It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Re: Too much power in the hands of a family manager
Family managers are not company administrators and should not have the ability to delete other family members' accounts.
1password team: Do you have any updates on that topic that was heavily discussed back in 2020 and 2021? Thank you.
9 Replies
As a 'family' user ( I am the admin) I have read your comment with interest. I am not clear in understanding whether you are a 'user' who has been deleted by a 'family' manager OR you are a 'Family Manager' raising concerns?
As a 'Family Manager' myself, I certainly see it as my responsibility to protect the 'whole' and that includes each individual account and their data. I see my responsibility to make sure backups are done on a regular basis and I export ALL data from ALL vaults on a regular basis (monthly). All the exports are saved offline, encrypted and on secure 'none' Internet connected server. All family members can have access to the server and the data, by accessing our documentation that we keep on all our I.T. home infrastructure - should I drop dead! You may have already guessed that I have spent 35+ years managing I.T. - hence that fixation on 'documentation'.
None of this is perhaps helpful to your concerns, but going forward, you might instigate similar practices to protect your 'family' 1Password. I have similar practices regarding documenting bank accounts, pensions, trusts, investments etc. It may sound over the top, but if I drop dead, I would like to know that my wife and family know and can access all my affairs.
A.
The entire discussion is happening on Reddit again, just google: "It is insane that you can lose your 1Password account PERMANENTLY if you’re removed from a Family account"
Links don't seem to be working here at the moment.
Hello again, thank you for the clarification and the link to Reddit. From reading comments, it appears this is a real issue that needs to be addressed. Aside from our collective responsibilities to ‘look after’ our Family data, it appears too easy to ‘delete’ an account without any ‘checks & balances’ once ‘delete’ is pressed ( I assume, as I’ve never pressed ‘delete’). If it is the case that a user is not given any recourse ( 30 days notice or other) with which to move their data somewhere else ( individual account?) then this is a gross software and UI failure. 1Password may hold itself high in the password manager security league tables, but being able to just ‘delete’ negates all the credibility's. A good password manager just failed miserably. Needs addressing ASAP.
I agree with all your points, but the original thread was focused on a different issue. Let me clarify, as I’m also a family admin: the real risk lies with us—the admins. I consider myself trustworthy, but I shouldn't have—nor do I want—the ability to permanently delete other family members' accounts.
Sure, as the admin and subscription holder, I should be able to remove someone from the family group. But that’s very different from being able to delete their entire account and all associated data.
Unfortunately, we're now debating this here only because 1Password removed the original thread. It’s frustrating to see time and effort from engaged users—who genuinely want to help improve the product—go to waste.
Even though I’m concerned this message might also be deleted – like the thread I started two days ago, which disappeared almost immediately—I’ll try once more to share my perspective:
Many of us, myself included, invested significant time, energy, and probably more than a few cups of coffee into raising our concerns on the 1Password Community platform. One particularly active thread, "Too much power in the hands of a family manager," appears to have mysteriously vanished during the migration to the new community.
Don't get me wrong — I'm a happy 1Password user, and in my opinion, it's (still) the most polished password manager out there. It offers many great features that most others lack, like SSH key management, CLI integration, and more. I also understand that the Family account is essentially a rebranded Business account, so changing the underlying architecture is likely a complex task – and perhaps not even worth the effort if revenue from family accounts is relatively small compared to business clients. That said, I’d simply prefer honesty and transparency over silencing valid, critical voices.
According to 1P_Dave's reply in the Too much power in the hands of a family manager post,
Your original thread was accidentally caught in our spam filter, I’ve now released it and merged it with your other thread.
AJCxZ0 I saw 1P_Dave's message. I think you may have missed that I wrote my reply 10 hours before 1P_Dave merged the two threads — the one from 4 days ago that apparently got caught in the spam filter, and the current one. Without noticing the timestamps, my reply understandably looks like a redundant comment.
