PSA: Email verification all it takes to delete 1Password, BitWarden account

5 points

2 years ago

I found that many password managers, including 1Password, Bitwarden, Dashlane, only require email verification to delete an account[1][2][3].

This means if your email gets compromised, your password manager account could be deleted permanently, without your master password or 2FA.

All of the password managers above mention that account deletion is NOT reversible, so this can be catastrophic for users without an up-to-date external backup of their vaults.

PSA: Back up your password managers regularly!

[1] 1Password: https://support.1password.com/delete-account/ [2] Bitwarden: https://bitwarden.com/help/delete-your-account/ [3] Dashlane: https://support.dashlane.com/hc/en-us/articles/202907531-Delete-your-Dashlane-account-and-data