1Password is a password manager. Ideally you memorize one strong password - hence the name - and let 1Password generate and manage strong, unique passwords for every site for which you have a login.
Following this guide, it will be helpful to understand a few terms we'll be using throughout.
App: A native 1Password application (OSX, iOS, Windows, Android).
Extension: A web browser extension/plugin that communicates with the App to provide access to your passwords securely without leaving the browser.
Vault: What 1Password calls any grouping of secure data, such as logins or secure notes. Sometimes called a "keychain".
1Password can be used in two different ways - as a standalone application (by purchasing a standalone license) or as a hosted service (by subscribing). [INSERT YOUR COMPANY'S NAME HERE] uses 1Passwords for Teams which is a hosted service.
If you want to use 1Password for your private passwords not related to your work at [INSERT YOUR COMPANY'S NAME HERE], there are a few options.
1Password for Teams
1Password for Teams stores all Vaults on the 1Password servers and allows for sharing between multiple people on the same team.
Everyone at [INSERT YOUR COMPANY'S NAME HERE] should already be signed up for our Teams account. This gives you access to the web interface, allowing you to view the Vaults we've configured and given you access to.
In addition to the shared Team vault, each member of the team has a vault called Personal which only you can see, and allows you to store personal credentials within our team's account. See the Google sheet titled "1Password Shared Folders" in Google Drive to see a listing of the available vaults and which groups or individuals have access to them. If you need access to a vault beyond the access that your onboarding process already gave you, please make a comment in the sheet and ping one of the 1Password admins in the comment. A listing of the 1Password admins can be found in a secure note in the Team vault in 1Password.
To really get the full benefit of 1Password, you'll need to hook our Teams account up to one of the native apps.
Adding the [INSERT YOUR COMPANY'S NAME HERE] Team to a 1Password app
This guide will cover setting up the OSX app. It's their lead platform and is the most up-to-date. These instructions may or may not work for the Windows version.
Download and install the 1Password OSX app.
Launch the app.
Click "Sign in to your 1Password account" button. If there is no such button please follow the instructions for updating 1Password.
Now you'll need the Emergency Kit PDF that 1Password told you to save when you registered your Teams account. Note: Store the Emergency Kit safely. Store a copy of the Emergency Kit on a USB flash drive or print a copy and store it in a vault at home or safe deposit box — somewhere not online or accessible by anyone other than yourself.
If you saved it as a digital PDF file:
Open the PDF file
Click Scan QR Code
Drag the scanner window over the QR code on the PDF sheet
If you printed the PDF:
Click Sign In Manually
For Team URL enter [INSERT YOUR COMPANY'S NAME HERE].1password.com
For Account Key enter the Account Key from your Emergency Kit
For Master Password enter the password to your Teams account (not the password you created above when you chose "I'm a new user")
After the Team is added, you should see some notifications about vaults being added to 1Password. By default you'll have Team and Personal, and may have access to others.
Updating 1Password to support the Teams feature
Read this section only if you could not follow the instructions in "Adding the [INSERT YOUR COMPANY'S NAME HERE] Team to a 1Password app" section.
At the prompt, choose "I'm a new user". Note: This is one source of confusion. "I created my Teams account, I'm not new!" Just go with it.
Enter a master password, confirmation, and hint. This can (and should) be different from the password you used for our Teams account. This password gates access to your local, private Vault on your computer and/or phone.
Skip over the remaining dialogs (syncing, newsletter, etc.)
You should now have an empty vault called Primary.
Because the Teams feature is not available in your current version of 1Password, we need to update the app to the latest version:
Go to Preferences
Go to Updates
Click Check Now
Install the update and relaunch
After relaunch, go to Preferences again
Go to Accounts
Click the + icon
Click the Vault Selector in the upper-left corner of the window:
Team is a vault that everyone on the [INSERT YOUR COMPANY'S NAME HERE] Teams account has access to, both read and write.
Personal is your hosted, private vault that is part of the [INSERT YOUR COMPANY'S NAME HERE] 1Password for Teams account. Since the Personal vault is part of the [INSERT YOUR COMPANY'S NAME HERE] Teams account, it should be thought of as company property (like the @[INSERT YOUR COMPANY'S NAME HERE].com email account), however the vault can not be viewed by anyone else on the team, including admins. If you choose to store truly personal information in the Personal vault, it opens up the possibility that you would be separated from this information if you offboard. Such truly personal information is therefore better to store in your Primary vault, which is associated with you instead of with the [INSERT YOUR COMPANY'S NAME HERE] Teams account, assuming that you added an individual account.
Go to Browser extensions and install the extension for whatever browser you're using. You should not need a beta version here.
With the extension installed, you should be able to go to a site that has credentials stored in our Team vault and log in:
If you don't see the site listed in the results window, make sure you're using the correct vault:
When 1Password detects a login form submission, it may ask if you want to save the login with a dialog like this:
If you do want to save it, make sure the appropriate Vault is selected first.
Several accounts and unlocking the app
Please refer to 1Password FAQ.
If you are planning to use both the [INSERT YOUR COMPANY'S NAME HERE] team account and a separate individual account you should first add your separate individual account to the app first (Preferences > Accounts). By doing this you will be able to unlock the 1Password app using the Master Password of the individual account.
If you were using 1Password before joining [INSERT YOUR COMPANY'S NAME HERE], and you receive a prompt titled Migrate To Account, choose I'll move later. There is no harm in doing this, and it is easy to move items between vaults.
1Password for your private passwords
You are encouraged to use 1Password for your private passwords, not related to your work at [INSERT YOUR COMPANY'S NAME HERE]. This makes it less likely for a security breach to occur. You can purchase a standalone license or start an individual subscription. While under the [INSERT YOUR COMPANY'S NAME HERE] team subscription, it is also possible to create and use a 'Personal' vault (same features of a standalone license, without the cost, but you will lose access if you go through offboarding).
Please bear in mind that if you decide to purchase a standalone license or create a personal local vault, your data is stored only in a local folder on your computer. You can optionally sync this folder to Dropbox or iCloud (if you are using a Mac/iOS) to make it available on your phone's 1Password app, or on another computer.
Signing up for a subscription seems to be the solution now recommended by AgileBits (the company behind 1Password).
To create a personal local vault:
Go to Preferences
Go to Advanced
Under Local Vaults, check Allow creation of vaults outside of 1Password accounts
Enter your Master Password
A new local vault (Primary) is created outside the [INSERT YOUR COMPANY'S NAME HERE] team account
If you want to setup sync for your new local vault, go to Preferences > Sync
Two Factor Authentication and Time-based One Time Passwords
There are several ways to get your Two Factor Authentication (2FA) codes. You can get them sent via SMS or use an app like Google Authenticator to generate them. 1Password provides an alternative solution that does not require using your smartphone: 1Password Time-based One Time Passwords (TOTP). 2FA codes are displayed directly in the 1Password app running on your laptop (note: this can not be setup via 1password browser extension or 1password web app).
To enable TOTP for a saved account:
Open 1Password app
Go to the item for which you want to set up TOTP
Click Edit in the bottom right corner
Click 3 dots icon
Select One-Time Password
Click QR code icon that appeared
Scan QR code using the transparent window
2FA code should be displayed now
Please refer to demo video 1password TOPT setup
Please refer to the 1Password blog for more information on how TOTP works.
If scanning the QR code using the "transparent window" with the 1Password Mac app fails on a recent Mac OS, please consider using the 1Password iOS app instead. This can the same, and supports Touch ID to login.
This is an example of how Robert, one of our developers, uses 1Password:
Once you fully commit to using 1Password to manage all of your security information, it really does make life easier.
I memorize one strong password and let the app generate everything else. Every site I use has a unique password that I can't compromise because I don't even know it, and a hacked site can't compromise it because the password is never re-used on another site.
I store my shipping and credit card info in 1Password and use the browser extension to quickly fill out shipping and billing information on shopping sites.
I store my passport data, along with a digital scan, in 1Password; drivers license info and scan; insurance info; software license keys; any important information that needs to be secure but still easily accessible when I need it, from anywhere. I sync my personal vault to my personal Dropbox so it's available on my phone, tablet, laptop, and desktop.
Even my 1Password for Teams account information is stored in my personal Primary vault, with the Emergency Kit PDF as a secure attachment:
I have no idea what the password is. I've never actually typed it. And that's the idea.
Traveling with 1Password
When traveling with a device that has access to the [INSERT YOUR COMPANY'S NAME HERE] 1Password vaults, be sure to enable Travel Mode in 1Password. Travel Mode removes copies of any 1Password vaults that are not tagged as "safe for travel" from your mobile devices. None of the [INSERT YOUR COMPANY'S NAME HERE] team vaults are marked as safe for travel so you will need to either create a dedicated travel vault or mark your personal vault as safe for travel.
Once you have enabled Travel Mode open 1Password on each device you will be taking with you so that it can sync with 1Password.com and remove any vaults that cannot be used while traveling.
For more information on Travel Mode and how it works, see the AgileBits blog.