Security issue: Prevent accidental moving of items between vaults

1Adrian
1Adrian
Community Member
edited September 2021 in Mac

Hi guys,

we just started using 1Password and created a vault for every category we had before, since 1Password doesn't offer custom categories.

And since items can only be shared if the whole vault is shared, we also needed to create a vault for every sharing group. This ended up in complicated compounds and makes the organization complicated.

However, this is not my main concern. What I worry about, is the accidental moving of an item to another vault. It can happen very easily by dragging and item a few pixels to the left, see screenshot 1. Especially when using a trackpad, an attempted not completely vertically scroll can end up being a drag and drop to the side. If it happens, it probably even happens unnoticed.

I see a major security issue here, if a critical password gets to the wrong person, it can do great damage.

I don't feel safe right now, because I feel like it will happen at some point. If not to me maybe to a colleague. I don't want to worry about stuff like this.

It could easily be fixed by adding a confirmation box, or at least by giving the user the option to enable the occurrence of this confirmation box.

Or is there another solution I didn't find?

Right now the only thing I can do is hide the vaults, see screenshot 2. But this doesn't fix the issue and I can't rely on my colleagues doing this as well.

Thank you.

Screenshot 1
Screenshot 2


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Referrer: forum-search:Prevent accidental moving of items between vaults

Comments

  • ag_ana
    ag_ana
    1Password Alumni
    edited September 2021

    Hi @1Adrian!

    I see a major security issue here, if a critical password gets to the wrong person, it can do great damage.

    I don't feel safe right now, because I feel like it will happen at some point. If not to me maybe to a colleague. I don't want to worry about stuff like this.

    If the concern is that someone should not be able to share a password with someone else, and not the method in which they share it, can you not adjust vault permissions to forbid the person to share the password in the first place?

    Manage Vault Permissions

  • 1Adrian
    1Adrian
    Community Member

    Hi @ag_ana,
    since we are using 1Password Teams, the only thing we could do is to put the whole vault into viewing/readonly mode to prevent the moving of items. But then no items can be added or edited and we don't want that. We want to be able to create, edit and even move items, but I want to make sure that it happens on purpose. So even the additional control of 1Password Business won't solve this issue.

    I think it's crucial to let the user know and confirm when an item is moved and there will be other people gaining or losing access to the item, especially because it can happen so easily by just moving the cursor a few pixels.

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the clarification @1Adrian, I will share your thoughts with the team for future consideration :+1:

  • 1Adrian
    1Adrian
    Community Member

    Ok. Will I get any feedback of your sharing?

  • ag_ana
    ag_ana
    1Password Alumni

    @1Adrian:

    I can try to set a reminder for myself in the future, yes :+1:

This discussion has been closed.