Overview
In order to promote proper password hygiene, U of I has adopted the use of the 1Password password manager. While it may seem straightforward to use, there are some practices that help promote a healthy and secure password ecosystem. This article will outline some of the do's and don'ts of password management so that our systems are utilized as they should be.
1Password is a robust password manager and is not like other password managers in how it requires you to login. To avoid recovery situations with your 1Password account, it is strongly advised to go through the steps to add the 1Password account to a secondary device (either a mobile device or the desktop app on your work computer). Using the web application or browser extension alone has been known to cause problems because it relies on cookies which can get deleted.
Our URL:
Table of Questions
Have a question you don't see here?
Leave a comment or provide feedback! You can also use the 1Password knowledge base website!
Key Features
How do I get started? Does my department have a 1Password group?
- If you are not already licensed, request to start the process by completing a form for software procurement (https://support.uidaho.edu/TDClient/40/Portal/Requests/ServiceDet?ID=755&SIDs=21).
- All 1Password account requests need to be approved by procurement and added as an asset to the ticket in TeamDynamix before an account is created.
- When requesting access please include the following information in the request:
- 1Password group names you need access to (if applicable),
- NOTE: The owner of every group you are requesting access to should explicitly state approval for sharing passwords within the TeamDynamix ticket.
- If you are unsure of the exact groups you need access to, that's ok, just request access to the app and your supervisor can make the determination based on the access you require for your position and role.
How do I login?
-
Individual users will need to be added to the application. A supervisor should create a ticket to OIT Security in TeamDynamix requesting access to 1Password and which groups the member should be associated with. If the groups are not known, OIT Security will work with the supervisor to ascertain the appropriate groups.
-
U of I uses federated logins to manage access to 1Password. Login through the 1Password browser extension for your specific browser (or use the Desktop application for your operating system).
-
If you have been provisioned for access to the U of I 1Password application, when you enter your NETID as your username, the password field should disappear and you should be able to start the authentication process when prompted through the University of Idaho Single Sign-On process. The password and Duo authentication you use to login to U of I will be used to access 1Password.
-
Web logins at https://uidaho.1password.com are not generally recommended at this time but can be achieved in certain browsers after the extension is installed.
-
Desktop applications can be downloaded from:
-
I Didn't Get a Code When Trying To Log In After Setting Up My Account!
When setting up your account, you clicked on a link from an email. That link opened your default browser and is considered your "first login". 1Password is now looking for the browser/computer combination which was initiated from the first login and that you are signed into that same browser/computer combination. When 1Password is requesting you to "Grant access to your account" it will send a code to the browser/computer combination that was originally logged in (or any other sessions that are currently logged in like your desktop application, if that is the case).
If you don't have access, please send a ticket to OIT Security and request recovery for your account.
Continue reading at https://support.1password.com/sso-trusted-device/#step-2-find-your-verification-code for more information about what this issue is and how to work with it.
Can other password managers be used besides 1Password?
- Storing U of I passwords using the default browser storage is expressly prohibited (APM 30.15 B-1.g) and 1Password is currently the authorized password manager for U of I passwords. Password Manager Pro may be authorized but teams requiring its use should check with OIT Security. KeePass is available for use but may be removed at a later date. LastPass access ended December 15th, 2023.
Is there a mobile application that can be used?
- After completing your initial account creation and you have successfully logged in:
- Yes, 1Password can be used with the mobile application.
- Get the 1Password app from either Google Play Store or ios Appstore
- Login with uidaho.edu email address only -- you will be prompted for uidaho login credentials on the next screen, as well as Duo authentication.
- You will be required to setup a PIN to access this application.
- The PIN needs to be between 4 and 12 digits in length.
Can personal passwords be stored in 1Password?
You should avoid storing personal passwords in your work 1Password account, HOWEVER...
- You can create a separate Family/Personal 1Password account free due to OIT being a 1Password customer!!
- Login to your 1Password account at https://uidaho.1password.com/profile (if you get to your regular dashboard, navigate to your profile page by clicking your Name in the top right and going to "My Profile" in the dropdown)
- If you are in your web vault, click the top left 1Password logo, then select Manage Account. This will take you to your Profile Page.
- Once there, there should be a Family Account Link Account.
- Follow instructions on-screen to activate your account.
- A personal 1Password account can be created that is separate from your University of Idaho 1Password account. U of I wants to foster proper password hygiene but there are a few caveats that go along with this:
- U of I will NOT have visibility into your personal password vault when it is linked. U of I will only know that a personal account is created.
- If your Azure AD account is changed (for instance, if you move to a different department), your personal password vault is unchanged while your University of Idaho 1Password account may be removed/modified.
- You can link your account in the apps so you have access to both accounts.
Will I be able to export passwords?
- By default, policy will prevent password exports from occuring. If you require the ability to export U of I passwords for backup or migration, please send a request to oit-security@uidaho.edu.
There are some passwords that everyone in my group needs. Can I have a shared access vault automatically provisioned with new accounts in my group?
- Yes. In 1Passwords there are no folders. The structure is based on Collections (multiple vaults), Vaults (multiple secured items), and tags. The group owner can designate a vault that is automatically provisioned for members of manager-designated groups. Contact your supervisor if you don't have the proper vaults in your account.
How is password sharing managed in 1Password at U of I?
- Vaults are utilized to share passwords among groups. All passwords being shared must be placed into a vault that has the designated group or individual added as a member.
How do I share vaults or specific items in a vault?
Vaults
- OIT Security or 1Password Group Managers can facilitate sharing a vault, but they have slight differences:
- (Recommended) OIT Security can facilitate new groups or individuals to access vaults with a TDX Ticket or Task, or
- If you know who the 1Password Group Manager is for a group with access to the vault, they can add a user to their group that already has access to a vault.
- Since there is no defined method of getting this information as an end user, the best option is to create a TDX Ticket or Task to OIT Security at this time.
- To edit a vault, right click the vault and choose Edit Vault
- Vault Management permissions are necessary for this action.
- This is not a typical permission that is granted.
Records
- To share specific records with one or more people, right click on the record and find share in the pop-up menu.
- Sharing is temporary:
- Link Expiration: 1 hour to 30 days
- Individual emails (or a group email address -- this is not recommended)
- Check box allows recipients to view only 1 time if desired.
How do I specify an exact URL/Password match?
- Sometimes URLs will have multiple records but you may want records per subdomain or path with an exact match:
- Open and unlock 1Password.
- Select a Login item and click Edit.
- Click next to a website field, then choose a behavior:
- Save the item.
- More information on URL rules can be found at:
https://support.1password.com/autofill-behavior/
How do I import passwords?
- Using the Desktop Application:
- Sign in to 1Password.
- Select "File" -> "Import" from the menu bar:
- If importing from LastPass:
- Open the 1Password desktop application.
- Click on "File" in the menu bar, then select "
- In the import wizard, "LastPass" should be the default, if it is not then please select it. Enter your email address you are migrating from LastPass and select “Next”.
- The button will change, and you will see a new button titled “Sign in with SSO”. Select this button.
- Your default browser will open to a page that will ask you to confirm your SSO authentication. Select “Continue” to authorize this consent and close the browser window.
- You may see an error that tells you to check your inbox to “Verify a new device or location” from LastPass.
- Open your inbox and select “Verify new device or location” from the email.
- You will need to go back to your desktop application and start the import again.
- Close the import window, enter your email, select next, select Sign in with SSO, authorize the pop-up in the new browser window.
- There should be a “Successfully authenticated with LastPass” message in the import wizard window. Select the “Import” button.
- If you have shared folders that will be imported to 1Password vaults, when you hit “Import” in the 1Password Desktop Application, you will be asked if you want to check either of two check boxes (permissions only migration and email name change migration) but you can leave them unchecked and continue.
- Import will finish letting you know how many items were imported. Select “OK”.
- You have now successfully completed the migration!
-
- Follow the instructions presented to complete the import.
- Enter the import vendor name (e.g., KeePassXC, CSV, etc.)
- Sign in to https://uidaho.1password.com/import
How do I update / upgrade the Desktop application?
- UI Installed (Self-Service / Software Center)
- MacOS: Check the Self-Service application installed on your machine for an update to 1Password.
- Windows: Check Software Center application installed on your machine for an update to 1Password.
- Downloaded from Internet
- Automatic Updates (MacOS & Windows)
- 1Password checks for updates every day, five minutes after you open the app.
- If 1Password is locked, it will update itself automatically.
- If 1Password is unlocked, it will notify you that an update is available.
- Manual Check (MacOS & Windows)
- Go the 1Password application and find Settings > About