To protect your privacy: email us with billing or account questions instead of posting here.

Able to revoke yourself from your own non-default vault

claysang
claysang
Community Member
edited August 2017 in Memberships

I found something very dangerous on the web version of 1Password, that is, you can remove yourself from your own vault if you’re in personal membership. And seems like you can’t restore that vault once you’ve done this.

Reproduce this is simple:

  1. Choose a vault that is not your default Personal vault

  2. Click the Manage button

  3. Click Manage

  4. Uncheck yourself

Or,

  1. Click the gear icon after your name

  2. Click “Remove from vault”

I don’t know if this is a bug or this is just by design you guys chose to do this. But this is so dangerous from a user’s perspective. It doesn’t like Delete Vault, and I guess that vault is never deleted!

If there’s no way I can restore that vault, is that vault removed from your server? Every vault has a unique id as far as I learned from the URL. So is that vault still safe? There’s data in it!

Thanks!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: macOS 10.13 Beta (17A344b)
Sync Type: Personal membership

Comments

  • Hi @claysang - Thank you for sharing this with us. I appreciate the steps you provided to reproduce the issue and I'll make sure to pass this information along to my team. I agree with an Individual account, there is no need for the 'manage' button to be there. We'll see what we can do and thank you again for sending this over to us, very much appreciated :smile:

    ref: b5-3068

This discussion has been closed.