Interaction between default Shared vault and item history

Mersdala

I'm testing out a trial of the Families product, and I'm trying to understand how the default Shared vault interacts with item history.

It seems to me from the documentation that if anything is ever accidentially added to the Shared vault that needs to be kept private from some family members, the combination of the 'special' status of the Shared vault and item history is a bit of a footgun.

Item history is stored for a year, everyone with Read/Write access can restore an item, and everyone gets Read/Write access to the Shared vault. There's no way to clear item history. So, there's no way to prevent other members from seeing it short of killing the entire vault and starting again. (From looking at other forum posts, there's no way to recreate the 'special' status of the Shared vault, so if we particularly needed that, we'd have to kill the entire account and start from scratch -- which seems completely crazy to me!)

To put this in context, I have a family with two adults and two tech-savvy young teenagers. We'd like to store credit cards in a vault shared between the adults, but not let the teens have access. We have an additional vault, shared between the two of us for this purpose, but the default Shared vault still shows in the UI with a tempting name.

If my partner or I ever mis-click and store these items in the Shared vault, they'll be available in the item history for a year. I think this will also apply if we add other family members later on -- we can never prevent them from viewing items previously in the Shared vault until a year has passed.

Am I missing something here? The Teams product has the granularity for this, but "some things should be kept secret from the kids, even if we mis-click in the UI" seems like something we shouldn't have to pay 2x the price for.

Frank

Hi @Mersdala - Thank you for sending over some detailed feedback :-) Yes, 1Password Families does not have to same type of permission controls in place as compared to 1Password Teams. Have you considered inviting your children over as Guests? Guest accounts have all the same benefits of a regular family member - all the apps, web access, and auto-sync. The main difference, guests only have access to one Shared vault at a time. You could create a specific Shared vault to give your children access to so they won't be able to access any other vaults within the account. With Families, 5 guest accounts are included. I use this currently for my Dad so I have more control over what is in his Shared vault since he doesn't have a Personal vault. Not too sure this will work for your use case but I thought it might. You can read a little more about Guest accounts here - https://support.1password.com/guests/

I don't have a better answer to your questions about the special Shared vault that you start with when you create a Families account. We are looking into additional improvements and your feedback is greatly appreciated. I will make sure to share with my team and again thank you for taking the time to share your experience with us. Let us know if you have any additional questions. Enjoy the rest of your day!

Mersdala

The limitations on Guest accounts make that pretty infeasible: we'd like the kids to have their own Personal vaults, to be able to share things between each other, and to have access to items intentionally shared with everyone. We just don't want to accidentally over-share and be unable to fix it.

Another footgun aspect of the current design: emptying the Trash on the Shared vault in the current version of the Mac app gives the message:

"Are you sure you want to permanently remove all items in the Trash? 1 item(s) will be permanently destroyed. You cannot undo this action."

This is wildly misleading as, in fact, every non-guest member of the account, including future members, can continue to access the "deleted" item for a year.

For someone who hasn't dug through the documentation or poked around the web app, this is starting to edge on information disclosure vulnerability territory. I don't think a new user would expect, on encountering that message, to find that other people could read the information that they were told was "permanently destroyed" when adding them to the account weeks or months later.

Ben

Hi @Mersdala,

Thanks for the feedback. You've definitely made some interesting points, and those are things we can pass along to our development team to see if/how they can improve for the future. However, that doesn't help for the short term. :)

For the short term I have two ideas that may be more practical than having the kids be guests (which admittedly isn't really what guests were designed for):

1. You can rename the Shared vault. I've renamed mine "Family Shared" to make it more clear. "Everyone Shared" or similar might also work for you. Or
2. The only thing that is unique about the default Shared vault is that it is shared with each individual when they join the account. Unless you foresee your family growing rapidly or significantly this may not be much of a concern. You could do away with it and create a different vault that serves your purposes.

There is always going to be granularity available to Teams that is not available in Families -- that is one of the main differentiators between the two offerings.

I hope that helps for the more immediate future. Should you have any other questions or concerns, please feel free to ask.

Ben