Feature Request: Require re-authentication before performing vault/account management functions
I would like 1Password to require--or at least provide the option to require--that a user re-authenticate (or have authenticated within some recent period of time) before performing certain vault management / admin functions (whether via the desktop app, browser extension, the mobile app, or on 1Password.com).
Some of those vault management / admin functions include:
Managing Vaults, especially
- Deleting vaults
- Changing sharing/permission settings on vaults
Permanently deleting items (i.e., deleting them from Recently Deleted)
- Managing Two-Factor Authentication
- Changing e-mail address
- Changing password (done!)
- Exporting data (done!) -- I note that 1Password on Windows requires users to re-enter their account password before performing the Export Data function. So the concept of re-authenticating already exists.
- Turning on Travel Mode
- Managing People (including Begin Recovery, Suspend, or Delete)
- Managing Invitations
- Managing Groups
- Managing Integrations
- Managing Security (1password.com/security)
- Changing Sign-in Address
- Permanently Deleting Account (I note that for my 1Password Family account, I am able to click the big red Permanently Delete Family Account button, but without knowing what happens next, I haven't actually tried clicking it. For our 1Password Business account, the Permanently Delete Account and All Team Members button is greyed out and there is a message about contacting the 1Password Account Management team.)
Other online platforms behave in this manner. For example, if I login to my Google account, I can then immediately go to my account settings and make changes to 2-Step Verification. However, if I have been logged in for a while (not sure what the time period is), even though I can still perform pretty much all functions in my Google account, Google prompts me to re-authenticate before I can access my 2-Step Verification settings.
I completely get that someone with access to my device in an unlocked state could install malware and someone with access to my unlocked device while 1Password was unlocked could do all sorts of bad stuff. But certain types of changes are worse than others. Being able to view/copy/change my passwords saved in 1Password would be bad (as would installing malware to steal session cookies or log keystrokes or record my screen). But there are, at least, other lines of defense for some of those things. For example, even if someone copied my password for my Google account from my unlocked 1Password app, my Google account still could not be accessed without my FIDO hardware security key. If someone gained access to one of my unlocked devices where I was not an admin user, that person would have fewer options for installing malware, and even if that person did install malware, hopefully our anti-malware solutions would kick in to stop it. Plus, it requires a higher level of sophistication to install malware undetected than to perform a few clicks to, for example, permanently delete a vault or give another user access to a shared vault. (For example, it wouldn't be too hard for an employee sitting close to a colleague who is an admin for the company's 1Password account to notice when that person steps away from the desk and quickly add another user to one of the company's shared vaults.)
Basically, any functions that involve:
1. Permanently deleting items, vaults, or entire accounts, or
2. Managing people or changing who has permissions with respect to vaults (including making changes to Groups), or
3. Changing access controls (e.g., changing sign-in address, changing e-mail address, managing 2FA, managing firewall rules, etc.)
should require that the user attempting to perform the function either have recently authenticated or re-authenticate to perform that function.
1Password Version: 8.10.0
Extension Version: 2.7.0
OS Version: Not Provided
Browser:_ Not Provided