Delete Family Member - how about members personal vault?

Hello 1password-Team, I have a question in regards to Families - is this still the case that when a family member is removed all his vaults will be dropped as well?
Reason: Passwords are something personal, almost intimate - but downside of that family member ship is - if I have a "fight" with someone from my family the head of family could simply remove his account and all his passwords are lost then. (which is a catastrophe for that person) So is this still the case or will the removed account be left with all his data in a kind of Read only state and only the shared vaults are inaccessible? How is it currently implemented. I love that membership type but I don't feel comfortable to have to much "power" over those important data from another person. Can a "ditched" family member migrate to stand alone single user with his vaults?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @telephoneman2!

    Hello 1password-Team, I have a question in regards to Families - is this still the case that when a family member is removed all his vaults will be dropped as well?

    If you delete the account, all vaults are deleted. In case you don't want to do this, you can also suspend an account instead, and if you want the family member to keep using 1Password afterwards, they need their own account first, so that they can move their data there, before the deletion.

  • but that means the head of family is able to kill the password database of all family members without any need of their approval?

  • ag_anaag_ana

    Team Member

    @telephoneman2:

    If you are the owner of the 1Password Families account yes: as an owner, you created the account and can also delete it, you have admin powers on it. The alternative at the moment would be for every member to use their own separate account if you think this is a risk you don't want to accept.

  • Hello,

    It would be a great idea to dev a feature:
    to maintain individual account (even frozen) after deletion to avoid loss of the user's personal vault

    Can you suggest this to the dev team (I think I'm not the first to suggest that)

  • ag_anaag_ana

    Team Member
    edited May 7

    @OlivierP:

    Can you suggest this to the dev team (I think I'm not the first to suggest that)

    Done :+1:

    ref: dev/projects/customer-feature-requests#552

  • scartwrscartwr
    edited May 10

    This needs to be fixed. For a security software containing a persons deepest secrets, "just trust your family members" is downright irresponsible, and frankly makes me question the judgement of the product designers. Sure, I am sure it is fine a lot of the time, but what about DIVORCE? What about fights between family members (because no families ever have fights)? For some reason I see a lot of defence of this design flaw, saying you shouldn't enter a family plan with people you do not trust. Thanks for the tip. I am sure most people get that. But the situation can change. Really? You are going to base your product design around the assumption that there are NO situations EVER where a family organizer could become spiteful and want to remove another member, destroying all their data!? This might be an edge case, but security is not about saying it is "good enough" and just hope the edge cases don't manifest. Maybe we should get rid of CAPTCHA's because it is probably not a bot too, or secret keys, because it usually fine? Sorry to be snarky, but there has been complaint after complaint about this in many forms over the YEARS and no response. It does not make a good impression to be so sloppy and no address a long standing complaint. What other edge cases don't need to be handled because the product team does not feel like addressing them? It is not like there aren't solutions, like giving the removed user time to switch their 1password account to an individual account...

  • scartwrscartwr
    edited May 10

    I also want to mention, I am saying this because I really like 1password (for the most part), but I hope it can become better. I get really frustrated when I see companies unnecessarily lose customers, because they feel the need to defend their design, instead of listening their customers. Swallow your pride, and fix it please.

  • ag_anaag_ana

    Team Member

    I also want to mention, I am saying this because I really like 1password (for the most part), but I hope it can become better.

    Thank you for taking the time to share your thoughts about this too @scartwr, it's really appreciated! We wouldn't be where we are without feedback such as this, so I have passed it to the developers :+1:

  • Hi, what happens if the Family Organiser (the only organiser in the family), passes away suddenly and the subscription too expires (credit card expired or blocked)?

    1) Would all family members get locked out of shared as well as private vaults
    2) Is there any way where they could renew the account/subscription or retrieve the data immediately
    3) Even if there is an emergency kit available, it may not be useful if the subscription has expired OR it may take several days/months to access it due to
    a) Geographical location issue or
    b) Wills probate and/or transfer of Locker or
    c) Any other reason.
    And till such time the family member is without his/her own private data.

    Some solutions may be obvious but I am a new user currently evaluating the free trial version for families therefore do bear with me :-)

  • ag_anaag_ana

    Team Member

    @ajaxkg:

    If the subscription expires, everyone can still continue accessing their data. Subscription status has no consequences on your data, it will only become read only :+1:

    If your 1Password account is frozen

  • @scartwr this is exactly the point I also had in mind. What if the head of family turns into a bad guy and destroys these important data. The data in the personal vaults MUST remain and kept accessible - its OK to stay in read only and/or offer a oportunity to migrate them to a personal user account. But delete? At least in family its not OK. In any Business team it's fine, then its up to the user to store only the business related data and the boss can decide how long those date are accessible. If the user wants to have "private/personal" data he needs an own account 1password. But family is made to share that membership and here the personal data must be save and not in the hands of the head of family

  • Thanks @ag_ana! This is good news. Is there a time limit for the data being available as read only?

    I am not able to appreciate the logic of removing private vault of family member under any circumstances without giving an option to migrate. It seems this topic has been discussed a lot in other threads too but the concern remains.

    Apart from other reasons already mentioned, I would want to have another member as family organiser for account recovery/legacy features but would not like to do that even if there is a remote possibility of my losing my private vault without even having an option to migrate (assumption here is that appointed family organiser has the option of removing the original family organiser from the family or terminating the account completely).

    And as almost everyone here said, the private vault data of the family member can stay in read only mode along with an opportunity to migrate to a personal account. Why wouldn't 1P want to give that option? Surely it would lead to more subscriptions in the long run rather than losing the disgruntled family member, possibly forever.

  • ag_anaag_ana

    Team Member
    edited May 28

    @ajaxkg:

    This is good news. Is there a time limit for the data being available as read only?

    No limit :+1:

    And thank you both for the feedback! I know there has been discussions on how to improve this, so I have passed your thoughts to the development team :)

    ref: dev/projects/customer-feature-requests#552

  • Hi there! Is the development team considering to change the way of deleting family members? I think every family member - regarding if it's permanently deleted - should still have access to their passwords. Family situations may change in the future, and thus cannot be relying on "admins" only.

  • jack.plattenjack.platten

    Team Member

    Hi @daandv:

    While I don't have anything further to share from our discussions internally about this, I've added your feedback to the issue we have tracking this.

    Thanks!

  • Thanks @jack.platten for your quick response. In that case I unfortunately have to delete some family members from my plan. It's crucial to have access to all your passwords anytime.

  • ag_anaag_ana

    Team Member

    Understood @daandv, we certainly understand. Thank you for the feedback!

  • nice 2 hear, that this discussion is still alive. I'd love upgrade to family and add my parents to family plan (they don't use 1PW yet). But as long as there is a person who has the power to delete the personal vaults without any approval of the family member. No thank you!

  • ag_anaag_ana

    Team Member

    Thank you for the feedback as well @telephoneman2 :+1:

  • Tertius3Tertius3
    edited November 15

    Losing the personal vault is a no-go. It's not the property of the family, it's the property of the owner. The administrator must not be able to destroy this without consent from the owner. It happens that you no longer get along. Someone might even be so angry that he throws someone else out. But even in this case he will throw his belongings out on the street, but he will not destroy them. Convert the login of the thrown out person into a frozen personal account, so his vault is not lost. You are able to destroy the keys to ones internet life with this. It is a huge design flaw that you allow this to happen, and actually a security risk for every family member.

  • BenBen AWS Team

    Team Member

    @Tertius3

    I don't think there is any argument that we'd prefer it to work as you've described if we could go back to the beginning and start from scratch. As it stands, our 1Password Families offering was built off of 1Password Teams, where the concept of the owner of the membership having more control makes more sense. I hope we're able to get to a state where we can improve the outcome here. I know it is something that @roustem is passionate about. I wish I were in a position to promise change, but I am not.

    Ben

  • @roustem Please think about a solution here. Cause this is definitely a "no go" - at least add a time based deletion process 1. Mark user for Deletion (what revokes access to the shared vaults and sets personal vault into Read Only) 2. Send him a notication mail 3. once user is opening his 1password App also inform him about his status and offer to create a new account and migrate on divice to new account 4. after migrate user can confirm delete - if user did not reacted then delete account after 2 months automatically

  • Hi @telephoneman2:

    Thanks for your input here for a possible solution. This is definitely something we're investigating, but as Ben mentioned, we're not in a position to promise any changes.

    Jack

  • I'm in the process of moving to a Family account. My family consists of me (Dad), my wife, my 21-year-old son, and my 24-year-old son. I would be the owner, and my wife would have admin access as a backup. We're a tight family and I can't imagine ever getting to a place where my wife or I would banish anyone in the family. Currently, we all have a standalone license for version 6. Since standalone licenses are going away, I assume that if we ever want to upgrade to version 7 or greater, it will have to be with a subscription. So we either each get an individual subscription or save money with a Family. For us, I'm not worried in the least. For anyone that worries that things could go south, I guess they need to stay away from a Family. I have to agree with @telephoneman 's suggestions. It seems like a no-brainer for AgileBits to make this enhancement. No one should ever lose their private passwords, etc.

  • @ajahn sure I can’t imagine this either. But I know people they were a a dream couple like in a movie. Everyone was happy to see their life, But after years he felt in love with another women and them his wife turned suddenly into a really bad revengeful witch oh dear she was a monster to him. If she could delete his passwords she would have done it without a minute thinking about it. So things might change … and in a digital world like today those passwords are essential for life. And no one else than the owner itself should have the power to destroy those data with a simple swipe.

  • And no one else than the owner itself should have the power to destroy those data with a simple swipe.

    I can see why she was angry. I agree, you never know what the future holds.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file