Agilebits never handles unencrypted vault passwords or users’ master passwords. Rather, it shunts encrypted items around and decrypts either via scripts in its Teams website or in native clients. Teams support is initially available for OS X and iOS, and requires Chrome, Firefox, or Opera due to missing security support in Safari. The company uses public-key cryptography behind the scenes to allow multiple users’ access to the same vaults without the users requiring or having access to the vaults’ actual encryption keys. Native clients add vault access through an Account Key, displayed as text and as a QR Code which clients can scan—in OS X, a “scanning window” can be dragged from the native app over the 2D code in a browser.
1Password for Teams also has a unique twist on recovering lost access to vaults. With the individual product, losing the master password means all data in a vault is lost forever. With the Teams approach, Shiner says, that wouldn’t be acceptable for a company. So in Teams, it’s possible to create recovery groups who can give users back access to a lost vault, even if members of the recovery group lack access to the contents of the vault. Again, this is done without Agilebits having any knowledge of the passwords and keys.
During beta testing, which Shiner says he expects to last at least until the end of 2015, and likely into the first quarter of 2016, 1Password for Teams will be free. After the product goes into full release, it will cost $5 per month per user per team. Requests to join the public beta have to be approved, but Agilebits says it’s throttling rather than filtering: It wants to make sure they keep up with demand.
Sign up for CIO Asia eNewsletters.