1Password launches public beta for teams

The long-time developer of password-vault software adds a group option with centralized administration.

Agilebits, makers of 1Password, recommends robust password selection and protection. Thus, it stuck in its craw, says Jeff Shiner, the company’s chief, that its business users had no simple and secure way to share collectively used passwords or secrets to which one user might need to grant access to others on occasion or when unavailable. 1Password for Teams is a result of chewing on that problem and talking to its existing customers. It’s been quietly in the works for nearly two years, and entered a public beta on Tuesday.

1password teams password entry

Teams gain access to account information useful for a group of people.

Unlike the sort-of competing LastPass Enterprise, which is an integrated enterprise-scale product designed to integrate with existing corporate directory systems and act as a drop-in solution for shared password management, 1Password is more precisely a maturation and substantial extension of the desktop and mobile software already in place. In fact, those apps will be updated to work with the new subscription-based service without any outward change to individual users. (Shiner says Teams code has been quietly hidden in native client releases for a long time.)

In this first pass, it’s aimed more at companies that already use 1Password and want sophisticated sharing options. Over time, Shiner says the company intends to expand to meet more enterprise-oriented needs, such as Active Directory and LDAP connections.

1Password for Teams remains structured around vaults, just as with the personal product. But new to this edition, vaults for teams will be stored centrally on Agilebits’ servers, which will act as the synchronization point for members through a custom team URL, much like Slack. A web-based administrative tool allows finely grained access controls. Teams can create many vaults, and users are then assigned to them, while each user can have restrictions about whether they can add, delete, or modify entries. Guests can be granted access as well.

1password teams permissions

Each user with access to a vault can have permissions refined to a very fine degree.

Administrators can also set up “blind” access for users, so that they are unable to view passwords, but must use browser plug-ins on the desktop or 1Password’s iOS extension to fill in web logins and forms. Because the password fills directly into the web form, this approach doesn’t provide full protection—a browser with the right plug-ins can reveal hidden fields. But for casual users and typical usages, it sends a signal about password ownership and permission.

Access to a vault can be suspended on a per-user basis, which immediately disables access in the 1Password native clients. And a user who tries to work around this by going offline will confront a “lease timeout,” which will ultimately be a value that an administrator can set so that after a given period of being offline, vaults become unavailable.

Agilebits never handles unencrypted vault passwords or users’ master passwords. Rather, it shunts encrypted items around and decrypts either via scripts in its Teams website or in native clients. Teams support is initially available for OS X and iOS, and requires Chrome, Firefox, or Opera due to missing security support in Safari. The company uses public-key cryptography behind the scenes to allow multiple users’ access to the same vaults without the users requiring or having access to the vaults’ actual encryption keys. Native clients add vault access through an Account Key, displayed as text and as a QR Code which clients can scan—in OS X, a “scanning window” can be dragged from the native app over the 2D code in a browser.

1Password for Teams also has a unique twist on recovering lost access to vaults. With the individual product, losing the master password means all data in a vault is lost forever. With the Teams approach, Shiner says, that wouldn’t be acceptable for a company. So in Teams, it’s possible to create recovery groups who can give users back access to a lost vault, even if members of the recovery group lack access to the contents of the vault. Again, this is done without Agilebits having any knowledge of the passwords and keys.

During beta testing, which Shiner says he expects to last at least until the end of 2015, and likely into the first quarter of 2016, 1Password for Teams will be free. After the product goes into full release, it will cost $5 per month per user per team. Requests to join the public beta have to be approved, but Agilebits says it’s throttling rather than filtering: It wants to make sure they keep up with demand.

Join the CSO newsletter!

Error: Please check your email address.

Tags passwords

More about QR

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Glenn Fleishman

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts