Able to revoke yourself from your own non-default vault
I found something very dangerous on the web version of 1Password, that is, you can remove yourself from your own vault if you’re in personal membership. And seems like you can’t restore that vault once you’ve done this.
Reproduce this is simple:
Choose a vault that is not your default Personal vault
Click the Manage button
Click Manage
Uncheck yourself
Or,
Click the gear icon after your name
Click “Remove from vault”
I don’t know if this is a bug or this is just by design you guys chose to do this. But this is so dangerous from a user’s perspective. It doesn’t like Delete Vault, and I guess that vault is never deleted!
If there’s no way I can restore that vault, is that vault removed from your server? Every vault has a unique id as far as I learned from the URL. So is that vault still safe? There’s data in it!
Thanks!
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 10.13 Beta (17A344b)
Sync Type: Personal membership
Comments
-
Hi @claysang - Thank you for sharing this with us. I appreciate the steps you provided to reproduce the issue and I'll make sure to pass this information along to my team. I agree with an Individual account, there is no need for the 'manage' button to be there. We'll see what we can do and thank you again for sending this over to us, very much appreciated :smile:
ref: b5-3068
0
