Why are items moved between vaults listed in "Recently Deleted"? Bad security model!

Super Contributor

4 years ago

Thus far this has not been identified as a high impact situation.

That is a sad statement. We have clearly outlined situations in which this could lead the information leakage. In the most obvious case, someone who is the member of multiple accounts, e.g. an MSP situation, could inadvertently leave "moved" copies of credentials in the deleted folder of the wrong customer.

I will also claim that blaming the user is not an option here. The tool is simply doing something that most users will simply not expect. Heck, poll your own staff at ABits and I'll bet you a beer that half don't know this mis-feature exists in a product they work on and presumably use daily.

I urge you to think harder about the ramifications of this choice and how the reputation of the company could be adversely impacted if not addressed.

Forum Discussion

Why are items moved between vaults listed in "Recently Deleted"? Bad security model!

Featured discussions

September at 1Password: Browser versions, enhanced security, and new integrations

Recent discussions

Universal Autofill + Chrome extension not working with latest Chrome on macOS (142.0.7444.60)

Misleading pricing to upgrade

Watchtower score not identical

Safari Extension won't fill if too many tabs open

Support for Zen browser