1Password basics

ArtsPool uses the online password manager 1Password to securely manage and share passwords for member bank accounts, credit cards, and other mission-critical services. Member accounts on 1Password are umbrellaed under ArtsPool's business account, so members are billed at a discounted rate for their use of 1Password. 1Password utilizes bank-grade Advanced Encryption Standard (AES) 256-bit encryption technology and includes a wide variety of security features to keep passwords safe. For more on 1Password's security features, refer to their articles on Security and Privacy and their security certifications.

Key concepts

Secret Key

The 1Password Secret Key is an encryption key consisting of 34 letters, numbers, and symbols. It works in combination with your account password to encrypt and decrypt 1Password data on your device and must be entered the first time you log in on any new device. The Secret Key is unknown to 1Password and cannot be automatically reset without an ArtsPool administrator initiating an account recovery process. Always download your Emergency Kit and store a printed copy in a secure location as suggested by 1Password. For information on how to recover a Secret Key, see the article 1Password account management. For more on the Secret Key concept, see About your Secret Key and Find your Secret Key or Setup Code.

Account Password

Your Account Password is the password that you will type every time that you log into 1Password, unlock the browser extension, or open any of the apps for iOS, Android, Mac, or Windows. While you can easily change your password if you are logged in, it cannot be easily reset if you are logged out, so be sure to note the password in your Emergency Kit and store a printed copy in a secure location.

A good password is unique, memorable, and random, so take care when selecting yours. Length is more important than complexity in computer security, so avoid extremely short passwords (1Password requires a minimum of 10 characters). Passwords will need to be typed fairly frequently, so try to balance between ease of memory and ease of typing when setting yours. See the 1Password guide How to choose a good Password for some helpful tips.

For information on how to change a password, see the article 1Password account management.

Emergency Kit

The Emergency Kit is a PDF that you are required to download when setting up a 1Password account, or changing your account password or Secret Key. It contains your Secret Key, account email, and login address, as well as a place for you to write your account password. The safest way to store the Emergency Kit is in a secure offline location, either as a printout in your paper files or as a PDF on a USB drive. For more information, see Get to know your Emergency Kit.

Vaults

A Vault is where password entries live in 1Password and is the sharing mechanism for 1Password users to access entries. Any number of people or groups can be given access to a vault, each with unique permissions. By default, every 1Password user account has a private Employee vault. Members also have a vault called [Member Name] Finance set up during onboarding, and it is used to give the member's ArtsPool service team access to passwords. Some members who have elected to pay for additional 1Password accounts may have other vaults that they use to share less sensitive passwords with other employees. Currently, only a system administrator can create and configure vaults. If you need a vault created, contact the ArtsPool Technology Officer at technology@artspool.co or via Slack.

Tags

Tags are another useful way to organize passwords. For example, if you want to have easy access to all finance passwords shared with you, you could tag those passwords with 'finance' and then select them from the tag list on the left side of your vault. Tags are visible to all users on the vault, so choose them wisely and don't overuse them.

Ways to access 1Password

The web interface

If you prefer to log in directly via the browser, you can do so at artspool.1password.com. While this interface requires some copying/pasting if you are using it to access login credentials, it can be a better user experience if you are doing more complicated password editing or maintenance.

1Password browser extension

For a streamlined login experience, 1Password offers the great 1Password browser extension for Chrome, Firefox, Edge, Safari, and Brave browsers. For detailed information on installing and using the 1Password browser extension, see Get started with 1Password in your browser.

1Password apps

1Password also offers standalone apps for Mac, Windows, iOS, and Android. To get the extension or apps, log into your account, click your name in the top left corner, and click Set up another device. For more detailed information on installing apps, see Get the Apps.

Logging into 1Password

Whether you sign in via the web, the 1Password extension, or the apps, the first time you sign into 1Password on a particular device, you will need to enter the email address associated with your account, your Secret Key, and your account password. For any subsequent logins or to unlock your account, you will only need to enter your password.

Adding Passwords

Adding passwords from the browser extension

The 1Password browser extension will prompt you to create a new entry when you enter a password for a site that it does not recognize. After you type the username and password, click the Save in 1Password prompt, give the password a descriptive name, select the vault where you want to save the login, and click Save.

When entering a member-account password that ArtsPool needs access to, please remember to do the following:

1. Append a hyphen and the member's name or abbreviated name to the end of the entry title to help us find them when searching. For example, for a Desert Island Theater Barn login, you should append " - Desert Island" to the password entry.
2. Select the vault called [Member Name] Finance. If the entry needs to be accessed by non-finance staff, select the vault [Member Name] Operations (Shared).

Adding passwords from the web interface

If you want to add more detail to an entry when adding it, you can also add passwords via the 1Password web interface. To do so:

1. Log in at artspool.1password.com.
2. Select the vault where you want to add the password.
3. Click + New Item at the top of the screen.
4. Select the type of entry you want to add. In most instances, you will select Login, but there are a variety of other options available, each with different default fields.
5. Enter the title of the entry. Be sure to append a hyphen and the member's name or abbreviated name to the end of the entry title to help us find them when searching. For example, for a Desert Island Theater Barn login, you should append " - Desert Island" to the password entry.
6. Enter the username.
7. Enter the password. Click the key icon to use the password generator.
8. Enter the website. This is particularly important as it is what allows the 1Password browser extension to work on login pages.
9. Add optional sections and custom fields to capture any other data you want to save.
10. Add optional tags (comma-separated).
11. Click Save at the bottom of the screen.

Editing Passwords

Editing with the browser extension

If you are editing a password that the 1Password browser extension recognizes, it will ask if you want to update the entry and even offer a suggested random password for you to use. To use the suggested password, click Use Suggested Password. If you create a new entry, follow the steps in the Adding passwords from the browser extension section above. To update an existing entry, select Update Saved Login from the dropdown menu, select the entry to update, and click Update.

Editing in the web interface

If you are editing fields other than the passwords, you can do so via the web interface at artspool.1password.com.

1. Search for the entry you want to edit in the 1Password browser extension and click Edit. Alternatively, visit artspool.1password.com, find the entry to edit, and click the Edit button at the top right of the screen.
2. Update the fields that you want to edit.
3. Click the Save button at the top of the screen.

Moving Passwords

Sometimes you need to move a password from one vault to another (e.g., if you saved it in your private vault but it needs to be moved to a shared vault). To move a password:

1. Navigate to the password entry.
2. Click the meatball menu (three dots) at the top-right of the entry.
3. Select Move.

   

4. In the pop-up window, select the vault where you want to move the entry.

   

How to deal with personal credentials

In instances where a member has several employees sharing access to a single 1Password account, the question of how to manage individual employee credentials that shouldn't be stored in a shared system is often raised (e.g., their email login). There are two common ways to handle this: activating a free 1Password Family Plan or using the browser's native password manager.

1Password Family subscriptions

Each paid user account under ArtsPool's Business subscription can activate a free Family subscription that includes five additional users. These additional user accounts can be offered to employees to use to store their personal credentials. These five users can also share vaults under the Family umbrella. A couple of caveats:

• The users on the Family subscription have no access to the vaults set up under ArtsPool's Business subscription, so there may be a few more clicks to access personal credentials in the 1Password browser extension, depending on one's settings. It's possible to set up the extension to include all passwords from all accounts under All vaults.
• Each set of five Family subscription accounts is totally separate. If a member has two paid accounts under ArtsPool's subscription, they can create up to 10 additional users, but each set of five users can only share vaults on their particular Family subscription account.

To activate a Family subscription on a paid account, the user with the paid account should log into the 1Password web interface, click their user name on the top right, select Manage account, and click Redeem now in the Family Account section.

Browser password manager

1Password recommends making the 1Password browser extension the default password manager, which deactivates the browser's built-in password manager. If an employee wants to continue to use the browser password manager, they can change their settings by clicking on the Account Menu (top left corner) in the 1Password browser extension, selecting Settings, and toggling off the setting called Make 1Password the default password manager in this browser.

By making the browser manager the default, they will lose some of the convenience of having 1Password suggest and autofill passwords, but they can still autofill by clicking on the 1Password extension icon and clicking Autofill, and they can still save to 1Password when creating or updating credentials on a website. Using this method, the browser's native password manager will always try to save the credentials first, but this can be dismissed with the ESC key on most systems.