Massive ‘Gotcha’ / Flaw in 1Password for Families.
Learn from my mistake (I think it is a fundamental flaw in 1P BTW)
Background, we have an estranged family member. After a year or so of their account being ‘in recovery’ (I forget the exact wording) I chose to remove them from the family before the next annual subscription.
Yes, there was a warning that their account would be deleted.
It never occurred to me that 1Password would nuke any local access as well as the ones on the 1P server.
Got text message from estranged family member today saying ‘can’t access 1Password’…
Apparently, there is no recovery mechanism at all in this scenario.
Yes, there was a warning the account would be deleted
Yes, perhaps I should have sent a message to the family member to check that they weren’t still using it (we are not THAT estranged).
Even so, I think this is a fundamental failure with 1P design - I can see a scenario where (as recommended by 1P) husband and wife are both administrators, the ‘fall out’ and one wipes the account of the other.
At the very least the user should have read only access to their account (the passwords that the continuing family members are worried about could/should be changed in any event in a scenario where you are worried about compromised passwords)
FWIW, I disagree. Passwords are among the most sensitive types of data in the world today. When I delete a password or remove access, I expect it to happen immediately.
If there was, that would be a flaw. (IMO). I keep a pdf printout as a backup.
The same thing can happen with joint bank accounts, etc. Stay friends with your spouse or plan accordingly.
Seriously, I’m sorry for your situation. Many years ago I lost 3 days of data on a server used by people in two countries. I still think twice before I confirm “Are you sure” warnings.
What happened to you could have happened to anyone, and probably has to others. And while it may be a personal catastrophe I see nothing that could be done to 1PW that wouldn’t weaken the product.
1Password provides a method to suspend a member’s account.
Suspend an account temporarily
To temporarily revoke a family member’s access to vaults and items, suspend their account:
1 Click the name of the person you want to suspend.
2 On their details page, click More Actions and choose Suspend.
I would suggest: removing a member’s access to the shared vault; give them fair warning to make a copy of the information in their personal vault; suspend the member’s account for a period of time just to have fallback in case data access is still needed; then, again with fair warning, delete the account.
If I understand 1PW’s cloud based service correctly, your backups should still contain the missing data that was cached locally, so at least there’s that.
BUT, given that this is hardly an uncommon scenario (divorce/separation, child leaving home), this is probably something that Agile Bits (and everyone who provides “family plans” (looking hard at you, Apple)) should explicitly address with a mechanism to handle it easily.
I personally think that providing a frozen account would be better than allowing a third party (even a family member) to delete another person’s personal data (it’s their personal vault after all).
Shared vaults are different, revoking access doesn’t nuke the data, just the access. (I think)
Nuking doesn’t really help anyone - even if data is removed immediately it should be assumed that any passwords shared are compromised (because of pdf backups etc.) and so good practice would be to change them anyway.
Anyway, lesson learned I’ll make a totally different mistake next time…
I’m sorry but instructing a company “delete my information” should mean “delete my information”. 1Password acted correctly even though I have no affiliation or affinity for them.
If you had a local vault, then the subscription would be irrelevant and you’d have to manually delete your local vault to have it be gone forever.
Of course, if 1password still allowed local vaults, then they would have a harder time keeping subscription numbers up, so they courageously decided to remove the option for local vaults.
I suggest looking into something like StrongBox that allows local vaults for future use, once you reset all of your passwords.
I agree 100% that this should be the way it works… 1Password cannot recover the data.
Unfortunately, it also highlights why end-to-end encryption can be dangerous to novice users. Privacy is at it’s highest, and if you lose the key (or delete the data) it’s gone forever. (Although if you have local backups like Time Machine or online like Backblaze) you might be able to get it back.
Same problem if iCloud changes to end-to-end encryption. David has said this before on the podcast, but you get users begging Apple to restore their lifetime of photos if they lose access to their devices/keys with no backup.
I’ll make a totally different mistake next time…