Read first: Previous version support information


Over $100,000 lost

AgileBurgerAgileBurger
Community Member
edited August 2020 in 1Password 7 for Windows

So you have that neat little PDF file you ask people to download when they set up their account. And you thought that was so foolproof that no scenario could ever occur which might still lock people out, right? You thought you thought of everything.

Well unfortunately you didn’t. My laptop died. And along with it my nifty PDF emergency kit. So I have my email address. All my billing information. I can even send you my passport to prove who I am. I have my master password. I’ve got it all.

But since my laptop died and I have to use a “new device” to get in, your developers, in their infinite wisdom, decided that I need my key. Or I’m out of luck!

Unfortunately, because of this arbitrary requirement, over $100,000 of mine is now lost forever. I even tried the “forgot password” link and you even show me part of my recovery key!

So you know part of it. If not all of it.

But you’ve made a rule that if I don’t know it, I will never have access to my information again.

I’ve been sitting here for 4 hours sweating, with my head in my hands, until 3 AM trying to figure this out. Only to read all your “help“ documents and support replies basically telling people “tough luck”.

Lucky for your company, 90% of your customers only store passwords. So you haven’t had to deal with a bunch of lawsuits from people that have lost hundreds of thousands of dollars. They just have to go and reset all their passwords.

And they can. Because every other website on the Internet allows this. It doesn’t matter if it’s the IRS, my bank, or the most secure website on earth. They allow people to access their own accounts, no matter what.

So should you. Obviously.

You actually thought it would make sense to have a policy that in some circumstances, customers can’t access their own sensitive information?

This is a legal matter now.

I need your help. I need somebody to do something. An attorney is going to cost me a lot less than the money I’ve lost tonight because of your software has locked me out.

You might think this is a neat way to show the public that you’ve got extra security. But your job is to keep everyone else out. Not to keep me out. And if we need to establish that in a court of law, then we will.

I need you to help me get access to my account again. Or there will be a lawsuit. Period.

Before you rattle off “sorry this is the way it is“, I recommend you forward this thread to your legal department. Because anything you type is going to be included in the lawsuit.

Comments

  • AgileBurgerAgileBurger
    Community Member

    Couple more thoughts:

    Your developers are perfectly capable of creating an encrypted system that they don’t have access to, which ensures that customers can access their own information no matter what. One that doesn’t rely on the customer having to remember some key that YOU created for them.

    This is why email addresses and phone numbers and 2FA are now universally used for all security purposes on far more secure systems than yours. Because these are safe and reliable things that the customer will always have access to, no matter what.

    I realize developers like to make up their own realities, but when this goes before a judge and I’m holding you accountable for the $100,000 I’ve just lost, the judge isn’t going to care what the developer thought was reasonable.

    He’s going to care about customer advocacy, fairness, and basic common sense. Common sense dictates that under no circumstances should you be presenting yourselves as a trusted steward of sensitive information, and intentionally creating a scenario where it can’t be accessed.

    Again: your job is to protect others from getting into my vault. It is not to prevent me from getting in. This is your problem to solve. Under no circumstances should I be harmed by your coders shortsighted thinking.

  • AGAlumBAGAlumB
    1Password Alumni

    @AgileBurger: Thanks for reaching out. I'm not around the forum very much these days, but I happened to see your post and wanted to reply to you personally.

    While I can't say I have lost anything of that kind of value, or even had that much to lose in the first place, I've lost really important (to me) data in the past -- probably over two decades ago now -- and it still eats at me...so it makes me sick both personally and professionally for a 1Password user to lose data of any kind, and I try to help with any recovery efforts where I have something to contribute. I depend heavily on my own computer and on 1Password, and the loss of either without a backup would be catastrophic, so if both have happened in your case I can't tell you how sorry I am.

    The thing is, there is nothing arbitrary about the Secret Key being needed to sign into a 1Password membership account on a new device. Like your Master Password, it is also used to encrypt the data, and therefore both are mathematically required to decrypt it. After signing in initially, you don't have to enter the Secret Key every time because it can be stored locally, if it's a trusted device, so you can just enter the Master Password to use 1Password as part of your daily workflow.

    I understand that it's...well, to stay within the forum guidelines, I'll say it's an absolutely horrible feeling to think you've lost important data, and I can emphatically empathize with that. But in all other circumstances that's keeping everyone else out -- attackers, coworkers, nosy family members, you name it. Without the added security of the Secret Key, you'd just have had a different big problem: anyone who got a copy of your data, either from you of from us, would need only brute force your Master Password, making it much more attractive for them to attack us and, unbeknownst to you, get your data and break into it. The Secret Key makes it entirely infeasible for that to work. Otherwise you'd likely suffer monetary losses of equal or greater proportions by someone getting access to all of your accounts and personal information -- whatever you have stored in 1Password. That's untenable, and our customers would be right to try to hold us accountable for negligence if we did not ensure that their data was protected even if we were compromised, turned evil, or had a rogue employee doing harm.

    That's how crucial the Secret Key is, why we can't "reset" 1Password users' passwords, etc., the way that websites that know your password can -- it's not a rule or a policy, but rather a fundamental part of the security that all 1Password users depend on -- and why after signing up in the web browser the prompt to download the Emergency Kit, print it, fill it out, and store it in a secure location is not optional. We're not here to keep you out; there simply is no back door. Anyone without the "keys" to the data cannot access it. The only way for 1Password to be safe for a customer to use is if they are the only ones with the "keys" to their data. And therefore if you do not have the "keys", no one does, and it is inaccessible.

    But yeah...while indisputably important for the security of all 1Password users, that's not helpful to you in this situation. :(

    However, while I don't know the specifics in your case and can't say one way or the other, in my experience most people in this kind of a situation are just overlooking some option available to them that could help -- which is, frankly, understandable under that kind of duress. For example, a backup of your 1Password data, a backup of the device you used 1Password on, or any device where you're currently signed in, etc. -- all potential options. So, since we can't discuss any account details here in a public forum anyway, and it's easier to work together with diagnostic information, exchange ideas, etc. via email, if you'll shoot me a message at [email protected] I'll be happy to work with you to make sure we exhaust all possibilities and see if we can find a way for you to find your credentials, and get you into your account. I can't give you access to it myself -- no one can -- but if my experience and expertise can help get you there I'll be glad to offer it. Just mention me by name in the email so whomever sees it first can notify me. I look forward to hearing from you. :)

  • AgileBurgerAgileBurger
    Community Member
    edited August 2020

    @Naxterra - People like you are so cute. "Its not their fault". I can't imagine being this clueless and shortsighted in my thinking.

    It's entirely their fault.

    They have complete and total control over what their app can and can not do. They intentionally coded it with a security model that permanently loses sensitive customer information in certain circumstances.

    This isn't a block chain where if you lose your key, you lose your money. This is a centralized company with coders who knowingly coded an app to lock people out of their own accounts after deciding what "they think" is a reasonable amount of options.

    They decided 1 PDF file was sufficient, and that customers are deserving of complete and utter annihilation if something goes wrong or that one PDF file is lost.

    Additionally they thought it would be "super cool" and extra secure if they themselves couldn't access the account in emergency circumstances. Its not cool. It puts Agilebits at risk of legal liability in situations exactly like this. There isn't an app, website, or system on this planet that LOCKS ME OUT of my own stored data because of some arbitrary "rule" some coder came up with that leaves me with no options.

    Imagine your bank telling you that if you lose your password you will never have access to your bank accounts again and all your money is lost? Do you think any judge on this planet would allow a major bank to operate that way in the first place? Obviously not. Use your head please.


    Moving forward:

    Tossing a PDF file at customers and saying "You better not lose this or your screwed" is not going to stand up in court.

    This is how coders think when they are given too much power over how an app works. I've managed dev teams for 22 years. You never let coders decide how something should work because they will always come up with asinine "policies" exactly like this one.

    From the coders perspective its perfectly reasonable that a customer should lose all their sensitive information "if they're too stupid to keep a PDF I gave them".

    From a legal perspective, there should ALWAYS be a way for someone to access their account, even if it requires 10 other hoops they must jump through, because ultimately, the only thing that matters is that customers don't lose their sensitive information that's being entrusted with AgileBits.

    Thats the priority. That's the most important thing. Nothing else matters. Not your opinion, or some coders opinion on whether the Emergency Kit PDF "should" be sufficient. Its not. Life happens. Stuff happens. Situations happen.

    Understanding that is the priority. And building a security model that addresses that, is the priority. No random programmer has the right to decide the "punishment" for someone else. A judge will agree that this wont fly.

  • jwmasekrejwmasekre
    Community Member

    My guy, 1p didn't come up with this. The concept of a recovery key used to unlock encrypted files/drives has been around for ages. Just look at bitlocker, which gives you a recovery key upon encryption for you to print and store safely. When you lose that and you don't have the password, physical key, or tpm chip associated with it, you have effectively lost all the data on it because it's encrypted. This is an industry standard for encrypting high-value information. If 1p had a copy of this key, it would take a simple social engineering attack to acquire this from them and have access to literally everything. Banks legitimately fight this, and social engineering attacks frequently successfully access people's accounts. I get that you're pissed because you didn't fully understand the product that you were utilizing, and this had an impact on your finances, but it would literally be the same as an IT department getting pissed at Microsoft because they didn't store their bitlocker recovery keys and lost critical data because Microsoft doesn't retain a backdoor in the encryption. It's bad security, and a security-focused company isn't going to risk that.

  • laugherlaugher
    Community Member

    @AgileBurger - I've been in your shoes before. Fortunately, I learned this before 1Password was on the market. It was another software based "safe" solution and without the two key system, I lost everything. I had to go through months of trawling, contacting people and doing whatever was necessary to regain access back.

    But after the pain (and I was literally tearing the place apart), I also learned something. I knew that a usable two key system for securing data such as 1Password is almost impregnable. You could still break into it if you knew what you were doing, threw a lot of dollars and resources at it but it would still take a very long time. I knew that whatever I had in my safe was so safe (or safe enough depending on which extreme you sit on) that even despite my extensive IT security architecture background and my network of white (grey) hats, I could not break into its existing encrypted store. But that's why I bought 1Password!

    Its been awhile now but I recall one of the very first instructions when you install and set your master password and was given the PDF recovery kit was to PRINT IT OUT and lock it away. I remember this because that's exactly what I did. My PDF recovery kit with the secret key and master password is in a safe. I have a secondary one locked away in a bank vault safe deposit box along with other valuables. The premise of the warning was very clear - Do not lose this or you may regret it.

    Its like the first time you were told to backup your important files regularly and you got too relaxed with the rule that you skipped backing up things. Nothing is going to happen, you think. When the day comes your PC dies, well...you just lost a whole heap of stuff you wanted to keep. Nowadays, I have an scheduler that triggers the backup for me. Lesson learnt!

    As I said, I've been in your shoes before. I really feel your pain. I really hope you come out of this OK. I seriously do. I also hope that you take the path I did. Become more disciplined and stick with what I consider to be the number one usable password manager in the world right now. Number one not because its just easy to use but number one because the AgileBit folks have implemented an encrypted store that is very difficult to break. I would put my money into that bank any day.

    All the best, buddy and please don't hesitate to holler if you need help from the community.

    p.s. I don't work for AgileBits nor am I sponsored.

This discussion has been closed.