I read the whitepaper and am surprised how simple the account recovery is implemented. I see two problems:
1.) If the person whose data is lost also has no access to her email account anymore the recovery does not work,
2.) a "family organizer" just needs access to a member's email account to recover all data.
I am sure 1password is aware of Shamir's Secret Sharing which would make account recovery much better IMHO. My question is: are there any efforts in that direction? Are there downsides I don't see?
In my ideal scenario, every user could individually decide how many of the members chosen by her would have to collude to restore her account. This could also be changed at any time. The client would just have to get the public keys of the chosen family members and store each member's share encrypted with it's public key on the server and delete the old set.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided