Family organiser and access to other peoples vaults

Hello there,

I was wondering about the reasoning of organisers having potential access to other peoples vaults without their permission. The thing that I recently discovered is that organiser can add himself to any vault except the personal one of each family member. Therefore if family members would like to organise their "personal" logins into multiple different vaults, those items are no longer "secret" and can be accessed by family organiser.

Could you maybe explain what is the reason behind? I was under an impression that you either have your own vaults where no one has access to or there are shared vaults that a member specifically decides to share with someone.

But there is this third option where the non-default vault can be accessed without the members knowledge by the organiser.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @ondrejfuhrer

    But there is this third option where the non-default vault can be accessed without the members knowledge by the organiser.

    Correct. Part of being in a family membership is trusting the family organizer(s) to not snoop in vaults they have no need to be in.

    My understanding is at least part of the reasoning for this is to avoid having orphaned vaults that nobody has access to if a family member is removed from the membership. I suppose an alternative way to deal with that would be to delete any vaults that only that person had access to when deleting their account.

    I know this situation is something that has been discussed at length, but I'll remind the team that there is still a desire from some to have this work differently. Thanks.

    Ben

  • Hey @Ben

    Thank you for a quick answer here.

    Correct. Part of being in a family membership is trusting the family organizer(s) to not snoop in vaults they have no need to be in.

    I definitely understand that, just for me I don't then really see the difference between the default ("Personal") vault and the others. If there is a trust, why not "expose" those default ones as well?

    My understanding is at least part of the reasoning for this is to avoid having orphaned vaults that nobody has access to if a family member is removed from the membership.

    That is not 100% clear to me as well, as then there has to be a "special" condition for the default personal vault anyways as there is no way to delete that if a person is removed from an account.

  • BenBen AWS Team

    Team Member

    Thank you both for sharing your perspective on this. :+1:

    Ben

  • I also don't like the fact that as a family organizer I can give myself access to the vaults of other family members.
    It would be best if only the owner of the vault can control who has access.

  • BenBen AWS Team

    Team Member

    Thanks @Martijnn. To be clear: Family Organizers can't give themselves access to other people's Personal/Private vaults. They can only give themselves access to shared vaults, which would be any non-Personal/Private vault.

    Ben

  • @Ben I know. But I still think that for all other vaults this need to be changed.

  • BenBen AWS Team

    Team Member

    I understand. Just wanted to make the point. :) Thanks for the feedback.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file