Delete Family Member - how about members personal vault?
Hello 1password-Team, I have a question in regards to Families - is this still the case that when a family member is removed all his vaults will be dropped as well?
Reason: Passwords are something personal, almost intimate - but downside of that family member ship is - if I have a "fight" with someone from my family the head of family could simply remove his account and all his passwords are lost then. (which is a catastrophe for that person) So is this still the case or will the removed account be left with all his data in a kind of Read only state and only the shared vaults are inaccessible? How is it currently implemented. I love that membership type but I don't feel comfortable to have to much "power" over those important data from another person. Can a "ditched" family member migrate to stand alone single user with his vaults?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @telephoneman2!
Hello 1password-Team, I have a question in regards to Families - is this still the case that when a family member is removed all his vaults will be dropped as well?
If you delete the account, all vaults are deleted. In case you don't want to do this, you can also suspend an account instead, and if you want the family member to keep using 1Password afterwards, they need their own account first, so that they can move their data there, before the deletion.
0 -
but that means the head of family is able to kill the password database of all family members without any need of their approval?
0 -
If you are the owner of the 1Password Families account yes: as an owner, you created the account and can also delete it, you have admin powers on it. The alternative at the moment would be for every member to use their own separate account if you think this is a risk you don't want to accept.
0 -
This content has been removed.
-
This needs to be fixed. For a security software containing a persons deepest secrets, "just trust your family members" is downright irresponsible, and frankly makes me question the judgement of the product designers. Sure, I am sure it is fine a lot of the time, but what about DIVORCE? What about fights between family members (because no families ever have fights)? For some reason I see a lot of defence of this design flaw, saying you shouldn't enter a family plan with people you do not trust. Thanks for the tip. I am sure most people get that. But the situation can change. Really? You are going to base your product design around the assumption that there are NO situations EVER where a family organizer could become spiteful and want to remove another member, destroying all their data!? This might be an edge case, but security is not about saying it is "good enough" and just hope the edge cases don't manifest. Maybe we should get rid of CAPTCHA's because it is probably not a bot too, or secret keys, because it usually fine? Sorry to be snarky, but there has been complaint after complaint about this in many forms over the YEARS and no response. It does not make a good impression to be so sloppy and no address a long standing complaint. What other edge cases don't need to be handled because the product team does not feel like addressing them? It is not like there aren't solutions, like giving the removed user time to switch their 1password account to an individual account...
0 -
I also want to mention, I am saying this because I really like 1password (for the most part), but I hope it can become better. I get really frustrated when I see companies unnecessarily lose customers, because they feel the need to defend their design, instead of listening their customers. Swallow your pride, and fix it please.
0 -
I also want to mention, I am saying this because I really like 1password (for the most part), but I hope it can become better.
Thank you for taking the time to share your thoughts about this too @scartwr, it's really appreciated! We wouldn't be where we are without feedback such as this, so I have passed it to the developers :+1:
0 -
Hi, what happens if the Family Organiser (the only organiser in the family), passes away suddenly and the subscription too expires (credit card expired or blocked)?
1) Would all family members get locked out of shared as well as private vaults
2) Is there any way where they could renew the account/subscription or retrieve the data immediately
3) Even if there is an emergency kit available, it may not be useful if the subscription has expired OR it may take several days/months to access it due to
a) Geographical location issue or
b) Wills probate and/or transfer of Locker or
c) Any other reason.
And till such time the family member is without his/her own private data.Some solutions may be obvious but I am a new user currently evaluating the free trial version for families therefore do bear with me :-)
0 -
If the subscription expires, everyone can still continue accessing their data. Subscription status has no consequences on your data, it will only become read only :+1:
If your 1Password account is frozen
0 -
@scartwr this is exactly the point I also had in mind. What if the head of family turns into a bad guy and destroys these important data. The data in the personal vaults MUST remain and kept accessible - its OK to stay in read only and/or offer a oportunity to migrate them to a personal user account. But delete? At least in family its not OK. In any Business team it's fine, then its up to the user to store only the business related data and the boss can decide how long those date are accessible. If the user wants to have "private/personal" data he needs an own account 1password. But family is made to share that membership and here the personal data must be save and not in the hands of the head of family
0 -
Thanks @ag_ana! This is good news. Is there a time limit for the data being available as read only?
I am not able to appreciate the logic of removing private vault of family member under any circumstances without giving an option to migrate. It seems this topic has been discussed a lot in other threads too but the concern remains.
Apart from other reasons already mentioned, I would want to have another member as family organiser for account recovery/legacy features but would not like to do that even if there is a remote possibility of my losing my private vault without even having an option to migrate (assumption here is that appointed family organiser has the option of removing the original family organiser from the family or terminating the account completely).
And as almost everyone here said, the private vault data of the family member can stay in read only mode along with an opportunity to migrate to a personal account. Why wouldn't 1P want to give that option? Surely it would lead to more subscriptions in the long run rather than losing the disgruntled family member, possibly forever.
0 -
This is good news. Is there a time limit for the data being available as read only?
No limit :+1:
And thank you both for the feedback! I know there has been discussions on how to improve this, so I have passed your thoughts to the development team :)
ref: dev/projects/customer-feature-requests#552
0 -
Hi there! Is the development team considering to change the way of deleting family members? I think every family member - regarding if it's permanently deleted - should still have access to their passwords. Family situations may change in the future, and thus cannot be relying on "admins" only.
0 -
nice 2 hear, that this discussion is still alive. I'd love upgrade to family and add my parents to family plan (they don't use 1PW yet). But as long as there is a person who has the power to delete the personal vaults without any approval of the family member. No thank you!
0 -
Thank you for the feedback as well @telephoneman2 :+1:
0 -
Losing the personal vault is a no-go. It's not the property of the family, it's the property of the owner. The administrator must not be able to destroy this without consent from the owner. It happens that you no longer get along. Someone might even be so angry that he throws someone else out. But even in this case he will throw his belongings out on the street, but he will not destroy them. Convert the login of the thrown out person into a frozen personal account, so his vault is not lost. You are able to destroy the keys to ones internet life with this. It is a huge design flaw that you allow this to happen, and actually a security risk for every family member.
0 -
I don't think there is any argument that we'd prefer it to work as you've described if we could go back to the beginning and start from scratch. As it stands, our 1Password Families offering was built off of 1Password Teams, where the concept of the owner of the membership having more control makes more sense. I hope we're able to get to a state where we can improve the outcome here. I know it is something that @roustem is passionate about. I wish I were in a position to promise change, but I am not.
Ben
0 -
@roustem Please think about a solution here. Cause this is definitely a "no go" - at least add a time based deletion process 1. Mark user for Deletion (what revokes access to the shared vaults and sets personal vault into Read Only) 2. Send him a notication mail 3. once user is opening his 1password App also inform him about his status and offer to create a new account and migrate on divice to new account 4. after migrate user can confirm delete - if user did not reacted then delete account after 2 months automatically
0 -
Hi @telephoneman2:
Thanks for your input here for a possible solution. This is definitely something we're investigating, but as Ben mentioned, we're not in a position to promise any changes.
Jack
0 -
I'm in the process of moving to a Family account. My family consists of me (Dad), my wife, my 21-year-old son, and my 24-year-old son. I would be the owner, and my wife would have admin access as a backup. We're a tight family and I can't imagine ever getting to a place where my wife or I would banish anyone in the family. Currently, we all have a standalone license for version 6. Since standalone licenses are going away, I assume that if we ever want to upgrade to version 7 or greater, it will have to be with a subscription. So we either each get an individual subscription or save money with a Family. For us, I'm not worried in the least. For anyone that worries that things could go south, I guess they need to stay away from a Family. I have to agree with @telephoneman 's suggestions. It seems like a no-brainer for AgileBits to make this enhancement. No one should ever lose their private passwords, etc.
0 -
@ajahn sure I can’t imagine this either. But I know people they were a a dream couple like in a movie. Everyone was happy to see their life, But after years he felt in love with another women and them his wife turned suddenly into a really bad revengeful witch oh dear she was a monster to him. If she could delete his passwords she would have done it without a minute thinking about it. So things might change … and in a digital world like today those passwords are essential for life. And no one else than the owner itself should have the power to destroy those data with a simple swipe.
0 -
And no one else than the owner itself should have the power to destroy those data with a simple swipe.
I can see why she was angry. I agree, you never know what the future holds.
0 -
Hi, I was a former IT manager & also previously responsible for legal issues in IT.
I now have just started a 1PW Family account, and I can see the point other commenters have made. Corporate passwords belong to the company. Private password data belongs to the family member. The family organiser should never be able to delete a family member's private data. This is a key difference between corporate data and personal data. I'm glad to see that the 1PW team understand the difference, but I'm not sure that the 1PW team fully understand the possible legal liability.
When a family organiser removes a member, by deleting their private vault they are destroying the person's private property - potentially an illegal act in many countries if done without the person's consent. The difference between this and deleting say, a Roblox account, is that that person's private vault may well contain all the person's bank access passwords, pension access passwords, investment access passwords and so on. Deleting this is likely to cause the person significant financial trouble - payments may be missed and so on. If these payments are things like car payments, mortgage payments etc, it could lead to loss of car, house, and worse.
So in short, removing a family member's account could lead to severe financial and legal consequences both for the person doing the deleting (if they did it without thinking or as an act of revenge) and for the person being deleted, and it could also seriously affect the rest of the family (loss of car, house, impact on childcare, children and other dependents, inability to access bank, legal entanglements, divorce issues etc).
The family member removal dialogue in no way points out the seriousness and potential consequences of this action. I would urge you to speak to your Canadian and EU legal teams about this issue, and show them this post. In the EU alone, this would be in breach of a person's right to enjoy their property. In all fairness, you are not responsible for the consequences of what a family organiser may choose to do. However I would say you have a clear legal responsibility to at least point out the possible consequences to someone taking this action.
Another potential legal liability for you as a company: it is not fully clear to family members who join a family group that their private data could be destroyed at any time by the family organiser. Neither are the potential consequences of losing access to bank info, pension info, investment info etc. Your wording around private vaults says, correctly, that family organisers cannot access them. BUT that wording gives the impression to new members that family organisers cannot delete family members' private vaults. This is incorrect and you are in legal danger here.
IT being (unfortunately) what it is, it is likely that the majority of family organisers (in families with children) are male, with their female partners having more responsibility / involvement in care of their children / disabled family members. In this situation, if the organiser removes their partner after a dispute etc, the partner's loss of access to their finances could have severe impact on their children / disabled family members. I mention this to raise your awareness that under EU legislation, you have a duty to consider impact on vulnerable people.
The best way of legally shielding yourself - and protecting your customers and their children / dependents - seems to be to put in place a means of ensuring that a family member's private data is not deleted if a family organiser removes them. It could be as simple as a script to set up a new read-only account for the family member & copy across their private data before deleting the account.
We are coming up to Xmas, which is the time of greatest risk for family breakdown - especially under pandemic / lockdown. Please take urgent action on this. Please consult with your legal teams on the risks I have outlined.
0 -
@RedTomato - thanks for the thoughtful treatment and analysis of these issues, it's appreciated and the points are well-taken.
0