Moving item copies it to the Trash

scottsbscottsb
edited February 2016 in Business and Teams

When you move an item between vaults, a copy is left in the Trash of the original vault. I believe this is a long-standing behavior of 1Password, but it really only makes sense in the original case where 1Password was used individually. Now with the Teams product this is a fairly significant security risk, especially since there is no prompt or notice given. Vaults are the sole means of restricting which users have access to given information, so if you're moving an item to a different vault it's normally because you want a different set of users to have access. That means it's extremely dangerous for 1Password to silently copy the item to the original vault's Trash where it still remains accessible to the original vault users. This security risk is compounded by the usability issue that even if you notice the item is copied to the Trash, you can't remove just that single item you moved but rather have to empty all items.

I propose that if keeping an item in Trash when moving is a feature some people desire (to me it's just confusing), then at least the interface should prompt a choice about whether to keep the item in the original vault Trash.


1Password Version: 6.0.2
Extension Version: Not Provided
OS Version: OS X
Sync Type: Not Provided
Referrer: forum-search:Moving item copies it to the Trash

Comments

  • roustemroustem AgileBits Founder

    Team Member
    edited March 2016

    @scottsb,

    I think you are right. The current "Move" implementation simply combines "Copy" and "Move to Trash". It would be better to destroy the original without moving it to Trash.

    The challenge with destroying the items immediately is that we will have to make sure that the client is connected to the server to move items between vaults. The item must be destroyed on the server.

    I will check with @rickfillion to see if this is possible.

This discussion has been closed.