1Password Families questions - shared vaults, password history

I bought and paid for standalone versions of 1Password (Mac, iOS). Given the hullabaloo around being shoved towards 1Password.com, I am thinking about switching to 1Password Families, since the security concerns for me are about the same as they are now (I use Dropbox and sync vaults with others). I have a few questions about 1Password Families:

  1. If my spouse keeps her own passwords but I "own" the family account, will I be able to see her own private ones? I don't want to, and I want to give her reassurance that what is private to her account stays private while still being able to help her in case something goes wrong.
  2. I have an "Old" vault that keeps old passwords that I no longer use. Right now it remains private to my Mac. I would like to be able to keep that vault but not give anyone access to it (so it wouldn't show up in All Vaults, for example). Can this be done?
  3. I have had multiple instances where I thought I had changed a password on a website, but it didn't take, and some time later I come back and have to dig through my password history to find the old one and use it. Because 1Password doesn't delete old data (for now) this is something I can do. But with the advanced and improved features of 1Password.com, it can only keep 365 days of history. So if I'm interpreting this right, not only would my records of old passwords through the years be deleted upon import, likely only one password would remain in history over time (I hope it doesn't delete passwords that have not been used in one year). Even encrypted, passwords don't take a lot of space, so I would be nowhere near the 1 GB limit with a longer history. (Also - and this may be surprising - but it is also helpful to see password histories.) Can you confirm what will happen with old passwords?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @jduffner,

    Thanks for taking the time to write in with these questions. I'd be happy to help answer them.

    If my spouse keeps her own passwords but I "own" the family account, will I be able to see her own private ones? I don't want to, and I want to give her reassurance that what is private to her account stays private while still being able to help her in case something goes wrong.

    No one can see anyone else's Personal vault. All other vaults are subject to oversight by the Family Organizer(s) (of which multiple are recommended).

    I have an "Old" vault that keeps old passwords that I no longer use. Right now it remains private to my Mac. I would like to be able to keep that vault but not give anyone access to it (so it wouldn't show up in All Vaults, for example). Can this be done?

    You could just leave this vault local and not have it be part of your 1Password.com membership, if you wanted, yes.

    I have had multiple instances where I thought I had changed a password on a website, but it didn't take, and some time later I come back and have to dig through my password history to find the old one and use it. Because 1Password doesn't delete old data (for now) this is something I can do. But with the advanced and improved features of 1Password.com, it can only keep 365 days of history. So if I'm interpreting this right, not only would my records of old passwords through the years be deleted upon import, likely only one password would remain in history over time (I hope it doesn't delete passwords that have not been used in one year). Even encrypted, passwords don't take a lot of space, so I would be nowhere near the 1 GB limit with a longer history. (Also - and this may be surprising - but it is also helpful to see password histories.) Can you confirm what will happen with old passwords?

    The 1 GB limit doesn't apply to 1Password items other than Documents (which is one of the item types).

    Old/unused items are not automatically deleted. Items that you delete can only be recovered for a period of time, and password history is only maintained for a period of time, but actual 1Password items that you do not explicitly delete are not removed automatically.

    I hope that helps. Should you have any other questions or concerns, please feel free to ask.

    Ben

  • Thanks. Your answers to the questions are very helpful. I do believe you confirmed what I asked about with respect to password history. Unfortunately this loss in functionality means that avoiding 1Password.com for now is the best idea until it reaches parity with locally based systems in this regard or until I am otherwise forced to switch.

    In a corporate environment, I can understand the need to be parsimonious with how passwords are saved and issued. However, for individuals and families, quietly deleting passwords, whether old or otherwise, should be the last thing 1Password does. It is a password manager, not a password pruner.

  • FrankFrank

    Team Member

    Hi @jduffner - I'm glad to hear the information helped and we appreciate the feedback. Just to clarify, only when you empty the trash do you have a period of time, as Ben mentioned, to recover the items from the archives. You can read a bit more about item recovery and restoring previous versions here. Let us know if you have any questions and I hope you have a great day!

  • Hi Frank,

    I understand deletion, which is a specific user action. I am saying, if I change a password, and then 1.01 years later come back to find that the password change never really "took" and I need to find the old password, 1Password cannot help me. That information is permanently gone. This has actually happened to me multiple times because websites aren't perfect. It adds little to no data storage to keep that history around (the Mac UI also hides this information well). Put it this way - if I created a second password for the same site using the old password and appended "(old)" to the title name, it would stay forever. But if it's under that site's heading as password history it would be deleted? Doesn't make sense to me.

    Plus, unless I duplicate vaults as a backup, it seems that the service will delete all my older than 1 year password histories as soon as they are imported into 1Password.com. That's also scary.

    Automatic data deletion is anathema to a "vault" concept and I strongly urge you to reconsider this.

  • FrankFrank

    Team Member

    Hi @jduffner - Sorry about that and I appreciate the clarification. Now we're on the same page. :+1: I appreciate the detailed feedback you sent over and I'll make sure to mention our conversation to my team. I apologize for not having a solution for you at the moment and let us know if you have any additional questions or feedback. Have a great rest of your day!

This discussion has been closed.