Recovery in case of death - new question
Hello team!
I know there are many posts out there that deal with questions like how can I grant my family access after my death or when I am in a coma. However, I have a new one (I think).
Mostly it is recommended to use the emergency kit which is what I currently do. However, this has a downside: In case of a burglary, individuals from The Dark Side could compromise my data. To add to the desaster, it could even be the case that I do not have access any more since they might have taken my devices and I might not remember my master password or get the secret key since they took the only physical evidence of both of it!
I have seen someone ask about an emergency feature that one of your competitors has, that works like this: I am picking one or more trusted individual(s) that can request access in case of my death. I will get a notification by push message and email to grant access. If I confirm or if I do not respond within a certain amount of time which I can set up-front, say 48 hours or 5 days, this person will get full access to my data.
I have read that this would mean that 1Password would have to have my master password because otherwise, 1Password cannot grant anybody else access to my account. I do not think that this is the case. Your competitor explains their procedure like this:
"You never share your Master Password, and the Emergency contact feature is no exception. What allows the feature to work is the cryptographic magic of public and private keys. Each user has both when their account is created — the public key only locks data, and can be shared. The private key only unlocks data, and is kept secret. Let’s imagine that Adam requests that his friend Betty become an Emergency contact. Betty accepts, and later she requests access to Adam’s account. A copy of Adam’s data is locked using Betty’s public key. So long as Betty satisfies the conditions Adam defined when he set up the feature, she is given that encrypted copy of Adam’s data. Betty (and only Betty) has the private key needed to unlock her copy of Adam’s data.">
I am not a crypto expert but** this seems to work without adding any risk of compromising data** - or is there something about it that I do not get right now that would prevent you from implementing this due to it being any kind of additional risk? I would love for this feature to be offered. If there is no risk to security, it is superior to the Emergency Kit in case of death or coma. Any feedback? Thank you!
Best regards,
TMM
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hi @TMM,
If we can find a way to build something like this that fits into our security model it is certainly something we can consider. As you might imagine our security team would want to thoroughly investigate any potential consequences of this sort of setup.
Thanks for taking the time to write in with this request. :)
Ben
0