While adding a new Member to my account today, I noticed a nice little yellow call-out in the right hand side column urging me to add more Owners and Administrators to ensure user accounts could be recovered in the event of an emergency. This echoes the 1Password documentation which, if memory serves me well, repeatedly states how important it is to have multiple admins on an account, for these reasons precisely.
However, I notice that 1Password automatically places all account users in a Team Members group, to which the Recovery privilege can be assigned. This makes it look like it is in fact possible to grant Recovery privileges to all members of a team without the need for extra administrators and without the need to manually "bless" users with this added privilege each and every time they join.
What am I missing here? Is it unsafe to grant recovery privileges to all the members of a team? Are these recovery privileges "fake" or limited and would a regular member of the Team Members group be unable to help an Administrator recover their account if needed? If so, why does the web application make such an arrangement possible?
My understanding of the Recovery procedure is that is necessitates approval from both parties: both the person kick-starting the recovery procedure and the person being helped. Furthermore, my understanding is that the Recovery process would never allow a low-privileged user to peek into the vault of a high-privileged user even if the former were to help the latter recover their account. In that light, there seem to be very few downsides to allowing everyone on a team to help everyone out. I do, however, feel that I am missing something obvious and dangerous…
Any insights would be most appreciated, especially since Recovery is a crucial topic.