Random items gets favourited and unfavourited in shared vault
I am a member of a few shared vaults across our company, and occasionality items I have favourited become unfavourited and others become favourited. I cannot see any pattern here, but it is irritating.
1Password Version: 8.9.10
Extension Version: 2.5.1
OS Version: Mac OS 12.6.1
Browser:_ Firefox
Comments
-
Hello @nciiis,
Thanks for asking about favorites in 1Password, and I can see why it may be frustrating that they keep changing on you. Favorite items are currently shared by the entire account, so anyone with access to a vault can make an item favorite, or remove favorite status from any item. We have a feature request to change this behavior, and I'll be sure to add your voice to it. With that said, I don't have any information about if, or when, the feature could be implemented.
Let me know if you have any questions.
ref: IDEA-I-104
0 -
Favorite items are currently shared by the entire account
I'm the only one with access to my account. The policy is very clear about not sharing the account or password.
0 -
When we say Account in this context, we mean the entire business account, of which you are one User. Scott means that if another User on the Account marks an item as a Favorite in a vault you both share, you'll see that too. Hope that clarifies that, but let us know if you have any questions.
0 -
I don't understand the motivation here, why even do like that from the beginning? I cannot imagine a use case where the current behavour is warranted.
0 -
Hi @nciiis,
We get some mixed feedback about shared favorites. While I see where you are coming from about your personal favorites, I know some teams also like the ability to set favorites so important items within a vault are more easily surfaced for everyone. Thank you for sharing your thinking on this. It's very helpful for us to consider while planning the future of 1Password.
0 -
Care to explain a single instance where that would be of any benefit or more benefit compared to the logical way of using favourites/bookmarks? If everything is a favourite, then nothing is a favourite!
0 -
Hi @nciiis,
Sure thing. I actually make use of the shared favorites in my personal family account. Some of my family members aren't very tech savvy and aren't fantastic at searching through the 100 or so items in our shared vault, so I've marked Netflix, our bank, and a few other items as favorites so they can more easily find them.
While I can't get into specifics, the shared favorites were also useful when I started here at 1Password and was able to find some of the more critical items in our shared vaults before I even knew to look for them.
I hope this information helps. Be sure to let me know if you have any further questions!
Cheers.
0 -
Thank you.
Unfortunately this "everything is a favourite because everyone has favourites" behaviour has already caused security breach (leaked credentials) at our org. Hope this can be better documented and made clearer for our members who are not very tech savvy.
0 -
Hello @nciiis,
I'm sorry to hear that, however the favorite status of an item has no impact on it's permissions. Only those with permissions to access a vault are able to access the items within it, regardless of the favorite status of any given item.
If you feel there has been a breach of security within your account, please email support@1password.com so our team can discuss your case with you, and potentially discuss private details that shouldn't be shared publicly on our community forums.
I'll be sure to pass along your feedback about better documenting how favorites work.
Have a good weekend.
0 -
This is how it happened:
- Someone at 1Password was asinine enough to decide to stop matching exact domains, causing huge lists in the autocomplete lists when logging in to subdomains. E.g. customera.ourcompany.com and customerb.ourcompany.com and so on.
- A user set their common passwords for their subdomain. Thinking it was a personal item, because who the f would not think so?
- Another user thought that did not want the favourite to show up in their feed, because that is what normal people think, they then removed the favourite and favourited what they needed to get their work done.
- The first user attempted to log in with the favourited item, thinking that it was theirs (1Password changes the order of items depending on favourite status) the first choice and they had not done anything to their favourites.
This caused sensitive credentials for Customer A to be sent to Customer B with significant spill-over effects in forms of audits and global password resets.
0 -
Hi @nciiis,
Thanks for sharing this scenario with us. While I'll share these details with the team, it would be best to continue any discussion specific to an account over email. Our community forum is a public space where anyone can read our conversation, so we aren't able to get into specifics here.
If you have anything else to add, please email support@1password.com and include a link to this page.
Thank you,
0 -
While I can appreciate how the 1Password team has highlighted a scenario under which the current favorites behavior is useful, it's just not how "favorites" are normally interpreted by normal users. The scenario outlined by ScottS1P is more akin to what under other systems might be called a pinned item where favorites are generally more personal in nature. As I've pointed out myself in other forum posts, this favorites flaw has been known for many years now and deserves some serious attention.
0
