Table of Contents

1Password basics

Max Dana Updated by Max Dana

ArtsPool uses the online password manager 1Password to securely manage and share passwords for member bank accounts, credit cards, and other mission-critical services. Member accounts on 1Password are umbrellaed under ArtsPool's business account so members are not billed for their use of 1Password unless they decide to have more than one user account. 1Password uses bank-grade Advanced Encryption Standard (AES) 256-bit encryption technology and includes a wide variety of security features to keep passwords safe. For more on 1Password's security features, see their articles on Security and Privacy and their security certifications.

Key concepts

Secret Key

The 1Password Secret Key is an encryption key made up of 34 letters, numbers and symbols. It works in combination with your account password to encrypt and decrypt 1Password data on your device and must be entered the first time you log in on any new device. The Secret Key is unknown to 1Password and cannot be automatically reset without an ArtsPool administrator initiating an account recovery process, so be sure to download your Emergency Kit and store a printed copy in a secure location as suggested by 1Password. For information on how to recover a Secret Key, see the article 1Password account management. For more on Secret Key concept, see About your Secret Key and Find your Secret Key or Setup Code.

Account Password

Your Account Password is the password that you will type every time that you log into 1Password, unlock the Chrome extension, or open any of the apps for iOS, Android, Mac, or Windows. Though you can easily change your password if you are logged in, it cannot be easily reset if you are logged out, so be sure to note this password on your Emergency Kit and store a printed copy in a secure location.

A good password is unique, memorable, and random, so take care when selecting yours. Length is more important than complexity in computer security, so avoid extremely short passwords (1Password requires at least 10 characters). Passwords will need to be typed fairly frequently, so try to balance ease of memory with ease of typing when setting yours. See the 1Password guide How to choose a good Password for some helpful tips.

For information on how to recover a password, see the article 1Password account management.

Emergency Kit

The Emergency Kit is a PDF that you are required to download when you set up a 1Password account or change your account password or Secret Key. It contains your Secret Key, account email, and login address, as well as a place for you to write your account password. The safest way to store the Emergency Kit is in a secure offline location, either as a printout in your paper files or as a PDF on a USB drive. For more information, see Get to know your Emergency Kit.

Do not save your Emergency Kit on a cloud storage platform. This is very dangerous.

Vaults

Vaults are where passwords live in 1Password, and they are the mechanism for how passwords are shared. Any number of people or groups can be given access to a vault, each with unique permissions. By default, every 1Password user account has a Private vault. Members also have a vault called [Member Name] Finance that is set up during onboarding and which is used to give the member's ArtsPool service team access to passwords. Some members who have elected to pay for additional 1Password accounts may have other vaults that they use to share less sensitive passwords with other employees. Currently only system administrator can create and configure vaults so if you need a vault created, please contact the ArtsPool Technology Team at technology@artspool.co or in Slack.

An entry can live in only one vault at a time, so think carefully about what vault you store a particular entry in to make sure that it's accessible to those who need it.

Tags

Tags are another useful way to organize passwords. For example, if you want to have easy access to all finance passwords shared with you, you could tag those passwords with 'finance' and then select them from the tag list on the left side of your vault. Tags are only visible to all users on the vault, so choose them wisely and don't overuse them.

Ways to access 1Password

The web interface

If you prefer to log in directly via the browser you can do so at artspool.1password.com. This requires some copying/pasting if you are using it to access login credentials, but it can be a better user experience if you are doing more complicated password editing or maintenance.

1Password browser extension

For a streamlined login experience, 1Password offers the great 1Password browser extension for Chrome, Firefox, Edge, and Brave browsers. For detailed information on installing and using the 1Password browser extension, see Get started with 1Password in your browser.

1Password apps

1Password also offers standalone apps for Mac, Windows, iOS and Android. To get the extension or apps, just log into your account, click your name on the top left corner, and click Get the Apps. For more detailed information on installing apps, see Get the Apps.

ArtsPool recommends the 1Password browser extension since it has some additional security features and also streamlines password entry.

Logging into 1Password

Whether you are signing in via the web, the 1Password extension, or the apps, the first time you sign into 1Password on a particular device you will need to enter the email address associated with your account, your Secret Key, and your account password. For any subsequent logins or to unlock your account you will only need to enter your password.

Your account will lock after it is idle for 10 minutes. To unlock, just enter your password. If you want to change the length of time before it locks you can edit it in your settings, but we don't recommend that you make it longer than 10 minutes. The web interface, the browser extension and the apps all have their own auto-lock settings.

Adding Passwords

Adding passwords from the browser extension

The 1Password browser extension will prompt you to create a new entry when you enter a password for a site that it does not recognize. After you type the username and password, click on the Save in 1Password prompt, give the password a descriptive name, select the vault where you want to save the login, and click Save.

When entering a member password that ArtsPool needs access to, please remember to do the following:

  1. Append a hyphen and the member's name or abbreviated name to the end of the entry title to help us find them when searching. E.g. for a login for Desert Island Theater Barn, append " - Desert Island".
  2. Select the vault called [Member Name] Finance. If the entry needs to be accessed by non-finance staff, select the vault [Member Name] Operations (Shared).

Adding passwords from the web interface

If you want to add more detail to an entry when adding it, you can also add passwords via the 1Password web interface. To do so:

  1. Log in at artspool.1password.com.
  2. Select the vault where you want to add the password.
  3. Click the plus sign at the bottom of the screen.
  4. Select the type of entry you want to add. In most instances you will select Login, but there are a variety of other options available, each with different default fields.
  5. Enter the title of the entry. Be sure to append a hyphen and the member's name or abbreviated name to the end of the entry title to help us find them when searching. E.g. for a login for Desert Island Theater Barn, append " - Desert Island".
  6. Enter the username
  7. Enter the password. Click the key icon to use the password generator.
  8. Enter the website. This is particularly important as it is what allows the 1Password browser extension to work.
  9. Add optional sections and custom fields to capture any other data you want to save.
  10. Add optional tags (comma separated).
  11. Click Save at the bottom of the screen.

Editing passwords

Editing with the browser extension

If you are editing a password that the 1Password browser extension recognizes, it will ask you if you want to update the entry and even offer a suggested random password for you to use. To use the suggested password, click on Use Suggested Password. If you want to create a new entry, follow the steps in the Adding passwords from the browser extension section above. To update an existing entry, select Update Saved Login from the menu, select the entry to update, and click Update.

Editing in the web interface

If you are editing fields other than the passwords, you can do so via the web interface at artspool.1password.com.

  1. Search for the entry you want to edit in the 1Password browser extension and click Edit. Alternatively, visit artspool.1password.com, find the entry you want to edit, and click the Edit button at the bottom right of the screen.
  2. Update the fields that you want to edit.
  3. Click the Save button at the bottom of the screen.
Pro tip: 1Password is very flexible in terms of how you can customize the fields on any given password entry. If you find that you often need to copy and paste information, consider creating a custom field for it. You can also create custom sections to organize your custom fields. Each field has a variety of types (text, password, email, URL, etc), which you can select by clicking the 'meatball menu' (three small dots) to the left of the field.

Moving passwords

Only the primary user at an ArtsPool member organization has the ability to move passwords out of all vaults. You can always move passwords out of your private vault, but we have restricted the ability to move passwords out of certain vaults in order to prevent things from getting chaotic. If you find that you can't move a password that you need to move, contact lifeguard@artspool.co.

Sometimes you need to move a password from one vault to another, e.g. if you saved it in your private vault but it needs to be moved to a shared vault. To move a password:

  1. Navigate to the password entry.
  2. Click the square icon under the entry name.
  3. Select Move/Copy.
  4. Click Move next to the vault where you want to move the entry.

How to deal with personal credentials

In instances where a member has several employees sharing access to a 1Password account, the question often comes up about how to manage individual employee credentials that shouldn't be stored in a shared system (e.g. their email login). There are two common ways to handle this: activating a free 1Password Family Plan or using the browser's native password manager.

1Password Family subscriptions

Each paid user account under ArtsPool's Business subscription can activate a free Family subscription that includes five additional users. These additional user accounts can be offered to employees to use to store their personal credentials. These five users can also share vaults with each other. A couple of caveats:

  • The users on the Family subscription have no access to the vaults set up under ArtsPool's Business subscription, so there may be a few more clicks to access personal credentials in the 1Password browser extension depending on one's settings. It's possible to set up the extension to include all passwords from all accounts under All vaults.
  • Each set of five Family subscription accounts is totally separate. If a member has two paid accounts under ArtsPool's subscription, they can create up to 10 additional users, but each set of five users can only share vaults on their particular Family subscription account.

To activate a Family subscription on a paid account, the user with the paid account should log into the 1Password web interface, click their user name on the top right, select My Profile, and click Redeem now at the bottom of the page.

Browser password manager

1Password recommends making the 1Password browser extension the default password manager, which deactivates the browser's built-in password manager. If an employee wants to continue to use the browser password manager they can change their settings by clicking on the gear icon in the 1Password browser extension, selecting Settings, and toggling off the setting called Make 1Password the default password manager.

By making the browser manager the default, they will lose some of the convenience of having 1Password suggest and autofill passwords, but they can still autofill by clicking on the 1Password extension icon and clicking Autofill, and they can still save to 1Password when creating or updating credentials on a website. Using this method, the browser's native password manager will always try to save the credentials first, but this can be dismissed with the ESC key on most systems.

How did we do?

1Password account management

Importing passwords into 1Password

Contact