Can I designate someone to aecess my acct when I die? Other than just giving them my pw?
Can I designate someone to aecess my acct when I die? Other than just giving them my pw?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:backup contact
Comments
-
@pktex You can leave your Emergency Kit and Two Factor Authentication details with your will, but make sure you update it in the event of a master password change.
Alternatively you can give your email password and 2FA to one of your family members to store in their Private vault and make another one of your family members a Family Organiser. In the event of your untimely demise they could then work together to recover your account.0 -
Adding a second Family Organizer is indeed a good idea for this:
Implement a recovery plan for your family
0 -
Thank you for your responses I'll take a look!
0 -
The first Family Organizer email might be inaccessible (by the second one) so the completion of the recovery plan is impossible!
Right, access to that email would be necessary, as missingbits explained in their post above:
Alternatively you can give your email password and 2FA to one of your family members to store in their Private vault and make another one of your family members a Family Organiser.
Both are needed :+1:
What is the behavior when using a 2FA in the situation I mentioned?
There are several ways to temporarily disable 2FA if you have access to the Emergency Kit, so to all of the other login information:
If you lose access to your authenticator app
0 -
+1 on this request!
A "family subscription" cannot be complete without handling deaths in the family. 100% guaranteed to happen if you wait long enough!!
When sync'ing passwords with 1password.com, you know if a user has ZERO devices that connected for more that X days, e-g: 3 weeks.
In that case you should send an email to that user (if enabled) along the lines of "If you do not log in to your 1password account within the next 2 weeks, we will initiate a procedure for member X Y or Z of your family to get access to your personal vault. Click here if you do NOT want this to happen."0 -
These comments have been very helpful. If I add a family member as a 2nd organizer, is she required to log in on certain frequency to maintain access? wouldn't expect her to need to do that, but some earlier comments about timing and number of days are confusing. I was hoping she could keep the needed access for when she needs it and not have to log in at a certain frequency. Please clarify? Thanks again.
0 -
@pktex The earlier comments on delay periods relate to a feature request. There is no need to login at specific intervals to maintain family organizer status. She will remain a family organizer until you revoke her status.
0 -
Indeed, no need to keep logging in for this :+1:
0 -
You have all been so helpful with my original question and I've now added a family member to my account where she told me she created her own password. I notice it didn't specifically say "family organizer", is that another step? I further checked and it appeared I also had to actually give her access to view my specific vault which I did, so I think I did this correctly. My goal was for her to be able to view/access all of my info when I die. But does she need MY secret key and MY master pw? Or does she have her own secret key? And now that she is added to my account, does she have her own vault and can set up all her own info? Thank you all again. This is a sensitive topic and I just need to make sure I do it right.
0 -
@pktex There is an additional step to make her a family organizer. Go to the following page:
https://my.1password.com/people
Click on her name and you will see her devices and all the vaults to which she has access. In the left hand pane either "family member" or "family organizer" will be highlighted. If family member is highlighted then select family organizer.0 -
@rootzero Thanks for your response, I discovered that area right after posting my question! Will my family member need MY secret key and MY master pw? Or does she have her own secret key? And now that she is added to my account, does she have her own vault and can set up all her own info?
0 -
@pktex Yes, if you have completed the following procedure then she should have received an email and clicked on a link to create her own master password and secret key. You would then have received an email with a link to confirm her account.
https://support.1password.com/add-remove-family-members/
Think of it like a company or team account. You are the IT admin creating an account for an individual employee with their own master password and secret key. You can decide whether they are an ordinary employee (family member) or an IT admin (family organizer).0 -
Thank you both for your quick and patient responses. Very helpful!
0 -
@pktex One more point I should mention. If you want your family member to be able to recover access to your Private vault when you're not around then she'll need access to the email account you use for 1Password. So best to save the credentials for this email account in a shared vault where she can find them.
0 -
Correct. To clarify: this is because part of the recovery process sends an email to the user whose account is recovered. If you want the family member to also receive this email and act on it on your behalf, she would then need access to your email inbox.
0 -
Oh, well I do have all of my email accounts in my vault but I'll need to make sure show knows which one. Thank you for letting me know! You've been extremely helpful!!
0 -
I've read a few of these emergency access threads and they all seem a lot more convoluted than similar features in other products.
In the event of my untimely demise, my spouse would have a lot more important things to do than figure out but, instead, she'd have to figure out how 1password works with little guidance.
I see a feature request more than a decade old. It seems like this deserves some serious attention.0 -
Hi @Redarkrah:
It's very possible you may have seen these posts from me elsewhere on the Support Community, but just in case you haven't:
Digital inheritance is something we've been looking at as previously mentioned, the catch is it's just a very hard problem to solve while meeting the needs of you now, as well as future you and your loved ones.
We'd like to implement it in 1Password but we want to make sure we do it right, which when comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances, while also not being overly complicated to use, is not as easy as it might seem.
Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to used a trusted physical solution such as a safety deposit box containing your Emergency Kit, or providing it to a family attorney with any other end of life documents they may store for you as well.
It's definitely something we're exploring. More than anything, our goal is to make it cryptographically secure for us to be happy about putting it into the world, not just protected by access controls. We do offer the ability for family organizers in a 1Password family account to recover their family members, and similarly administrators in our enterprise offerings, but both cryptographically and using access controls, the person who controls the account remains in the loop and more importantly, the 1Password server never has enough information to decrypt any data.
With all that said, it becomes significantly trickier to design a system that you don't have to trust when it comes to digital legacy. It's impossible for you to be in the loop, since you're incapacitated. What other password managers tend to offer is a key escrow solution. A key to your encrypted data is then encrypted itself. This key is encrypted using the public key half of a keypair. The person you have selected as your emergency contact has the private half of the keypair in their password manager account. When this individual requests access for digital legacy reasons, you receive notifications to stop the recovery process, and if you do not stop it in time, your encrypted data key is sent to the individual, and as they have the private key, they are able to decrypt the key, and then decrypt the password data sent by the password manager as well.
The catch with this method though is when you distill it down, in the event of you being incapacitated, your data is not protected by cryptography, your data is protected by access controls. The only thing preventing the password manager service from sending your encrypted key as well as your encrypted data to the emergency contact is trust. There's no cryptographic lock preventing them from doing it, it's just a promise.
I hear you, and I understand that this is a feature that you've asked for and many others have as well. If we do implement it, we want to make sure it's done with the trust in cryptography people expect from 1Password, not just access controls.
If you have more questions I'd be happy to dig into this with you!
Jack
0 -
Maybe some variation on the shared vault feature based on some trigger? I would feel comfortable if my Private vault was actually some kind of limited-shared vault. Just a thought...
In addition, some thought should be applied to that process to make it as straightforward as possible for our successor(s)... for those of us who've put some thought into the organization of our family accounts, that's going to be a big surprise for our less-technical family members. Helping them through that process would be reassuring.0 -
Some of the big questions that come from any sort of high tech / triggered process is:
- Where does the recipient get the encryption keys for your data from? Do we have to store them in escrow? If so, that's a non-starter. One of the attractions about 1Password is that we never have the keys necessary to decrypt and read your data. Only you know your account password and Secret Key, which are required to decrypt your data.
- Can the triggering event be abused? For example, if what triggers the event is that the recipient puts in a request which fires off an email to you. If you have X amount of time to respond to that email before the keys are turned over, how do we know that email didn't go to spam? Or that the recipient didn't trigger it while they knew you were on vacation and not checking emails?
We've thought about this from a lot of different angles, and so far the best solution we've been able to come up with continues to be a low tech one:
- Print a copy of your Emergency Kit: Get to know your Emergency Kit
- Write in your account password
- Store the document someplace safe, such as a fire safe, bank deposit box, or with your other estate planning documents
- Make sure to update the stored kit if you ever change your account password or Secret Key (*)
(*) One thing I've considered is making an entirely separate executor account within my 1Password Families membership. This enables me to do two things:
- I can store anything I don't want to pass along to anyone else upon my death in my Personal/Private vault. Those items will die with me.
- I can change my own credentials at-will without having to remember to update the document
I haven't actually gotten around to doing that myself yet, but it is something worth considering, if you're a 1Password Families user. We'll continue to brainstorm on this subject, but please understand it isn't a simple problem to solve, and we want to be sure we do it right if we do it at all.
Ben
0 -
Ben, thanks for going over the thinking. IMHO, the Emergency Kit is too tech-y for many folks... I think some combination of existing features (with tweaks, possibly) may be a more workable solution.
0 -
Would you mind elaborating on that a bit for me? A physical piece of paper with sign-in instructions is about the lowest tech possibility I can think of. 😄
Ben
0