How We Use 1Password

Anyone can save credentials in 1Password for accounts they have access to. Therefore, we need a unified system for naming and organizing those credentials. We have used several systems and titling strategies in the past and have never had a chance to consolidate. So you will notice as you use the system that this strategy is not consistently applied. Any time you are digging through 1pass and notice an opportunity to fix a login that’s not in the right format, do it! And please enforce these standards with all new logins.

Setup

When you join Cantilever, People Ops will send you an invite to our 1password account. Your manager will send access to any relevant vaults you need for your projects. If you have not been oriented and set up by the time you’re reading this, contact HR.

Your 1Password master password must be very, very strong. Keep in mind that clients entrust us with crucial business information, and we should take that very seriously.

As a part of your orientation, you should have downloaded/printed a 1Password "emergency kit" which contains secret keys you can use to recover your data in case you forget your password. The vault can be located at: cantilever.1password.com

More likely, you will want to use the 1Password app on your computer and phone. You can log in there with the same credentials you use online.

Organizing

Any credentials associated with a single client should go in the client’s vault. If you are working with a client which does not yet have a vault, please ask Legal to make one.

Any credentials you need for work, but should NOT be shared with the full team (such as your Cantilever email credentials) should go in your personal 1Password vault in the Cantilever account. Any credentials you need in general which are not private and could benefit the full team should go in the Cantilever "Shared" vault.

Do not store any Cantilever data outside of the Cantilever vault. This is important for legal reasons, but also for safety. If your computer burns to a crisp, we need to know our data is still available to anyone in the company who needs it.

Naming Conventions

Vaults

All vaults should be named by client, not project.

image

Names should be capitalized except in special cases like "eBeam". Slashes should be used without any spaces between them.

Account Credentials

Credentials appear in list format in the 1Password app, website, and quick access Chrome extension. So they must be named in a way that makes sense for each of those venues. Some sites may have multiple credentials assigned to them. So, it is important to list the client name in the credential name. Additionally, some clients have multiple projects, so we may need to redundantly identify logins associated with their main projects.

The general format is:

[Account Owner] Account Description

In other words:"[Who] What"

Or... "[Owner] Thing"

Or... "[Person or Company logging in] Thing they are logging in to"

So, if Cantilever is the 'account owner' of a password for a particular client, the naming might go as follows:

[Cantilever] eBeam Imgix

The specific person is not important unless there are multiple accounts associated with a given service, in which case it would be:

[Andrew] eBeam Imgix

or

[Sherbert] eBeam Imgix

For any given password, the default owners are generally Cantilever or the client. Using eBeam as an example, other naming conventions might look like:

[eBeam] Wordfence

This is an account and service that the client uses, but we have access to.

‼️

There is no need for the bracket notation for anything other than logins. Anything that is NOT a login (like a PDF, credit card, or note) should not use the login syntax ("[Owner] Thing").

Notes & Docs

Notes are only visible in the 1pass app or web interface, not the widget, so we can be more relaxed about their naming conventions.

🚫 Anti-patterns:

From the Esquire vault:

image

What account is this? If you’re using the chrome extension, or don’t know the mailchimp monkey, you couldn’t tell in advance. This should be [Esquire] Mailchimp.

From the Kode with Klossy vault:

image

This should be [KWK Blog] Cantilever WP(from the TWC Vault)

From the TWC vault:

image

This should be [Watson Advertising] WP Admin.