Family organiser and access to other peoples vaults

ondrejfuhrer
ondrejfuhrer
Community Member

Hello there,

I was wondering about the reasoning of organisers having potential access to other peoples vaults without their permission. The thing that I recently discovered is that organiser can add himself to any vault except the personal one of each family member. Therefore if family members would like to organise their "personal" logins into multiple different vaults, those items are no longer "secret" and can be accessed by family organiser.

Could you maybe explain what is the reason behind? I was under an impression that you either have your own vaults where no one has access to or there are shared vaults that a member specifically decides to share with someone.

But there is this third option where the non-default vault can be accessed without the members knowledge by the organiser.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @ondrejfuhrer

    But there is this third option where the non-default vault can be accessed without the members knowledge by the organiser.

    Correct. Part of being in a family membership is trusting the family organizer(s) to not snoop in vaults they have no need to be in.

    My understanding is at least part of the reasoning for this is to avoid having orphaned vaults that nobody has access to if a family member is removed from the membership. I suppose an alternative way to deal with that would be to delete any vaults that only that person had access to when deleting their account.

    I know this situation is something that has been discussed at length, but I'll remind the team that there is still a desire from some to have this work differently. Thanks.

    Ben

  • ondrejfuhrer
    ondrejfuhrer
    Community Member

    Hey @Ben

    Thank you for a quick answer here.

    Correct. Part of being in a family membership is trusting the family organizer(s) to not snoop in vaults they have no need to be in.

    I definitely understand that, just for me I don't then really see the difference between the default ("Personal") vault and the others. If there is a trust, why not "expose" those default ones as well?

    My understanding is at least part of the reasoning for this is to avoid having orphaned vaults that nobody has access to if a family member is removed from the membership.

    That is not 100% clear to me as well, as then there has to be a "special" condition for the default personal vault anyways as there is no way to delete that if a person is removed from an account.

  • williakz
    williakz
    Community Member

    Hi @ondrejfuhrer. Perhaps I can help answer your question about private vs. POTENTIALLY "exposed" vaults of family members to family organizers. As a family organizer for several aged and technically limited family members, I initially set up a non-shared vault for each one as their "main" storage vault and 1P set up, of course, a private vault shared and accessible by no one else (or at least no one not knowing their Master Password and Secret Key). The deal is: I, as family organizer, offer my support to help my family members populate and utilize anything and everything in their "main" vault to which I can, as needed, add myself in order to access its contents. I do not offer them support on or request access to anything in their private vaults. So, private is theirs, main is ours.

    To sum up, my family members trust me to keep my nose out of their routine confidential business while still being on call and permitted to access their secure data as needed to assist them with troublesome sites or to demonstrate to them how to store, recall, and maintain all forms of 1P data. At the same time, their private data is just that, totally private to them. So rather than a parent/child relationship, it's more like the one between "the IT guy" and the users he supports. Hope that helps.

  • Thank you both for sharing your perspective on this. :+1:

    Ben

  • Martijnn
    Martijnn
    Community Member

    I also don't like the fact that as a family organizer I can give myself access to the vaults of other family members.
    It would be best if only the owner of the vault can control who has access.

  • Thanks @Martijnn. To be clear: Family Organizers can't give themselves access to other people's Personal/Private vaults. They can only give themselves access to shared vaults, which would be any non-Personal/Private vault.

    Ben

  • Martijnn
    Martijnn
    Community Member

    @Ben I know. But I still think that for all other vaults this need to be changed.

  • I understand. Just wanted to make the point. :) Thanks for the feedback.

    Ben

This discussion has been closed.