Too much power in the hands of a family manager

2

Comments

  • ag_ana
    ag_ana
    1Password Alumni

    @pdxtony314:

    I don't believe this is changing soon, but I have let our developers know that you would also like to see this :+1:

    ref: dev/projects/customer-feature-requests#552

  • Judas
    Judas
    Community Member

    Many of my friends thinking to move from Lastpass to 1PW but not stopped when they know the FO in 1PW has the power to delete your whole private vault and you have no chance to say no.
    This a dealbreaker for most people who is not a 1PW user but thinking of joint as family.

    What I suggest is when I removed someone from my family, I wish their account become a trial account (which you offers to every new user) or even a frozen account.

    I can not understand why OF has such power in 1PW to delete private vault in the first place, yes, they are paying the bill, but you named it PRIVATE VAULT, and since when the PRIVATE item becomes something can delete by others, even FO?

  • ag_ana
    ag_ana
    1Password Alumni

    @Judas:

    Thank you as well for the thoughts, I have sent them to our developers as well :+1:

    ref: dev/projects/customer-feature-requests#552

  • This content has been removed.
  • ag_ana
    ag_ana
    1Password Alumni

    That could be an option @Naxterra, thank you for sharing. I will let the developers know about your thoughts :+1:

  • OrangeMonkey
    OrangeMonkey
    Community Member

    I agree with the premise of the original poster. In addition to the same concerns as above, here is another. What happens when I, the family organizer, get hit by a bus. My family is not tech savvy. The credit card stops working, and a year later all my family accounts disappear with no idea what's going on. I know this seems contrived, but it's a thing. Also, who is going to walk them through the hand holding of creating a new account, and moving over their passwords to a different account. Who is going to tell them they even need to do that. It seems normal that family accounts could be split into regular individual accounts. Please look into this.

    Further, my wife insists on not eliminating her standalone work-related lastpass account. I could create a vault for her so she has a private work related vault, but I have access to it and I'm not a company employee. This is rightly not acceptable for her, so she can't eliminate lastpass. Individual family members should be able to make and control their own vaults. Please consider this as well.

  • ag_ana
    ag_ana
    1Password Alumni

    @OrangeMonkey:

    The credit card stops working, and a year later all my family accounts disappear with no idea what's going on. I know this seems contrived, but it's a thing.

    When a subscription expires, the data does not disappear. It will remain accessible in read only format :+1:

    If your 1Password account is frozen

    In general, however, the best option would be to have a recover plan in place, including a second account administrator:

    Implement a recovery plan for your family

  • neonb
    neonb
    Community Member

    I know that "me too" or "bump" style posts are lame, but I have to voice my support for these concerns.

    The situation that @MONKi1P describes, where the family manager unexpectedly cuts a user off, is not only plausible, it's real and happening as we speak. Much more plausible (and severe) than many threat models that 1Password already has neat mitigations against. Personally I find that "our product only supports happy families :)" is not a satisfying strategy.

    Also, the dev team has clearly already decided that the security of family members' vaults is important, since the family manager can't access them. This security just isn't implemented fully yet, since the family manager can delete them. I can't make you prioritize implementing this, but I do implore you to view this as just completing a feature set that has already been started.

  • ag_ana
    ag_ana
    1Password Alumni

    @neonb:

    I know that "me too" or "bump" style posts are lame, but I have to voice my support for these concerns.

    We actually appreciate that you took the time to voice your thoughts here :)

  • asdlklkj2
    asdlklkj2
    Community Member
    edited March 2021

    Count me as agreeing with the original poster. Families aren't all roses & unicorns. People get angry and do impulsive things, people have nasty breakups. I personally would not use 1Password as a family member since I deem this an unacceptable risk. I regularly export as a backup, but I'm guessing I'm in a very small minority.

  • ag_ana
    ag_ana
    1Password Alumni

    I have passed your feedback to the developers too @asdlklkj2, thank you for sharing your thoughts on this :+1:

  • timestamp
    timestamp
    Community Member

    I'm not certain that this is the right place to post this rather than starting a new thread, but I think it's mostly relevant to this discussion.

    My family and I changed over to 1Password Families from LastPass Families just over a month ago. At that time, my wife accepted the invitation but never logged into her account. Since her invitation was accepted, I set her as a manager as a backup. Yesterday, we finally got around to setting up her vault. Unfortunately, we weren't able to locate her login credentials, and decided that the easiest way to get her setup would be to simply cancel her account (which held no passwords), and send her a new invitation. We went through the cancellation steps and confirmations, only to discover that deleting her account had also inadvertently deleted our entire family account!! I was at her computer while this was happening, and when I returned to mine I found that I had been logged out of all browser tabs, extensions, and the Windows app, and could not log back in because the account had been deleted. I checked my email and saw that I had received some automated messages during the process about the account being deleted, but the only option given in those messages if something had been done inadvertently was to send an email to support. I did that, but even now have not heard back.

    This is nonesense.

    I'm fine with the idea that multiple family managers can each have the ability to delete a family account, but this was not initiated from the settings using the "delete family account" button, it was done from the login screen! Why in the world was this possible? Why did I, as the other manager, not have any opportunity during the process to step in and pause things? Everything from my account and the two others in the plan was all lost.

    Fortunately, since we only left LastPass a month ago, I was able to log back into that service and export things again. I got the family account setup again and the other users all created new accounts. All told, we lost just a handful of logins, an hour or two of time, and a bit of our confidence in this service.

    This morning I got into work, expecting to have to log back into the browser extension, but found that I was still logged in! Not only that, but I could still access all of the vault items from the deleted family account! I quickly went through and grabbed all of the items I could access (except for the private vault items from the other accounts) and saved them to a text file. It's great that I was able to do this, but what in the world is going on?? Why was I able to do this?? As of now, I still have not heard back from customer service.

  • ag_ana
    ag_ana
    1Password Alumni

    @timestamp:

    As of now, I still have not heard back from customer service.

    We can take a look for you. Have you received a ticket number already that you can share with us?

  • timestamp
    timestamp
    Community Member

    No, I sent two messages last night to support@1password.com but have not heard back.

  • ag_ana
    ag_ana
    1Password Alumni

    @timestamp:

    I managed to locate both your messages in the system :+1: Yes, I see now that you emailed us last night, so that would explain why you have not yet gotten an answer yet (we have a few less people online on Sundays). We try to reply to everyone within 24 hours though, so someone should get back to your email soon now :+1: Thank you for your patience!

    ref: JMT-45118-999

  • timestamp
    timestamp
    Community Member

    I appreciate the help, thanks.

    Can you help me understand why I was unable to log into my account after the deletion, and yet one of my browser extensions still has access? I see from one of the cancellation confirmation emails that my account will remain active until the end of the billing period (which would be for another 11 months), but I've been unable to log into my account (except for the browser extension).

  • ag_ana
    ag_ana
    1Password Alumni

    @timestamp:

    Can you help me understand why I was unable to log into my account after the deletion, and yet one of my browser extensions still has access?

    My bet is that you created two 1Password accounts, and deleted one but not the other. For privacy reasons, we cannot check this on the public forum, but we will be able to confirm via email in private :+1:

    I see from one of the cancellation confirmation emails that my account will remain active until the end of the billing period (which would be for another 11 months), but I've been unable to log into my account (except for the browser extension).

    Deleting an account means that you cannot login to it anymore after the deletion, otherwise it would not be deleted. If you cancel the subscription, it will remain active for another 11 months, but if you delete the account, it doesn't only delete the billing, but the account itself.

  • timestamp
    timestamp
    Community Member

    Understood. I'm connected with someone from Support now. Thanks for expediting this!

  • ag_ana
    ag_ana
    1Password Alumni

    You are very welcome @timestamp, I am glad I could help :)

  • Darrylb
    Darrylb
    Community Member
    edited April 2021

    Instead, should just become independent accounts upon the removal from the family (of course with their own billing).

    +1 on this.

    In other threads like this one, you talk about how domestic abuse is not something you take lightly as one of the reasons why you wont implement time-based emergency access for example, yet you seem fine with a family manager having the ability to delete their partner's entire online identity at any time with no means for the partner to object or keep their data. Duplicating the data elsewhere as a backup defeats the security and purpose of having and committing to a central password manager.

    Your marketing for family accounts states:

    Permission granted
    Decide who you share your information with and what they can do with it. Give your loved ones the tools to stay safe online without taking away their independence.

    By allowing a family manager to delete their account you are taking away their independence, and it means they don't have the ability to decide what can be done with their data/information as claimed, since the family manager/s ultimately control access to their loved ones data and can permanently delete it without warning at any time.

  • MatthewDick
    MatthewDick
    Community Member

    I would also pose that families get older they expand and breakaway from the family organizers. In 20 years I don’t want to be paying for my kids password manager but I also don’t want to leave them hanging and they have to start all over again.

  • @MatthewDick

    The best approach (currently) in that kind of situation would be to have them create a new account and sign in to both accounts on the same device and then move their items to the new account. They should not need to start over.

    In 20 years I don’t want to be paying for my kids password manager

    Sadly, my 20 something son refuses to pay for his own. Luckily, I have a few openings on my Family account, and he can continue to use it at no additional cost to me. 🎉 But I totally understand where you are coming from.

  • MatthewDick
    MatthewDick
    Community Member

    I hear ya I hope in 20 years they have their own rugrats 😜

  • soshiito
    soshiito
    Community Member

    There is value in keeping adult children in your membership, especially if they aren't causing you to exceed the five included users. It doesn't cost any less to have two users versus five. You may want to consider using 1Password for digital estate planning, for example.

  • @soshiito

    Exactly, my 20-year-old son is also able to effect an account recovery for my account. I have that hard time with him thinking dad pays for everything. He's gotten better, though. Sadly, now I am walking down the same path with my just turned 18-year-old. I'd be satisfied if he just got a job. But that's a story for another time and place. :lol:

    But yes, it's the same price to keep him on my account. So no harm in keeping him as part of my membership. I foresee him staying on the plan for a long time. I have him saving passwords in 1Password, which is terrific. I fear if he were not part of the family, he would do the unthinkable and use a single password. In my eyes, it's a great investment to allow him to remain in the family. Which will make sure he learns and continues to grow as a young man.

  • Will_
    Will_
    Community Member

    I unfortunately already paid my family membership, but regret it.

    I know I'm late to this thread, but as a recent convert from lastpass, this scenario (a family organizer deleting passwords belonging to another family member) never even crossed my mind as a possibility. Like others earlier on, I completely understand that the creator of the family has the purse strings and can decide who is part of the family, but if another family member has committed their entire digital life to their account, I shouldn't be able to delete their entire identity with the press of a button.

    When they create their own login, it appears as though they "own" the data they're putting into the account. A private vault that only they have access to makes it appear as though they own the data. But they don't.

    Sure, as a responsible FO I should give them the opportunity to export their data before I delete their account, but we have tons of examples of not very responsible, controlling, a**holes in this world that wouldn't and don't do that and would use the delete or suspend as yet another way to control people or otherwise as vengeance against them.

    I will not be renewing and will be looking for an alternative as this doesn't work for our family. Before I would consider coming back, there HAS to be some way for a "deleted" or "suspended" family member to independently export their data after the "deletion" has occurred that does not rely upon the blessing of the Family Organizer.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for taking the time to share this useful feedback with us @Will_, I have sent it to the team for consideration :+1:

    Sorry to see that you decided to leave, but I certainly understand. I hope that the new password manager you find will be able to tick all the boxes for you, and thank you for giving 1Password a try!

  • MONKi1P
    MONKi1P
    Community Member

    @ag_ana I get that there is no magic trick to fix this shortcoming of 1Password but I'd say acknowledging it is not enough. I'd like to see you guys commit to fixing this for all the reasons already mentioned.

  • ag_ana
    ag_ana
    1Password Alumni

    @MONKi1P:

    Should there be any updates from the developers, we will make sure to let you all know. In the meantime, I will continue passing your feedback, I think everything helps :)

  • Tertius3
    Tertius3
    Community Member

    I read this thread and I'd like to add my opinion about the family manager. Just recently, I created and bought a family account for myself and my parents. The idea behind is to be able to help them, because they get old (80+) and it may become necessary to get one or the other login on their behalf if they get ill, or to be able to help if they forget their master password.

    The one thing I'm worried about is the ability of the family manager (my ability) to delete any member account without notice, thus the power to destroy all data of this member account including the private vault. Destroying shared vaults are ok, because you know that everything shared might be removed by the person who shares it. But destroying the private vault isn't good. It's the property of that person. Destroying this must not be possible without the agreement of the owner of that private vault.

    I know there isn't any standalone account where the private vault can go, if the member is deleted. But please find a way to make this happen. It's possible families begin to quarrel, and if the family chose the family manager badly, it's possible he will damage and thwart the meaning of a secure password manager by just destroying the account of some straying family member in anger.

This discussion has been closed.