1Password FAQ

Overview

In order to promote proper password hygiene, U of I has adopted the use of the 1Password password manager. While it may seem straightforward to use, there are some practices that help promote a healthy and secure password ecosystem. This article will outline some of the do's and don'ts of password management so that our systems are utilized as they should be.

For instructions to migrate from Lastpass to 1Password Please see the migration kb article.

 

Our URL:

https://uidaho.1password.com

 

---

Table of Questions

• How do I get started?
• I Don't Get a Code When Trying To Log In After Setting Up My Account!
• How do I login?
• If Shared Folders in LastPass are imported by each member of a Shared Folder, will there be duplicate items?
• Can other password managers be used besides 1Password?
• Is there a mobile application that can be used?
• Can personal passwords be stored in 1Password?
• Will I be able to export passwords?
• Can I have a shared access vault automatically provisioned with new accounts in my group?
• How is password sharing managed in 1Password at U of I?
• How do I share password folders?
• How do I specify an exact URL/Password match ?
• How do I import passwords?

---

Have a question you don't see here?

Leave a comment or provide feedback! You can also use the 1Password knowledge base website!

---

Key Features

• Quickly generate secure passwords with "Password Generator" option in the browser extension or when creating a record
  • Customization options for length, complexity, ease of reading, and ease of saying are all options using the "Random Password" selection
• Specify an exact URL/Password match
• Watchtower helps audit duplicate, weak, or vulnerable passwords
• Quick and flexible sharing capabilities

---

How do I get started? Does my department have a 1Password group?

• If you are not already licensed, request to start the process by completing a form for software procurement (https://support.uidaho.edu/TDClient/40/Portal/Requests/ServiceDet?ID=755&SIDs=21).  (You can skip this if you were previously licensed in Lastpass.)
• All 1Password account requests need to be approved by procurement and added as an asset to the ticket in TeamDynamix before an account is created.
• When requesting access please include the following information in the request:
  • 1Password group names you need access to (if applicable),
    • NOTE: The owner of every group you are requesting access to should explicitly state approval for sharing passwords within the TeamDynamix ticket.
• If you are unsure of the exact groups you need access to, that's ok, just request access and it will be determined by your supervisor based on the access you require for your position and role.

---

How do I login?

• Individual users will need to be added to the application. A supervisor should create a ticket to OIT Security in TeamDynamix requesting access to 1Password and which groups the member should be associated with. If the groups are not known, OIT Security will work with the supervisor to ascertain the appropriate groups.

• U of I uses single federated logins to manage access to 1Password. Login through the 1Password browser extension for your specific browser (or use the Desktop application for your operating system).

  • NOTE: If you are initially migrating from LastPass to 1Password, you are required to download and use the desktop application.

• If you have been provisioned for access to the U of I 1Password application, when you enter you NETID as your username, the password field should disappear and you should be able to start the authentication process when prompted through the University of Idaho Single Sign-On process. The password and Duo authentication you use to login to U of I will be used to access 1Password.

• Web logins at https://uidaho.1password.com are not generally recommended at this time but can be achieved in certain browsers after the extension is installed.

• Desktop applications can be downloaded from:

• Windows

  Software Center

  macOS

  Self Service

  Other

  1Password.com Downloads

---

I Don't Get a Code When Trying To Log In After Setting Up My Account!

When setting up your account, you clicked on a link from an email. That link opened your default browser and is considered your "first login". 1Password is now looking for the browser/computer combination which was initiated from the first login and that you are signed into that browser/computer combination. When 1Password is requesting you to "Grant access to your account" it will send a code to the browser/computer combination that was originally logged in (or any other sessions that are currently logged in, if that is the case).

If you don't have access, please send a ticket to OIT Security and request recovery for your account.
 

Continue reading at https://support.1password.com/sso-trusted-device/#step-2-find-your-verification-code for more information about what this issue is and how to work with it.

---

If Shared Folders in LastPass are imported by each member of a Shared Folder, will there be duplicate items?

No, but only if using SSO import from LastPass. When importing Shared Folders from LastPass using SSO import (which converts it into a 1Password Vault), 1Password will have access to your LastPass account and will place a record in each Shared Folder that was imported which will prevent any future SSO importers of that same Shared Folder from creating duplicate entries in that specific 1Password vault (aka LastPass Shared Folder). The record, which will be in every Shared Folder imported using the SSO method, will have a record titled "1Password import lock", which is only added to the LastPass Shared Folder being imported, and will contain pertinent information concerning the import including who imported it, and when.

{
  "id": "1Password import lock",
  "uid": "123456789",
  "username": "JoeVandal@uidaho.edu",
  "version": "0.3.0",
  "when": 1702096558,
  "prettyWhen": "2023-12-09 4:35:58.8913892 +00:00:00",
  "description": "This shared folder was imported into 1Password by an admin.\nRemoving this lock will allow admins of the folder to import this folder again."
}

NOTE: This behavior can only be expected from SSO migration where 1Password has permissions to read & write to the account being imported.
 

---

Can other password managers be used besides 1Password?

• Storing U of I passwords using the default browser storage is expressly prohibited (APM 30.15 B-1.g) and 1Password is currently the authorized password manager for U of I passwords. Password Manager Pro may be authorized but teams requiring its use should check with OIT Security. KeePass is available for use but may be removed at a later date. LastPass access will end December 15th, 2023.

---

Is there a mobile application that can be used?

• After completing your initial account creation and you have successfully logged in:
  • Yes, 1Password can be used with the mobile application.
    • Get the 1Password app from either Google Play Store or ios Appstore
    • Login with uidaho.edu email address only -- you will be prompted for uidaho login credentials on the next screen, as well as Duo authentication.
    • You will be required to setup a PIN to access this application.
      • The PIN needs to be  between 4 and 12 digits in length.

---

Can personal passwords be stored in 1Password?

• A personal 1Password account can be linked to your University of Idaho 1Password account. U of I wants to foster proper password hygiene but there are a few caveats that go along with this:
  • U of I will not have visibility into your personal password vault when it is linked. U of I will only know that a personal account is linked.
  • If your Azure AD account is changed (for instance, if you move to a different department), your personal password vault is unchanged while your University of Idaho 1Password account may be removed/modified.

---

Will I be able to export passwords?

• By default, policy will prevent password exports from occuring. If you require the ability to export U of I passwords for backup or migration, please send a request to oit-security@uidaho.edu.

---

There are some passwords that everyone in my group needs. Can I have a shared access vault automatically provisioned with new accounts in my group?

• Yes. In 1Passwords there are no folders. The structure is based on Collections (multiple vaults), Vaults (multiple secured items), and tags. The group owner can designate a vault that is automatically provisioned for members of manager-designated groups. Contact your supervisor if you don't have the proper vaults in your account.

---

How is password sharing managed in 1Password at U of I?

• Vaults are utilized to share passwords among groups. All passwords being shared must be placed into a vault that has the designated group or individual added as a member.

---

How do I share vaults?

• To share items with one or more people, create a vault by clicking the + in the sidebar. Once created, click
• To edit a vault, right click the vault and choose Edit Vault.

---

How do I specify an exact URL/Password match?

• Sometimes URLs will have multiple records but you may want records per subdomain or path with an exact match:
  • Open and unlock 1Password.
  • Select a Login item and click Edit.
  • Click  next to a website field, then choose a behavior:
    
    • Fill anywhere on this website (default)
    • Only fill on this exact domain
    • Never fill on this website
  • Save the item.
• More information on URL rules can be found at:
  https://support.1password.com/autofill-behavior/
   

---

How do I import passwords?

• Using the Desktop Application (Only supports LastPass, 1Password, or Apple iCloud Keychain):
  • Sign in to 1Password.
  • Select "File" -> "Import" from the menu bar:
    • If importing from LastPass:
      • Open the 1Password desktop application.
      •   Click on "File" in the menu bar, then select "
      •   In the import wizard, "LastPass" should be the default, if it is not then please select it. Enter your email address you are migrating from LastPass and select “Next”.
      • The button will change, and you will see a new button titled “Sign in with SSO”. Select this button.
      •   Your default browser will open to a page that will ask you to confirm your SSO authentication. Select “Continue” to authorize this consent and close the browser window.
        • You may see an error that tells you to check your inbox to “Verify a new device or location” from LastPass.
        • Open your inbox and select “Verify new device or location” from the email.
        •    You will need to go back to your desktop application and start the import again.
          • Close the import window, enter your email, select next, select Sign in with SSO, authorize the pop-up in the new browser window.
      • There should be a “Successfully authenticated with LastPass” message in the import wizard window. Select the “Import” button.
      •   If you have shared folders that will be imported to 1Password vaults, when you hit “Import” in the 1Password Desktop Application, you will be asked if you want to check either of two check boxes (permissions only migration and email name change migration) but you can leave them unchecked and continue. 
      •   Import will finish letting you know how many items were imported. Select “OK”.
      •   You have now successfully completed the migration!
• • Follow the instructions presented to complete the import.
  • Enter the import vendor name (e.g., KeePassXC, CSV, etc.)
  • Sign in to https://uidaho.1password.com/import