Deleting Items in Trash

Is it possible to delete just a single entry listed in trash? I currently have about 143 deleted items, some of which I know I want to permanently delete, others...I may want to hold on to the info for a few months (ie, like closed accounts I don't want in my "active" logins). If I empty the trash folder everything goes away. I think it would be useful to be able to delete individual items in the trash.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:trash

Comments

  • LarsLars Junior Member

    Team Member

    @drummerjg - it's not possible to "empty" only a single item from the trash. Like your macOS trash, it's considered a special folder where you put items you no longer want, so although you can restore individual items from the trash, if you want to permanently delete them, it's an all-or-nothing command.

    If you are using a 1password.com membership, items you delete permanently ("empty trash") from within the client apps will remain available in the online trash if you sign into your account in a browser, click the vault in question, open the trash, and click "view archived items." You can individually restore any items from here as well.

    If you're using standalone 1Password and have been using the Trash as a sort of "Archive" vault, then it may be time for you to create an actual Archive vault. There's no dedicated functionality for this in 1Password, but what I did years ago was create a new vault, label it "Archive" myself, and remove it from appearing in All Vaults (meaning I need to specifically switch to this vault if I want to see/search its items. Then, when I come across items I no longer need but want to retain a record of in 1Password, I simply move these items into the "Archive" vault.

    Hope that helps! :)

  • Lars, thanks so much for the feedback. I do have a membership account and I was not aware that items deleted from my trash would still be available online. I also liked your clever idea of an "archive" vault for those with standalone versions.

  • LarsLars Junior Member

    Team Member

    @drummerjg

    I was not aware that items deleted from my trash would still be available online.

    This is one of the many advantages of a 1password.com account (though admittedly a less eye-catching one). With standalone 1Password, we're just a lot less able to do some of these whiz-bang features. It's why I recommend a 1password.com account to virtually all new users; it's just the best way to use 1Password these days. Glad I could help out with some ideas! :)

  • BLDBLD
    edited January 25

    @Lars I stumbled on this because I also was looking for a way to selectively delete from the trash. I can accept that Empty Trash is all or nothing, oh well.

    However, the fact that 1Password doesn't actually delete passwords when I empty the trash is an absolute shock! While I can respect that you may be trying to keep the user from shooting themself in the foot, 1Password should not be archiving things emptied from the trash by default. Frankly, I'd like to see that feature go away entirely -- I'd even like an operation where I can say delete an item right away (not even going to the trash) ala Shift-Delete in Windows. If I say empty the trash, I mean it -- my expectation is that the data is completely removed from 1Password's servers, regardless of the client I'm using. At the very least, 1Password should prompt me if I'd like a an actual permanent destruction or an archival.

    I will sometimes "temporarily" copy an item into a shared vault and then later delete it and empty the trash -- quite a surprise to discover that I have to go into the archive on that vault in the web app only to really get rid of it.

    And to make matters worse, the web app UI for cleaning out archives is very cumbersome. I can't get to the archives form All Items -- I have to click on each individual vault and re-navigate back to the trash and click View Archive. And then I have to 'X' destroy each item one at a time with a prompt, which then closes the archive and I have to do it all over again for each item I want to delete.

    Please give me a way to turn this off for the entire account, turn it off per user, turn it off with a prompt on empty trash from any client, and make it far easier to bulk delete archived items both across All Items and by selecting a group of Items to be destroyed and deleting them in one operation.

    I thought maybe I could sort of circumvent this behavior by editing the shared item rather than deleting it, but 1Password saves per-item history. Now that is a nice feature in many circumstances, but I need to be able to selectively delete history as well.

    I'm sorry -- but I strongly feel the UI for this archival feature is deeply flawed and as such leads to security concerns (leaving something exposed in a shared vault that the sharer never intended).

  • LarsLars Junior Member

    Team Member

    @BLD - to be clear for both you and anyone else reading this thread, it IS possible to fully delete items from the "Archive" function of 1password.com accounts online. To do so:

    1. Delete the item from any vault in 1Password, in any client app (or the web app).
    2. Sign into your account on the web at 1password.com and navigate to the appropriate vault.
    3. Click the trash, then Empty Trash.
    4. Click "View Archived Items"
    5. Next to any item you want permanently removed and unrecoverable anywhere including the web, click "Destroy" (red X).

    While this is indeed a multi-step process, our experience has shown us that far more users have trouble with data loss (inadvertently trashing/overwriting the wrong items, etc) than they do with data retention. That's why we make this an intentional, multi-step process, instead of something that can be done with a single keystroke or menu command. Regarding transferring items to a Shared vault, I need to refer to some of our long-standing advice: anything that's shared must be considered...shared. Yes, someone could theoretically be removed from "archived items" by someone with nefarious intent...but it could also be written down on paper, or copied to a standalone vault you don't control, by such a person as well. Our advice is to be careful with sharing items, and not to use a Shared vault as a way to transfer things if that's how you're using it. And if you do have items that have been in Shared vaults for which you don't want any possibility of recovery, use the above steps to permanently destroy those items.

  • @Lars The deepest problem with this archival process is that it occurs silently -- I only stumbled across it by reading about it accidentally in these forums. Even if you don't want to give people the option to prevent automatic archival, there should be a proactive indication that it occurred when the trash is emptied. And for users that really do want to wipe all existence of the data from your system, the archive should be accessible from all clients. Finally, forcing me to click on each item and destroy them one at a time is just unnecessarily painful. At the barest minimum, please give me the ability in any client to go to a vault, find its archive of deleted items, select all and destroy them in bulk.

    While I understand your motivation for preventing users from accidentally losing data they didn't intend, I think you've more than done your due diligence by having the trash and warning users when the trash is emptied. The only other interface I've seen that makes it equally hard to truly remove data is Google Voice. I feel like this and a few other features in the product border on what I call being a software nanny. Please don't make it extremely cumbersome for users who know what they need to do to do it. In my case, the reason you've seen so much activity from me on these boards is that I am in the midst of configuring everyone in my family's devices to use 1Password and migrating tons of data from their browsers and iOS Keychain (and boy those migration tools could be better). I was sold on the tool itself (despite the inevitable glitches any software has and some serious UI idiosyncrasies that just don't make sense to me personally) pretty much instantly. I know that once I get things finally setup and cleaned up -- it's going to make my family's online life (and my life as the IT guy) so much easier and secure.

    But the setup and migration is VERY painful. And this archival stuff just made me literally groan when I discovered it. I will have to go through that giant click cycle for literally hundreds of items.

  • LarsLars Junior Member

    Team Member

    @BLD - I appreciate your engagement on this subject; you've raised a number of good points. I'd be purely guessing if I tried to tell you I had any idea one way or the other that we'll be adopting any of your suggestions, but I'll definitely add your thoughts to the mix on this one. For what it's worth, I agree that the process is a cumbersome one, but that's also intentional. How much we might be willing to loosen that up isn't my call to make -- but you've certainly made your case for the "destroy" function.

    The setup and migration is...variable, in terms of its ease and relative level of pain. In your case, it's magnified severalfold by virtue of you having to do it for your entire family. But it varies for any user, depending on where you're coming from (browser-based password managers are the most difficult (especially Safari)) but even other password managers don't necessarily make it easy for us to import their data. It's definitely an area we could improve, so thanks for taking the time to provide the real-world feedback. :)

  • This is also a legal problem for me. I found a few (shared) passwords in my trash that belong to companies I have left quite some time ago; legally, I'm not allowed to have these passwords, and I thought I already deleted them. In my case, the odds anyone will sue me about it are very small, but for the company I'm currently at, if I eventually leave them, I would really prefer to be 110% sure I'm not keeping any passwords.

    I'm fine if it's a multi-step process, but I'd prefer if it didn't involve also nuking the hundreds of other less critical things I have in the trash.

  • LarsLars Junior Member

    Team Member

    @lalomartins - does the preceding thread give you enough information to be able to feel comfortable in your ability to fully delete anything you don't wish to keep/have? I'm not quite sure why you'd want to keep other things that were in the trash; programmers since the dawn of the PC era have used the term "trash" precisely because its metaphor is: that which you no longer want/need and are throwing away. If you want to keep an archive of older items that are no longer used but you wish to retain a separate archive of for historical or other purposes, I'd recommend creating a special vault and calling it "Archive" or whatever title suits you best, then moving such items into that vault (and removing that vault from view in All Vaults), to distinguish these items from those which you truly want to delete, which is what the trash is for.

    To be clear, this is the process, for a 1password.com account, to fully and permanently delete any item(s):
    1. Edit any item you no longer need and click "Move to trash," either in the main 1Password app or in the 1Password web app at 1password.com
    2. Click (or control-click, if using the 1Password app) "Empty Trash"
    3. Sign into your account at 1password.com in a browser, if you weren't using the web app already for the above steps
    4. Click "View Archived Items." You will see a list of all items that have been emptied from the trash. Click the red, circled X next to any you wish to permanently delete and confirm you want them deleted.

  • I have done a cleanup in one of my vaults. Now there are 73 items which I don't need and have been archived after emptying the trash. It is another cumbersome process to delete all of them one by one. In the archived folder, you can make a "Delete All" button to avoid this hassle. At the same time, button with bold red colours and warning that it will permanently delete the records can avoid mishaps (Oh I lost my data) as mentioned by Lars.

  • LarsLars Junior Member

    Team Member

    Welcome to the forum, @idawood! Thanks for the suggestion. We certainly could make such a button/function, but the process as it stands now is intentional, and I'm not certain we'll be changing it to make it easier. Permanently deleting data is a very significant step, one that I'm not sure should be able to be done with a single click -- that's why there are multiple steps to this. Nevertheless, I'm happy to pass along your suggestion to our developers; we're always looking to iterate 1Password to make it more secure and easier to use.

  • edited September 10

    I just stumbled upon this thread, based on a search. I must say, as a longtime 1P user who is trying out the trial of the 1P account, I'm very much in agreement with both BLD and Lars.

    Thinking you had permanently deleted some information that you absolutely needed to delete, and then finding out that 1Password dot com has not deleted this information everywhere, is not good. I totally understand you're trying to babysit users, but if deleting from the app isn't actually deleting the information everywhere, I think that part of the empty trash process needs to include a big warning - "these deleted items are still recoverable form 1password.com" (and if this is how it works, then great, ignore the rest of this paragraph)! While I know your support staff is probably happy to tell some people that their mistakenly-deleted passwords can be recovered, it's at the expense of careful users who really trusted that deleted data has been completely deleted.

    Along those line, I understand you wanting to (again) babysit users from mistakenly deleting important info by making us delete each item, one at a time. But it seems amazingly cumbersome if you're need to delete a ton of entries from a vault. How about make users click through a set of 5 warnings basically saying something to the effect "are you sure you want to delete these passwords, they will be gone forever, please carefully review all the items to make sure none are needed" (with huge red exclamation points, etc.)? So at least someone with 100+ items they need deleted can do this with a maximum of 5 clicks, while simultaneously really making sure users have ample warning? Or, if you're dead-set against "delete all," at least enable a checklist for the times that need to be selected one-by-one - it's still a hassle if you have 100+ to delete, but I think that's a better balance. Making users delete from the app, then delete one-by-one on the 1P site seems like babysitting overkill, IMO.

    So, as I think about managing my own data going forward (so glad I found this thread), I need to ask if the following is a reasonable workaround, based on being still fairly new to the way the 1P account works: Can I move a bunch of stuff I want to delete to a new vault, and then delete that vault? Or are there any safety nets that spring into action if one tries this? If users can delete tons of passwords this way, then that's a great workaround (probably to the chagrin of whoever made it so hard to delete items via the trash).

  • edited September 10

    OMG, something I just did deleted a really long response. So take 2. Background, I’m a longtime 1P users who in in the 1 month trial using a 1P family account. And I strongly agree with everything your users say in this thread. I only stumbled upon it trying to better understand emptying the 1P trash.

    If deleting data and emptying trash using the 1P app doesn’t delete that data on the 1P site, then the app absolutely needs to warn users about this. If there is no warning, I’m really upset about 1P’s nanny mentality, basically fooling users who rightly would think they’d erased data, and all because 1P believes it knows better than all users what’s best for them. I understand how recovering user’s deleted passwords probably makes tech support staff seems like heros, when you occasionally can tell someone that their mistakenly deleted password is recoverable. But this at the expense of serious users who absolutely believe data is deleted. And there’s no way 1P can know how crucial it might be for some data to be detailed to the maximum extent possible.

    And I’m so glad to also learn that you have to delete one item at a time from the 1P site trash, as I had some ideas on vault management that could have left me with tons of items to delete. What if, instead of the current system that apparently requires you to delete one-by-one, you had five “are you sure you want to permanently delete these items” warnings, “please check ever item you’re deleting, as it will be gone forever,” all with bigger and bigger red exclamation points? Or at the very least, add a bunch of warnings, but also make users select every item in the trash using a checkbox?

    Finding out about all this makes me wonder if any other recovery methods may be hidden from sight, perhaps that would make some users uncomfortable if we knew about them. While I get 1P wants to be friendly to even very untechnical users by adding a bunch of safety nets, it’s a disservice to really serious users who want to know that such a crucial tool isn’t secretly working against us.

    And now, as I consider my own strategy for managing data and vaults, I wanted to find out about a possible workaround: Can a user move items to a new vault, and then delete that vault, to permanently delete a large number of entries? If that wouldn’t work, can you explain why? It’s really important to me that I can follow how this works, so I can manage my data appropriately.

  • brentybrenty

    Team Member

    @SecretDude: I appreciate you sharing your perspective. I just wish you'd done so without denigrating people you don't know who depend on 1Password to have their back to prevent data loss as well. We'll take your feedback into account with everyone else's as we continue to develop 1Password. Thanks for letting us know your preference.

    As far as deleting data permanently, you could create a new account, move only the data over that you want to keep, and nuke the old account. When you move item to a new vault, the original items will be in the Trash in the old one; so you'd need to empty the Trash and destroy any archived items as desired.

    But the thing I think you're overlooking is that nothing in 1Password -- wether in the Trash, archived, or not -- will be at all accessible to anyone buy you unless you give them access to it. Since everything in 1Password is encrypted, as long as only you have the keys to decrypt it, having old stuff in the Trash poses no risk whatsoever.

  • Sorry, I didn't intend to denigrate anyone, and I'm not even clear how I did so.

    I haven't had time to play with 1P, but is it accurate that the 1P app UI doesn't warn that the data persists (on servers) after the trash is emptied, when using the 1P account model? If so, I really really really urge you to be very clear with users about this truth. Not doing so feels unethical to me, even though I understand why you want to keep things simple for users.

    "No risk whatsoever"

    That is a very strong statement. I think it's clear that no software is perfect. So I think is reasonable to assume there's a non-zero possibility some unknown vulnerability could be leveraged by an attacker. It could be in a future update of 1P user software, or your infrastructure software, or a user's OS. For these reasons, I'm always a bit nervous about even using a password manager, but I don't see a better option for the way things work today that wouldn't be overly burdensome.

    Also, in these times, you never know what leverage a government may have over a private company, that may allow a government to look at user's private data (if not now, maybe in the future). I think it's totally reasonable for users to operate with knowledge of these possibilities, and never believe there is "no risk whatsoever."

    And, who knows, maybe there's some deleted info that a user doesn't want to pass along to heirs, or there's a way that someone trusted and close to a user is able to get into a user's 1P account, and access data a user believed was deleted. Maybe there's info a user wants to be sure that no one will ever have access to.

    Anyway, for these reasons, I think it's clear there's a non-zero chance that someone could get into a user's 1Password account, and thusit is not unreasonable to want to truly delete items from the 1P database.

    I'll have to think about your suggestion on creating a new account, in order to delete many items. I'm still trying to wrap my head around how everything works, and what I'd like to accomplish with my and my family's data. Thanks for the info.

    And do note, as a very longtime 1P user (I'm guessing 10+ years), my critique is based on wanting 1P to be great.

  • brentybrenty

    Team Member

    @SecretDude: Please understand that while I'm going to disagree with you on some points, strongly, that's not to say that the current design is perfect and can't be improved upon. But rather it's critical that we consider the impact to all 1Password users and listen to feedback from everyone, especially when it comes to data loss -- actual or potential. I think we need to do a better job of educating users both ways: you're primarily frustrated about not knowing about archived items because you want to destroy them, whereas many other people are frustrated when they think something is gone forever when they don't need to be.

    I haven't had time to play with 1P, but is it accurate that the 1P app UI doesn't warn that the data persists (on servers) after the trash is emptied, when using the 1P account model?

    The 1Password clients' UI does not popup to tell users that data in their account will not be destroyed when they empty the trash in the app, no.

    If so, I really really really urge you to be very clear with users about this truth. Not doing so feels unethical to me, even though I understand why you want to keep things simple for users.

    You accuse us of "babysitting", but, ironically, that's the same thing people say when we do put up warnings like that in other cases. The reality is that most people expect their account to have their data unless they remove it there (we built and promote our item history feature, after all). But we'll continue to evaluate the specific presentation according to feedback from you and everyone else. :)

    "No risk whatsoever"
    That is a very strong statement. I think it's clear that no software is perfect. So I think is reasonable to assume there's a non-zero possibility some unknown vulnerability could be leveraged by an attacker. It could be in a future update of 1P user software, or your infrastructure software, or a user's OS. For these reasons, I'm always a bit nervous about even using a password manager, but I don't see a better option for the way things work today that wouldn't be overly burdensome.
    Also, in these times, you never know what leverage a government may have over a private company, that may allow a government to look at user's private data (if not now, maybe in the future). I think it's totally reasonable for users to operate with knowledge of these possibilities, and never believe there is "no risk whatsoever."

    Well... I'll quote you in full, but you really went out of your way to cherry-pick the end of a full sentence I wrote. :lol: and the details matter, I'd say. This is what I actually said:

    Since everything in 1Password is encrypted, as long as only you have the keys to decrypt it, having old stuff in the Trash poses no risk whatsoever.

    It is a strong statement, and I stand by it. The whole thing, that is, not the abridged version. ;)

    The fact is that 1Password data is encrypted locally on the user's device using "keys" which only they have -- the Master Password they chose themselves and the 128-bit Secret Key which was randomly generated on their device during account signup; only encrypted data is sent to the server -- no account credentials; only encrypted data is stored on the server; only the user has the "keys" to decrypt their data -- which, again, happens locally on their device. No "leverage", server breach, etc. can result in us giving away, or having taken away from us, something which we never had in the first place. So again, with the above in mind,

    Since everything in 1Password is encrypted, as long as only you have the keys to decrypt it, having old stuff in the Trash poses no risk whatsoever.

    Put another way, unless you give your account credentials to someone else, no one else has what they need to access the encrypted data in your trash, or in any of your vaults, etc.

    And, who knows, maybe there's some deleted info that a user doesn't want to pass along to heirs, or there's a way that someone trusted and close to a user is able to get into a user's 1P account, and access data a user believed was deleted. Maybe there's info a user wants to be sure that no one will ever have access to.

    That's a good point, but that speaks more to awareness than anything else. It's a difficult balance, and I'm not sure we've struck the right one yet, so we'll keep working at it.

    Anyway, for these reasons, I think it's clear there's a non-zero chance that someone could get into a user's 1Password account, and thusit is not unreasonable to want to truly delete items from the 1P database.

    I don't think it has anything to do with "chance", but I agree that it's an important option, and that's why we have it.

    I'll have to think about your suggestion on creating a new account, in order to delete many items. I'm still trying to wrap my head around how everything works, and what I'd like to accomplish with my and my family's data. Thanks for the info.

    If you need help with that, I or anyone else here at 1Password will be more than happy to walk you through it. Especially when someone has an active subscription they've paid for but they need/want to move to a new account for some reason, it's not fair to effectively pay for the same subscription period twice; so we definitely want to be involved to at least provide an account credit as is appropriate. Seriously, I don't want someone to have second thoughts about starting over with a new account when it matters just because of money. We can work it out.

    And do note, as a very longtime 1P user (I'm guessing 10+ years), my critique is based on wanting 1P to be great.

    I can feel that! Thanks for your support, and for engaging passionately on this topic. It's something we'll continue to discuss internally as well. Have a great weekend! :)

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file