Best method for estate planning

Hi, I'm trying to get things organised and part of that is I want to put 1Password vault information with my will for my executor. So I have created a vault called "Executor" that will contain bank account details etc. What is the best way to give access to only this vault to my executor?

I do not want to give master password access to all my logins to my executor.

Thanks for your advice.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • ag_anaag_ana

    Team Member

    Hi @BethFlinders!

    The best way would be to invite the executor as a guest to the account, so they will have access to this Executor vault:

    Share with guests in 1Password Families

  • Thanks for your reply, is the feature only available in the Family version?

  • ag_anaag_ana

    Team Member

    @BethFlinders:

    Families and Business accounts yes: the exception is Individual accounts, which cannot invite additional users (guests included).

  • williakzwilliakz
    edited April 2

    @BethFlinders, I suggest you gather more information and give the matter additional thought before making this extremely important decision. @ag_ana has suggest ONE way to meet your requirement, not necessarily the BEST way to do so. As I understand it, a guest user (single vault access) can restrict your freedom of action as to how you place and organize your secure info within 1Password. Also, consider carefully what, if anything, your Private vault will contain versus other vaults you may wish to create and exercise control over as to how they may be accessed (in 1Password for Families). Good luck.

  • ag_anaag_ana

    Team Member

    As I understand it, a guest user (single vault access) can restrict your freedom of action as to how you place and organize your secure info within 1Password.

    How so @williakz?

  • Poorly worded on my part. I meant that having a guest user restricts what is shareable to a single vault. This restriction can interfere with a Family user's flexibility in employing a variety of vaults and permissions to organize their secure info.

  • a variety of vaults

    If one wanted to use "a variety of vaults" it is possible to create the executor account as a "full" account instead of as a guest. That will count toward the user limit, whereas guests are counted separately. This discussion seems entirely off-topic with regard to the OP's request though. The OP specifically said they have a vault they want their executor to have access to. A guest account would do that. Ana's answer seems entirely reasonable given those parameters. I don't see how this relates to the OP.

  • The OP would do well to carefully consider procedures and limitations regarding the maintenance of the various logins, passwords, bank accounts, documents, etc. they wish to make available for estate planning purposes.

    As I understand it, guest account access requires a SINGLE vault be designated for a particular guest account to access 1Password secure data. This requirement implies that the OP would then use that same "Executor" vault in order to access the resources behind the secure data contained therein (e.g. a bank website with username/password/2FA). Otherwise, the OP would have to take steps to ensure uniformity and maintainability between the secure data and audit trails (e.g. password history) contained in the "Executor" vault as well as those in the associated "source" vaults. I think there's a bit more involved in the proposed solution to the OP's question than has yet been considered in this discussion.

  • As I understand it, guest account access requires a SINGLE vault be designated for a particular guest account to access 1Password secure data.

    Which is exactly what they asked for, yes?

    So I have created a vault called "Executor" that will contain bank account details etc. What is the best way to give access to only this vault to my executor?

    🤷‍♂️

  • Often the questions people ask are constrained by their limited understanding of the area of interest. It is incumbent on those with more experience in that area to anticipate potential problems with the route suggested by answers to such questions. Yes?

  • ag_tommyag_tommy

    Team Member

    @BethFlinders

    Let us know if you have any questions.

  • Hi, thanks for all the discussion on this topic.

    I am very happy for any input about optimising my estate planning. I had planned to use the Executor vault for any account with financial information, any subscriptions that may need to be cancelled, and important information. I am happy to use the Executor vault to access these accounts myself, I am comfortable using multiple vaults.

    However I do not wish to grant the Executor access to any other vaults. My master password access to all my vaults will be given to another person who is not the Executor.

    However in this circumstance as I need to upgrade my account regardless, I think it makes sense to create a Family account and a username and login for the Executor, and share the vault with this account.

    My question here was posted to see if there was an alternative to this option (upgrading my account from an Individual account).

    Thanks for all the feedback.

  • @BethFlinders, Your last seems to me a very sensible approach. By designating one of your 5 family members—the standard complement; you can always add extras at additional cost—for (eventual) use by the executor of your estate, you retain the full power of 1Password while gaining the greatest degree of flexibility to adapt to life changes in the future. I'm sure you'll be pleased with your decision. Good luck.

  • ag_anaag_ana

    Team Member

    @BethFlinders:

    However in this circumstance as I need to upgrade my account regardless, I think it makes sense to create a Family account and a username and login for the Executor, and share the vault with this account.

    If you decide to use a regular account instead of a guest account, just make sure that you invite the Executor as a regular family member, and not as an Owner of the account ;)

  • williakzwilliakz
    edited April 6

    @ag_ana: This discussion demonstrates a basic limitation of organizing storage of secure info at the vault level. I've been wondering if something like tags could be employed to designate particular items (logins, bank accounts, etc.), wherever they are stored in an account's 1Password's vaults, that would be accessible by a special access user (such as an executor, spouse, close family friend, etc.). Knowing 1Password's architecture, would something like that be doable?

  • BenBen AWS Team

    Team Member

    Hi @williakz

    Encryption is handled at the vault level, rather than at the tag level. Tags are just metadata on items. As such it would not be possible to protect different tags with different encryption keys.

    Ben

  • BenBen AWS Team

    Team Member

    @BethFlinders

    However I do not wish to grant the Executor access to any other vaults. My master password access to all my vaults will be given to another person who is not the Executor.

    If you only want the executor to have access to a single vault, then a guest account would be sufficient, however this would still require an upgrade to 1Password Families. Individual memberships do not have the ability to invite guests.

    However in this circumstance as I need to upgrade my account regardless, I think it makes sense to create a Family account and a username and login for the Executor, and share the vault with this account.

    Sharing of vaults would require 1Password Families. I hope that helps!

    Ben

  • Thanks @Ben, I thought so. I wonder, however, if something akin to the special FO role (EO?) would serve. The EO "user" could access all vaults but only in read-only mode and could only see entries with the Executor access "tag" or permission set. Though this might cause you folks more problems than the one it solves for us...

  • BenBen AWS Team

    Team Member

    @williakz

    The difficulty is that this bit:

    and could only see entries with the Executor access "tag" or permission set

    Would have to be enforced by the client apps, rather than encryption, and nothing would stop someone from using a tool other than our client apps from reading other items in the vault that don't have such a flag.

    In any event, we're definitely off topic now. If you'd like to continue please feel free to start a new thread on the subject. :)

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file