Personal Projects possible security issue?


#1

So, every user has Personal Projects to manage their personal tasks. At the same time, they might be a member of organization workspace. This means they have their corporate Email address added to their Asana accounts. I wonder if that means that there is a possibility for this scenario:

  1. Employer, who manages your Email account changes password of Email.
  2. Goes to asana.com and uses “Forgot password” feature.
  3. He gets new password link on my Email (now he has access to it);
  4. Logs in to Asana and has access to not only Organization workspace, but all the other workspaces, because Asana account is Asana account, not organization-level account.

#2

Hi,

Is a good question, since both Workspaces have the same Account linked. I have done a reset of my PW last time and i had acces to both Workspaces with the reseted Account.
I would say yes. Every admin could theoritacally do that.

You should not forgot when you leave the company to “disconnect” the Worksapces.


#3

Yes, you should disconnect for sure but still, seems little odd to me. I think access levels should be redesigned per Workspace.