Protect what matters – even after you're gone. Make a plan for your digital legacy today.
Forum Discussion
Solved
Items moved between vaults leave a copy in Recently Deleted
Even a simple solution like a popup message stating that the item was persisted in "Recently Deleted" would go a long way towards addressing this with very little developer effort.
It is amazing that unknown password leaks are not a priority. Then again, how could it be a priority if most users are not aware of the situation and therefore never raise it as a concern?
Thank you for the feedback, I've shared your suggestions with our team internally.
-Dave
PB-52364687
3 Replies
- 1P_Dave
Moderator
Hello Roger! 👋
Thank you for the feedback! The original thread hasn’t had any activity in over four years, so to keep things organized and up-to-date, I split your message into a new thread where we can continue the conversation.
1Password uses a vault-based architecture where each vault is independently encrypted. Because of this, items aren’t literally transferred between vaults. Instead, when you “move” an item, 1Password creates a brand-new copy of that item inside the destination vault, encrypted with that vault’s unique key, and then deletes the original item from the source vault, placing it in Recently Deleted. After 30 days that deleted item is permanently removed. This approach ensures each vault remains cryptographically isolated. By giving every vault its own private encryption key, 1Password can support secure sharing of individual vaults while keeping all others completely private.
There’s no risk of password leakage in this process, because the deleted item never leaves its original vault. The “Recently Deleted” view isn’t a shared or separate location: each vault has its own Recently Deleted area, encrypted with the same private key as all other items in that vault.
-Dave
I don't see a way back to the original article from this one, so adding a link to it here for clarity.
https://www.1password.community/discussions/1password/why-are-items-moved-between-vaults-listed-in-recently-deleted-bad-security-model/24346
I performed the following steps
- New item created in Private
- Move item to shared vault (could easily be done by accident)
- Moved item back quickly to Private (easy to think it was exposed for seconds)
- Logged in as diff user with access to the shared vault
- Went to their deleted items
- Restored the item
So once the item was shared, even for a second, it can not be unshared.
Maybe one or more of the following would make sense
- A popup to state a copy was saved in Recently Deleted
- A popup to confirm you want to expose the item to other users since it can not be undone
- If shared user has never seen item, do not move it to their recently deleted
I have just moved from 1Password6 to 1Password8 and I am moving a lot of stuff around. I was quite shocked the first time I saw a lot of recently deleted items having not deleted anything! I restored a few and later discovered that I had duplicate items which led to more confusion. A couple of possible solutions to make this less confusing would be.
- A popup on move to state a copy was saved in Recently Deleted.
- Use a "Recently Moved" folder instead of "Recently Deleted" for moves.
- 1P_Dave
Thank you for the feedback, I've shared your suggestions with our team internally.
-Dave
PB-52364687
