Couples break up, friends fight, and roommates move apart. These are unfortunate and emotional realities of modern life. During these periods of transition, there may come a time you want to separate and secure what’s yours — that includes your 1Password information.
Segregating and protecting your digital property can be a daunting task when you have hundreds (or even thousands) of items in 1Password. And that task can become especially discouraging when you share the bulk of those items with the person or people with whom you’re cutting ties. But it’s a critical step. Your passwords and other private information are incredibly valuable and should be shared only with people you trust.
Think of your home and personal belongings. If you no longer trust someone you live with, you’d likely take away their key and change the locks pretty quickly. Given what’s stored in 1Password, It’s logical to treat it the same way.
Here are a number of steps you can take to keep your 1Password secrets safe1 when a relationship ends.
Preparation
Pause and assess
Take a few minutes to assess the situation, your information, and what you need to accomplish.
If the relationship is amicable, you may not want to cut off one another off entirely. Imagine your friend and roommate is moving out to start a life with their partner. You’re still on good terms, and happy to continue sharing low-risk logins for a couple of streaming services and a digital news subscription. In this case, take some time to go through 1Password and evaluate each shared vault and item. Think about the importance of the vault or item and whether you still trust the other person to look after it.
If relations are more hostile, swiftly securing your information and access is likely a priority to prevent any harmful actions the other person might take with your information. That may mean moving quickly and taking steps the other person might not agree with, so it’s important to determine your objectives first.
Separation
Now that you know what you want to accomplish, there are three steps you can take.
Evaluate elevated permissions
If the other person has extensive 1Password permissions, you may want to think about changing their elevated level of access. This can prevent disaster in the most extreme situations. For example, Family Organizers can change anything about a 1Password account, including your permissions and access. For example, if you’re parting ways with someone who has (or may have) malicious intentions, they can use their Family Organizer permissions to remove you from the account - or delete the entire account - without your consent.
Consider changing your accountmate’s role to Family Member if they no longer need, (or can no longer be trusted with), administrative permissions. As a Family Member, they’ll maintain access to any shared vaults (and items), but you can audit shared vaults and decide if they should remain shared.
Move information
If the situation allows, let the other person move their private 1Password information to a new account. Keep in mind they can choose to move or copy shared information, too. You can also export your 1Password vault information to an unencrypted (plain-text) file to import to a new account at a later time.
If you previously audited and removed permissions and access to shared vaults, and later realize your fellow account member needs a select few items, you can share them securely.
Remove their membership
If you share 1Password Families, you’ll want to remove the other person as a member of the family after they’ve transferred or exported their information.
Prevention
There are also things you can do at any time (not only when parting ways with your accountmate) to secure your 1Password information. These steps make it easier to divide the account if you encounter a situation that requires it.
The right membership
Make sure you have the right 1Password membership for your situation so you have appropriate control of your vaults and information. If you don’t plan to share anything, use an Individual account. If you’re sharing within a family or with friends, use 1Password Families. If you’re in any kind of business arrangement, use 1Password Teams or Business.
It’s important you feel comfortable granting permissions within your 1Password account — because that’s just what it is: yours. The need to add a second Family Organizer has decreased with the advent of recovery codes, so it’s perfectly okay if you’re not comfortable giving someone else elevated access. It’s possible an Individual account might be a better option. Either way, you should always feel comfortable adjusting permissions within your account to suit your circumstances, and know these decisions may change over time.
Keep your account details secret
Everyone within a shared account should use their own email address to access 1Password, and keep their account password and Secret Key to themselves. You essentially give away the key to your vault when you share your login details.
Similarly, sharing an Individual account with a partner or using 1Password Families with a single email address, Secret Key, and account password means there’s no separation of data nor any privacy if the relationship ends. If your partner or family member uses the same login details, they have the same level of access and can change your account password to lock you out.
Use strong passwords
Avoid using passwords that are short or easily guessable. Someone who knows you may be able to guess your password (or answer to your security question) to impersonate you. If you adore your dog, Spike, for example, and default to using the password SpiKe456 everywhere, it’s easy for the other person to access any and all accounts that use that password.
Instead, use 1Password to generate strong, random passwords. Hundreds of different passwords that look like nhHS9s87fdHhs(*F are much more difficult to memorize or guess. This will help reduce the risk of someone signing in to an app, website, or other service with your identity if you ever part ways.
Other steps to take
After you’ve successfully divided your account, there are a few more steps you can take depending on your individual situation.
Change shared items
Use the password generator to change previously shared passwords that belong to you and may have been copied by (or known to) your former accountmate. Changing a formerly shared password to something strong and unique will make it unlikely that anyone – a hacker or the person who used to share the account – can figure them out.
Go through this process at a pace that works for you. If you have thousands of items, it might take some time. But consider prioritizing critical services that may have been shared at some point like online banking, personal email accounts, and personal Apple/Google accounts. Custom tags and Last Modified dates can help you track changes as you go.
Take extra precautions if necessary
If you’ve shared a copy of your Emergency Kit –- or the location of it –- with the other person as a safety precaution or as part of your digital estate planning, secure your account by changing your account password and Secret Key. Learn how to choose a good 1Password account password.
If your 1Password account is registered to a shared email address, you can change the email address so only you have control over your 1Password account.
Take a moment to think about your devices. In especially vengeful situations, there may be a small chance the other person has tampered with them or installed spyware/malware. If you suspect anything, don’t use 1Password on that device. Review the iCloud Personal Safety guide if you have a Mac, iPhone, iPad, or other Apple hardware. If you have an Android device, the Google Security Checkup guide can help. Microsoft also has guidance for keeping your account safe and secure for Windows users.
Take care
At 1Password, we understand conflicts arise between family members, friends, and colleagues. We see these matters as social/personal rather than something that can be addressed technologically.
When we think of digital security, we often think of protecting our personal information from faceless, nameless hackers. It can be incredibly difficult to find yourself securing your data (and yourself) from someone you cared about at one time, especially in an already tumultuous and emotionally charged situation.
It may be important to act quickly and decisively, but it’s much more important to remember you’re human. The fact that you’re thinking of how to address such a situation is a big win — you’re taking action. Go at your own pace. If you miss something or don’t stick to a predefined timeline, be kind to yourself and always take care of what matters most.
With contributions from Scott Swezey
If you are in danger, please get help immediately by calling the police or other local first responders. ↩︎
Megan Barker
Security Scribbler
Tweet about this post