It’s Cybersecurity Awareness Month! Join our interactive training session, or learn about security and AI from 1Password experts.
Forum Discussion
Solved
Too much power in the hands of a family manager
Back in 2020/2021, a lot of us—myself included—poured time, energy, and probably a few cups of coffee into voicing concerns on the 1Password Community platform. One particularly lively thread, "Too m...
Hello rpaulson! 👋
Thank you for following up. Your original thread was accidentally caught in our spam filter, I’ve now released it and merged it with your other thread. I’m sorry for the mix-up and any confusion it caused.
Regarding the old thread, only conversations active within the last three years were migrated to the new community however none of your feedback has been lost. Your feature requests and input have been shared with our product team internally, and they remain open and under consideration.
At the moment, 1Password Families memberships are designed with the assumption that you trust the family organizer. The organizer has certain powers — such as inviting members, recovering accounts, and deleting members. If that level of trust isn’t comfortable for you, then you can use your own individual account instead.
That being said, this is an area that we'd like to improve. Our Senior Director of Product, End User Experience, shared an update recently on Reddit:
Thanks for the feedback and I do recognize the implications this can have. There are pretty major architectural changes that need to happen to make this possible. We have not forgotten about this and it is still on my list. It's just taking time. There are, however, some other architectural changes happening that might accelerate this work.
We’re grateful for your thoughtful feedback, and we’ll continue to share updates as progress is made however we don't have a timeline on when this might be. Thank you again for raising this, it truly helps us shape 1Password for the better.
-Dave
As a 'family' user ( I am the admin) I have read your comment with interest. I am not clear in understanding whether you are a 'user' who has been deleted by a 'family' manager OR you are a 'Family Manager' raising concerns?
As a 'Family Manager' myself, I certainly see it as my responsibility to protect the 'whole' and that includes each individual account and their data. I see my responsibility to make sure backups are done on a regular basis and I export ALL data from ALL vaults on a regular basis (monthly). All the exports are saved offline, encrypted and on secure 'none' Internet connected server. All family members can have access to the server and the data, by accessing our documentation that we keep on all our I.T. home infrastructure - should I drop dead! You may have already guessed that I have spent 35+ years managing I.T. - hence that fixation on 'documentation'.
None of this is perhaps helpful to your concerns, but going forward, you might instigate similar practices to protect your 'family' 1Password. I have similar practices regarding documenting bank accounts, pensions, trusts, investments etc. It may sound over the top, but if I drop dead, I would like to know that my wife and family know and can access all my affairs.
A.
The entire discussion is happening on Reddit again, just google: "It is insane that you can lose your 1Password account PERMANENTLY if you’re removed from a Family account"
Links don't seem to be working here at the moment.
Hello again, thank you for the clarification and the link to Reddit. From reading comments, it appears this is a real issue that needs to be addressed. Aside from our collective responsibilities to ‘look after’ our Family data, it appears too easy to ‘delete’ an account without any ‘checks & balances’ once ‘delete’ is pressed ( I assume, as I’ve never pressed ‘delete’). If it is the case that a user is not given any recourse ( 30 days notice or other) with which to move their data somewhere else ( individual account?) then this is a gross software and UI failure. 1Password may hold itself high in the password manager security league tables, but being able to just ‘delete’ negates all the credibility's. A good password manager just failed miserably. Needs addressing ASAP.
