Family member was removed in web interface unintentionally. Is recovery possible?

So today I learned that you need to 'confirm' people that you've invited. And if you "reject" them after they have been using it for a long time, maybe you are screwed.

Yesterday I went to my family interface to check something and noticed one of my family never used their account. So I selected their account and said "reject". Unfortunately for my dumb self, 'unconfirmed' does not mean they never signed up, it just means I never confirmed it.

That also means, when I selected reject, there was no way in the interface to recover their account. Normally you would need to suspend an account before removing it. Here there was

**Is it possible to recover his account? If not, is it possible to find a local copy of his data on one of his devices and use that to restore? He uses the firefox extension and android app only.
**

Secondly, if someone from 1password is reading this, is it possible to get 1password add a ticket to their backlog to fix this UX issue? I don't want anyone else losing data like this. A simple confirmation box with a message like, "if this user is using their account, all passwords and data will be lost" should be sufficient.

Thank you.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @PersonalPat!

    We will be happy to help you with this. To avoid sharing your account information here, can you send us an email to [email protected] from your account's registered email address so we can continue the conversation there?

    After you have sent the email, please feel free to post the ticket number you received so we can locate your message and connect it with this forum discussion.

    Looking forward to your message!

  • williakzwilliakz
    edited August 6

    @PersonalPat, please post back with the resolution to this issue. If it was resolved favorably, that will give some degree of assurance to others in a similar situation. If not, it should serve as a warning to others to beware in this area of the UX. Best wishes for you and your data.

  • Unfavorable resolution. Only fixable if we had a backup of the data, which we did not. Otherwise, as soon as you click "reject", the data is gone.

  • @PersonalPat, thank you very much for posting back. Too bad about your family member's "secure" data, I hope it's quickly re-established and properly protected this time around.

    @ag_ana, please forward @PersonalPat's case and prior request for UX modification (along with my recommendation for same) to your development team.

  • ag_anaag_ana

    Team Member

    @williakz:

    Done :+1:

    ref: dev/b5/b5#10900

  • This entire flow is exactly what concerns me about 1Pass family plans. Why and how can a single family member unilaterally delete another members data? I might be able to consent to this if it's a parent/child relationship, although even that has a bit of a bad smell to it. But when two consenting adults are part of the family, why should one be able to control the other in that way?

    I love the 1pass interface and ease of use, but this issue is what made me cancel my family plan and go to other options. One member of the family shouldn't have this much control.

  • ag_anaag_ana

    Team Member

    @Will_:

    I love the 1pass interface and ease of use, but this issue is what made me cancel my family plan and go to other options. One member of the family shouldn't have this much control.

    Sorry to hear this, but I absolutely understand, and we appreciate the candid feedback! I have also already passed your feedback to the developers too :+1:

    ref: dev/projects/customer-feature-requests#552

  • I'm not in this situation but am interested about how it works. Why isn't the OP's data recoverable? I thought that all user data was backed up in the cloud multiple times, even if it was deleted....

  • @occamsrazor, I think you're about to learn something very unsettling regarding cloud-based backup. I know I did.

  • ag_anaag_ana

    Team Member

    @occamsrazor:

    Thank you for the question! I have sent it directly to the team, we will post back here when we hear back :+1:

  • ag_anaag_ana

    Team Member
    edited August 16

    @williakz:

    What unsettling thing are you referring to? It would be great if you could elaborate and share your knowledge with the community. Thank you!

  • @ag_ana, beyond the fact that 1Password tech support evidently is unfamiliar with the 1Password's cloud-based backup/restore procedure?

    Simple. I consider Apple's macOS Time Machine backup/restore system the gold standard. Missing something today? Know you had it last month? Just fire up the way back machine on your Mac and set it to a month ago, restore the missing item, then step out of the wayback machine back into the present with your missing item perfectly restored. Let's just see how what the team has to say about "all that (1Password) user data backed up in the cloud multiple times" compares to Time Machine.

  • ag_anaag_ana

    Team Member

    @williakz:

    Thank you for sharing!

    I consider Apple's macOS Time Machine backup/restore system the gold standard. Missing something today? Know you had it last month? Just fire up the way back machine on your Mac and set it to a month ago, restore the missing item, then step out of the wayback machine back into the present with your missing item perfectly restored.

    This sounds exactly like the way the Item History feature on 1Password.com works:

    View and restore previous versions of items

    You can go back to a month ago (as in your example), choose the item version you wish to restore, and then jump back to the present with your missing item restored :+1:

  • Very cool! Thanks, @ag_ana! I knew about password history, but not about item history within vaults. I've also been a bit hesitant to get into the whole delete/archive thing until the dust settles from the recent and (promised) future changes in how things are dealt with and/or (re-)named.

    I do have a question, though: it seems it would be best for users, as a rule, to never "Destroy" (love that!) anything since archived/recently deleted stuff can be restored if needed. Similarly, things that have been modified carry their own history (of unlimited duration) and can always be restored unless they've been deleted then either time out after one year or are actively destroyed. What state SHOULD things be left in such that the maximum protection for user data and its history is maintained?

  • ag_anaag_ana

    Team Member

    @williakz:

    What state SHOULD things be left in such that the maximum protection for user data and its history is maintained?

    The safest would be leaving items in archive state, because they can only be removed by the user, and they never "expire" (while deleted items are only recoverable up to a certain amount of time).

    The item versioning applies to items in the Archive or in any other vault, so that feature is always there.

  • Thanks, @ag_ana. Once the final Archive/Delete configuration is settled on (is that going to be in 1Password 8?), I'll go through and clean up my various versionings.

  • ag_anaag_ana

    Team Member

    Understood @williakz. And while tech support is not involved in product decisions such as this one, I would imagine it will be settled in 1Password 8, yes.

  • @ag_ana - Any update on this? The argument we hear about why there is no need for 1P to allow local backups is always that everything is backed up multiple times and recoverable in the cloud. Here we have an example of a bunch of data belonging to a family member that was in the cloud and is now apparently unrecoverable... or have I misread some of the previous replies? It would be nice to understand why it isn't, and what other situations there might be that can cause unrecoverable data....

  • ag_anaag_ana

    Team Member
    edited August 20

    @occamsrazor:

    I have not heard back on this, I will try to follow up again. What I have gathered so far is that there is no security reason why this cannot work, just that the UX has not been implemented yet.

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file