I'm not sure I see the problem with private vaults in a setup like yours (and mine) where you (and I) provide tech support for elderly family members.
I simply created additional non-private vaults which are intended for use as the main storage vaults for my family members and to which I can add myself when support is needed. Anything a family member wishes to store in their private I consider unsupported. If they run into a problem with a given private login and wish my help, they must first move the problem entry to their main, shareable vault where I can then access it and work with them to clear up the problem. Once that's done, they can either move the corrected entry from the shareable vault back to their private one, or (preferably) leave it in the shareable vault where it will be accessible by me when and if they need my help again. Works for my family, hope it does for yours as well.
@williakz I'm not sure if I understand your point correctly. As a family manager you don't have access to the private vaults of other family member, so it makes sense that they have to move items to shared vaults if they want to ask you for technical support regarding specific items. But it doesn't stop you from just deleting the whole account of other members including all their private items, which is the main concern of this thread.
In my opinion, it's quite obvious that the current solution is flawed, at least I cannot think of any pros that the huge amount of power in the hands of a family manager brings to the shared account, and – if I haven't misinterpreted any of the previous responses – all of the team members agreed with the expressed concerns.
I would assume that the "Families Plan" is just a rebranded "Business account", at least from a technical perspective. In a business context the idea of "If you leave the company, you'll loose all your company-related passwords and sensitive data" makes much more sense, hence the admin should have more power than parents in the context of a family (or even a child if it's the tech-savvy person in the family who started the account).
I would love to know what the ratio of family accounts to individual accounts is. As long as it's just a small fraction, and probably even a smaller fraction of family admins who are aware of that problem, there is not much incentive to implement these new features in the near future.
I suspect the 1Password Families product is primarily used by spouses (where each presumably carries FO status and should be capable of protecting their own interests in the event of relationship issues).
After that, parent/child configurations with parent(s) in charge (single FO). I can see where parents might really have a problem with private vaults accessible ONLY by their minor children and children with the shared accounts accessible by all family members.
Finally, parent/child configurations with child (tech support role) in charge (single FO). Again, since those performing tech support are presumably responsible individuals serving the interests of their family members, I don't really see where or why abuse in the nature you have described is likely here.
It's really only the middle case, where parents and their minor children become estranged (teenagers!) that presents the problem scenario. I agree that 1Password should have a mechanism whereby young adults can spin off their erstwhile family account into individual accounts (and hopefully someday a family account of their own).
@williakz I agree, that there are many different possible family structures we could think of (maybe even more than three), and that it would maybe make sense to implement a whole system with different roles and permissions (account owner, family organizer, adult, child, minor, etc.) than just the current binary solution (family organizer and family member). But then you are asking for additional features, and IMO we should be careful to not mix different topics here. To my understanding most people in this thread haven't been asking for more features but rather the solution of a fundamental flaw, the possible misuse of power, i.e. the deletion of whole accounts with all their included secret data.
I think, the rather straight forward solution of splitting off accounts instead of deleting them should be fixed before we start talking about additional features that could be built on top of the current account.
Besides, I don't agree that it's just your middle case, where parents and their minor children become estranged, that presents the problem scenario. We can consider ourselves very lucky if we never experienced domestic violence within our families, but – sadly – it's a very real problem. I think we need a solution that prevents misuse by design, not one that is built on trust, especially in the context of passwords and private data.
I can just speak for myself here:
Do my parents trust me and are not worried that, in the current situation, I have the power of deleting their accounts? Yes.
Do I want to have the power to delete their accounts and by doing so preventing them from accessing their online banking (even though it's just temporary as they could reach out to their bank)? Most certainly not.
All good points, and well taken. Hopefully, some of this is sinking in with the folks setting direction for 1Password product development. My concern is that the main effort will be devoted to high-revenue business products rather than perfecting lower return individual and family products.
All good points, and well taken.
All good points, and well taken.
Thanks for the positive feedback. In anonymous discussions on the internet there's always the risk that debates go the other way and get very heated-up =)
I share your concern, I guess a few family organizers with their concerns are not on the top end of the priority list... but I can't blame 1Password, I'd probably set priorities similarly, in the end it's important to generate income if you want to survive in a competitive market.
Fingers crossed that the dev team will find a few free hours/days to solve the issue eventually.
The good news is that, as I understand it, 1Password Families is supplied gratis along with the business product. Thus, employees "forced" to use the business product will likely discover significant benefit in using the Family product for their personal secure information needs. Some significant portion of them will, upon leaving that employer, choose to continue to use (and pay for) 1Password Families. Between current and former employees using the Family product, hopefully the user base for the 1Password Families is large and growing, thereby increasing the odds of successfully claiming development resources to effect some of the improvements we've been discussing here.
Indeed; 1Password Business includes a 1Password Families membership for each Team Member.
As a point of brainstorming: perhaps offering a similar thing whereby 1Password Families members could have a separate individual membership would be a workable solution. I don't claim to know how feasible that would be to implement, but I think perhaps it would alleviate some of the concerns raised here. On the other hand... it seems like a fairly complex solution to implement when working with less technically inclined folks. I wonder how many would actually take advantage of this.
I guess the difficulty for 1Password is that they are taking a scheme designed for teams and adapting it to families. A team manager needs to have the right to delete a team members account, including their private vault, because the contents of that account are company assets. The same is not true of families.
Would it be possible to have a half-way house whereby an individual's account is frozen after being removed from the family? It would still be part of the family in terms of key management, but the individual would not have access to shared vaults. Ideally they would still be able to ask the family organiser to recover the account and regain full access, but this is not essential.
I think that a solution involving separate individual accounts, whether frozen or not, would indeed be a nice one. As Ben said, we don't know how feasible this would be, but it's certainly a direction we can investigate