

2. The user should receive the following email:

Screen Shot 2018-09-29 at 7.36.52 PM

3. The user should click Recover my Account. Then it will take him through a process similar to the sign-up process (explained above in this document). The user should be able to pick a new Master Password and download a new Emergency Kit.

4. When the user goes through the recovery process, an admin will get the email below and see the following screen when signing up to 1Password. Click Complete Recovery.

null

Screen Shot 2018-09-29 at 7.37.57 PM

5. The user should be able to login with their new Master Password and Emergency Key.