Families vs. Emergency Access
Having transitioned from other tools to 1P, I'm somewhat anxious about setting up a Family membership as opposed to the process I've used before: Emergency Access. Maybe my situation is unusual or my concerns overblown, as many users are pleased with the Family setup. In brief, Emergency Access allows designated people to access to specific items in my vault after a stated time period. E.g., the designee requests access through an account and I have three days to deny the request.
Here's my basis for liking this approach: If I'm incapacitated, Designee A needs access to certain of my accounts. I don't want to grant any access while I'm capable of handling my affairs. I may not want to give up full control unless there's a emergency. With a shared vault, items become available to designees immediately. I can revoke the emergency access before it's used. Please tell me if I'm missing something here or my concerns are so obscure as to not warrant consideration. Perhaps there's a security issue with the way that such access is able to be provided, but often works on a public/private key basis. Thanks.
1Password Version: 7.3.712
Extension Version: 1.16.2
OS Version: Win 10
Sync Type: Not Provided
Comments
-
Hi @jimmyweg,
As far as I know, there isn't a way to grant partial access for a designated person in your personal account, as you have stated about "Emergency Access"...
But when signing up you get an Emergency Kit, which you should print out and keep somewhere safe. You can use that same Emergency Kit whenever you are locked out of your account and if you want to grant access to a designated person.
More about that: https://support.1password.com/emergency-kit/0 -
Thanks very much. The problem with using the Emergency Kit for my purpose is that I'd I have to give it to an escrow agent (lawyer) who must confirm that I'm unable to act and then the designee would have full control of my account. I'd also have to update the kit when I change my master password. What I prefer is the ability to revoke access before it's granted and access only to certain items.
0 -
@jimmyweg: It seems like you could just share a vault with a guest specially for that purpose. I'm not sure I understand your "revoke access" comment though. That sounds like you're saying you want to share secrets with someone but then somehow erase them from their brain and devices later, which is not possible.
0 -
Thanks, Brenty. True, the secrets would be shared, say 3 days after I receive notice and don't object. Then it's a done deal. But that may not happen for a long time, if ever. If I share the data today, the designee has it now, and can use it until I remove him and make changes to accounts in my vault, for example. In the Emergency Access model, access occurs when it's essential. I guess at that point I won't be concerned any longer and will depend on the designee to honor my expectations.
0 -
@jimmyweg: That's one way of looking at it. What's possible is revoking access going forward, so that, even if they made a copy of everything while they had access to it, future changes will be inaccessible to them. With that in mind, you may be able to formulate a good strategy.
0 -
@jimmyweg worth checking out this thread, this feature has been discussed a couple of times on here :)
https://discussions.agilebits.com/discussion/103056/feature-request-emergency-access#latest
0 -
:) :+1:
0 -
Thanks, everyone. I also checked that link. Let me say first that I've used LastPass and Dashlane extensively in the past. I'm new to 1P, but find it superior in terms of how reliably it works and the quality of it features and support. Emergency Access isn't something that would make me switch back. It does require a deviation from a superior risk model, so perhaps a shared vault will work well enough to limit my paranoia ;) , and obviously I can limit what I share.
0