Feature request: failsafe mechanism for mission critical vaults

A malicious admin can just create another admin account.

Perhaps the simplest solution would be to optionally allow undelete of vaults for (say) 14 days. Turning that option off would also need to be on a 14-day fuse.

Perhaps the simplest solution would be to optionally allow undelete of vaults for (say) 14 days. Turning that option off would also need to be on a 14-day fuse.

I share these concerns. Vaults really need to be recoverable in order to mitigate the risk of accidental or intentional (malicious insider) vault deletion. 1Password presents unique risks with respect to insider threats, because there aren't any good backup options. (By contrast, we can use tools to automatically backup our Office 365 data. So even if a malicious insider were to delete all of our Office 365 accounts/data, we would have the immutable offsite backups we could restore.)

There should also be a an option to allow the account "Owners" to recover any items for a similar period of time even after they have been "Destroyed permanently", because a malicious insider could just Delete and then Destroy Permanently all of the contents of a vault.

A related concern I have shared in the past with someone at 1Password is the need to protect "Owner" accounts from being removed from vaults or having their permissions changed, being suspended/deleted, or having a recovery initiated without the approval of one (or better, multiple, other Owners). ... In one of the businesses I work with, the in-house IT admin (and external IT support team) have global/root admin privileges for pretty much everything, but not for domain name registrations/DNS records, and only certain key owners of the business are setup as "Owners" and "Administrators" in 1Password. The in-house IT admin has more limited privileges. .... The problem is that the in-house IT admin should be able to manage most of the 1Password users and help them with account recovery. But the in-house IT admin (who is a trusted insider, but not at the same level as an owner or executive officer) should NOT be able to mess with the accounts of the members of the "Owners" group.

@Dave

Regarding the topic of securing your 1Password Business account I would recommend taking a look at the following article: Best practices for securing your 1Password Business account

I have read that. The issue is that we would like to be able to delegate day-to-day administrative tasks for our Business Account, such as onboarding new team members and helping team members recover their accounts, to our IT admin. But we do NOT want the IT admin to be able to mess with any settings/permissions/etc. for Owners, such as removing Owners from vaults, changing Owner permissions, suspending/deleting owners, or initiating the account recovery process for Owners. We would like those things to require the approval of one (or better, multiple, other Owners).

In addition, I would like the option to require Owner approval for the deletion of any Vaults, rather than Administrator approval.

Basically, the first request is to be able to turn on an option ("Restrict Changes to Owners") where the "Recover Accounts", "Manage People", "Suspend People", "Invite & Remove People", and "Manage All Groups" permissions do not permit anyone who is not an Owner to take any such actions with respect to an Owner. That is, if the "Restrict Changes to Owners" feature was enabled, an "Administrator" could perform all of those actions for all users EXCEPT for Owners.

The second request is to have a "Require Owner approval for Vault Deletion" setting, such that if an Administrator attempted to delete a vault, it would send a request to the Owners to approve such deletion rather than performing the deletion immediately.