Is it secret? Is it safe? - Gandalf

1Password is available for all team members.

Any passwords created for accounts linked to the user's email address (E.G. [email protected]) should be stored in the user's personal vault.

Any passwords created for a global account (E.G. [email protected]) should be stored in the shared logins vault.

Passwords related to specific clients should be stored in that client's vault. All internal users have access to all vaults (review is team size increases - master accounts might need to be admin only). External partners who might need access to multiple services are invited to 1Password as guests and have access only to the vaults that concern them.

Preferences for setting up accounts and passwords:

1. Any member of the team creates an account with their individual @tobedefined.studio email address and invites at least one other user to the account as an owner/super admin. Passwords are stored in the user's personal vaults. This is only possible if the service supports multi-users and multiple owners. This allows for easy user management and 2FA.
2. A master account is created using [email protected] which then invites other users to access the service. Users use their individual emails to log into the account. The password for this account is stored in a shared logins vault. Master account MUST have 2FA enabled for anything that allows it. 2FA should be configured using 1Password TOTP.
3. A single account is created using [email protected]. All users use this to log into the service. The password for this account is stored in a shared logins vault. Master account MUST have 2FA enabled for anything that allows it. 2FA should be configured using 1Password TOTP.