1Password customers can now securely share virtually anything in their 1Password vault with anyone – even if the recipient doesn’t use 1Password.
Before I was Chief Product Officer at 1Password, I was a 1Password customer. Back then, I often shared items in my 1Password vault with friends and family who also use 1Password. I shared the Netflix login with my kids, I shared secure notes about doctor’s visits and grocery lists with my wife, and I shared all kinds of things with my colleagues to get our work done securely.
But sharing with anyone who doesn’t use 1Password wasn’t as easy. What if my in-laws came to visit and needed the Wi-Fi password? (They’re not 1Password customers, but rest assured, I’m working on that.) What if I needed to share a login with a contractor for a temporary project at work?
Sure, I could copy those items from my 1Password vault and paste them somewhere: in an email, in a chat message. Or I could screenshot and send it as an image. Of course, doing so dramatically increases the risk that that data will be compromised in a breach.
So we fixed that.
Starting today, you can share virtually anything you have stored in 1Password with anyone.
No more copying and pasting
We call it Psst! (Password secure sharing tool). Here’s how it works.
Let’s say I want to share that Wi-Fi password with my in-laws. All I need to do is open the share menu and select “Share” to generate a link.
By default, the link expires in seven days, but I can also choose to let it expire after 30 days, 14 days, one day, one hour, or after a single person views it. I can also choose to let anyone who has the link view the item, or I can restrict sharing to only the people whose email addresses I enter.
Next, when I select “Get link to share,” I can send that link to my recipient(s) through any channel I choose. I can even share it directly through my operating system’s built-in share menu.
To recap: I select “Share,” set my options, copy the link, and send it along. Simple as that!
How to view a shared 1Password item
When my recipient opens the link in their web browser, they’ll see one of two things. If I’ve allowed anyone to view the link, they’ll be taken directly to a web view of the shared item. If I’ve specified the people I want to share with, they’ll be asked to input their email address. When they do, they’ll receive an email with a one-time verification code.
Once they paste that code into the required field, they’ll see the web view of the shared item exactly as it exists in 1Password. That means that if I’ve added extra fields – notes, security questions, or anything else – to an item containing a username and password, the recipient will also see those fields.
If they’re signed into their own 1Password account, they’ll even have an option to save a copy of the item directly to one of their own vaults. And if they don’t have a 1Password account yet, they can sign up directly from the shared item page.
It’s important to note that when you share an item in 1Password in this way, you’re not sharing the original item itself. Instead, you’re sharing a copy – a snapshot of the item as it existed at the moment it was shared. That means that if you share a password with a contractor, the contractor can only view the item as it existed when you shared it. If you change the password after you share it, the contractor will not see the updated item, only the original copy.
Complete visibility for admins
We know that when it comes to security, visibility is critical. So when your team shares a 1Password item with an external contractor, or when Marketing shares a login with Finance, you get the same visibility into those shared items that you get with anything else that happens inside 1Password.
When you open the Activity Log as an admin or owner, you’ll see shared items alongside all other account activity. When you open the Sharing Details section for an individual shared item, you’ll see:
- The name of the shared item
- Who shared the item (along with their IP address)
- The date and time the item was shared
- When the shared link expires
- The email addresses of each recipient (if shared with specific people)
- How many times each recipient viewed the shared item (if shared with specific people)
- The IP addresses of the recipients who viewed the item
As always, admins and owners are in complete control.
Making the secure thing to do the easy thing to do
Why does all this matter? Why build the option to securely share a 1Password item with anyone? There are two answers to that question.
First: because you asked for it. We’ve been busy knocking out long-requested features this year, and this is one of them. Not everyone in the world uses 1Password (we’re working on that too!), so Psst! simply ensures that you can safely share items in your 1Password vault with anyone, whether they’re a customer or not.
Second: People are going to use channels like email, spreadsheets, and chat to share sensitive info. They already are.
We know that at home and at work, people are sharing secrets like passwords and API keys through insecure methods. 76 percent of families reported sharing passwords insecurely by writing them down or sharing them in a chat or spreadsheet, for example.
At work, the problem is compounded by the vast amounts of data at stake, but insecure sharing remains common. According to 1Password research, 48% of companies use a shared document or spreadsheet to store and manage enterprise secrets. 59% of workers share secrets over email. 81% of IT and DevOps workers (VP and above) reuse secrets between projects.
So if we’re already using those channels to share sensitive items, let’s make it secure to do so. Let’s make the easy thing to do the secure thing to do.