Can I designate someone to aecess my acct when I die? Other than just giving them my pw?
Comments
-
Maybe some variation on the shared vault feature based on some trigger? I would feel comfortable if my Private vault was actually some kind of limited-shared vault. Just a thought...
In addition, some thought should be applied to that process to make it as straightforward as possible for our successor(s)... for those of us who've put some thought into the organization of our family accounts, that's going to be a big surprise for our less-technical family members. Helping them through that process would be reassuring.0 -
Some of the big questions that come from any sort of high tech / triggered process is:
- Where does the recipient get the encryption keys for your data from? Do we have to store them in escrow? If so, that's a non-starter. One of the attractions about 1Password is that we never have the keys necessary to decrypt and read your data. Only you know your account password and Secret Key, which are required to decrypt your data.
- Can the triggering event be abused? For example, if what triggers the event is that the recipient puts in a request which fires off an email to you. If you have X amount of time to respond to that email before the keys are turned over, how do we know that email didn't go to spam? Or that the recipient didn't trigger it while they knew you were on vacation and not checking emails?
We've thought about this from a lot of different angles, and so far the best solution we've been able to come up with continues to be a low tech one:
- Print a copy of your Emergency Kit: Get to know your Emergency Kit
- Write in your account password
- Store the document someplace safe, such as a fire safe, bank deposit box, or with your other estate planning documents
- Make sure to update the stored kit if you ever change your account password or Secret Key (*)
(*) One thing I've considered is making an entirely separate executor account within my 1Password Families membership. This enables me to do two things:
- I can store anything I don't want to pass along to anyone else upon my death in my Personal/Private vault. Those items will die with me.
- I can change my own credentials at-will without having to remember to update the document
I haven't actually gotten around to doing that myself yet, but it is something worth considering, if you're a 1Password Families user. We'll continue to brainstorm on this subject, but please understand it isn't a simple problem to solve, and we want to be sure we do it right if we do it at all.
Ben
0 -
Ben, thanks for going over the thinking. IMHO, the Emergency Kit is too tech-y for many folks... I think some combination of existing features (with tweaks, possibly) may be a more workable solution.
0 -
Would you mind elaborating on that a bit for me? A physical piece of paper with sign-in instructions is about the lowest tech possibility I can think of. 😄
Ben
0 -
Good question... I think they'll be challenged to recover/manage the account. I'm looking for a way to expose the links/credentials to them as transparently as possible. I have some in a shared vault already but I don't want to expose "everything" until it's needed... "least privilege" and all that. So, if there was a way to have a shared vault with a timeout or "break glass" feature, I'd keep all but my "dies with me" stuff in that vault. Does that make sense?
Eventually, someone would have to manage the account but it wouldn't be a time-critical issue... until renewal time (which I have already covered with a gift card... just to give you an idea where my head's at).0 -
Just to be clear, with my suggestion, recovering the account wouldn't be necessary. All the credentials they'd need to sign in would be made available to them on the Emergency Kit. If they did have trouble of some nature, our support team would be an available resource.
Thank you for taking the time to talk through what you're looking for here. We'll continue to investigate the feasibility of offering such a thing as a feature.
Ben
0 -
I've read through this discussion and I have a couple of questions. So I have a 1Password Families account. My wife and I have separate logins with our own private vaults and a shared vault. Just like others, I'm concerned about her being unable to access financial accounts if anything were to happen to me. I don't have a lawyer and it isn't feasible for me to pay for one just to store some documents for me... even if it was, I don't trust an office full of strangers with my private data.
Anyways, instead of having a print-out of my emergency kit stored somewhere in the house I have my 1password secret key and password stored as a login record in our shared vault. I figure my 1password vault is more secure than a hidden paper print-out.
1. Is there a risk that I'm not aware of by having my 1password credentials in one of the vaults? My vaults are encrypted on your servers so no one at 1password (or anyone stealing 1password data) can access my vault data right? Even then, what does it matter if my credentials for accessing my vault are in my vault... someone would have already gained access to the vault to get the credentials. What am I missing?
2. Someone else mentioned their family member needing access to their email account in order to recover their 1password vault. I don't understand. Can't my wife just log into my 1password account? Would her logging in require an email confirmation?Thank you in advance for your help! I love using 1password!
0 -
@JMonty Your approach seems like a good one.
1. If your wife's account is equally well secured and there are no other family members with access to the shared vault then saving your 1Password credentials there doesn't affect your security. However, you need to remember that anyone who is a family organizer can give themselves access to any shared folder.
2. Family organizers can help a family member recover their account and this process requires the family member to have access to email. If you share your 1Password credentials with someone then they don't need to use account recovery to gain access, so they don't need access to your email account. However, if you have 2FA enabled, make sure they have access to one of your devices and/or your 2FA app/device.0 -
I believe rootzero covered this quite well but if there are any follow-up questions please let us know. :)
Ben
0 -
From Ben:
"
(*) One thing I've considered is making an entirely separate executor account within my 1Password Families membership. This enables me to do two things:I can store anything I don't want to pass along to anyone else upon my death in my Personal/Private vault. Those items will die with me.
I can change my own credentials at-will without having to remember to update the document"I have been reading this thread and have to find a solution, too
For sure i would like a solution that, as Ben, said, some of my passwords die with me, and others can be passed to the family members.But i did not understand how to do it
0 -
@Loris To implement Ben's scheme you'll need to add a new account to your Families subscription. Let's call that account "Executor".
Choose an email address for Executor to use and follow the instructions for adding someone to your family:
https://support.1password.com/add-remove-family-members/
Print-out Executor's Emergency Kit, complete it with Executor's master password and save it with your other important documents, will, etc.
Create a shared vault and share it with Executor. Let's call that shared vault "Legacy".
Move the items that you want your family to inherit into the shared vault called Legacy.
Items you leave in your Personal/Private vault will not be available to your family in the event of your untimely demise.
0 -
Thanks rootzero,
but what does it means "add a new account"? How do i do that?
I can add family members logging in in my 1pass account on the web, but not "accounts"
(I have now 4 family members plus one friend that i want to add now, but those are "family members")Or does it mean paying another family subscriptions?? So that i would have to pay for two family subscriptions?
Thanks for the explanationAnother related question to family accounts and to the discussed Ben's scheme: if as the organiser sadly die, will they be able to access their own passwords (not mine) and buy a separate 1password subscription on their own name? How can they do that?
0 -
@Loris You don't need an additional subscription. Follow the instructions for adding a new member to your existing Families subscription. However, if you already have 5 or more family members then you will need to pay for the additional user.
If the sole Family Organizer dies then the subscription remains valid until renewal becomes due. However, without a Family Organizer, you will not be able to make changes to the shared vault access and there will be no one to help in case someone gets locked out. So I would recommend setting-up a separate and new family subscription at that time and transferring across your data.
Having a second Family Organizer can help in situations like these.
0 -
Sorry rootzero, the question about the family subscription is still unanswered or i did not understand
The family subscription remains valid until renewal even if I died; ok, but then
- what happens to the family members since the organiser died in the meantime and will not pay the subscription?
- Will they lose all access to their OWN PASSWORDS (i do not mean the ones of the family organiser).
- Can they transfer their own passwords to a new subscription (even a single user one) before they are finally locked out?
All these points are relevant also for the mentioned Ben's scheme. How can the "executor" access its shared folder , since the executor is just another family member and the organiser died?
thanks for help.
This is a delicate issue and need to understand perfectly well what happens.0 -
You can make another family member (or the executor account) an organizer so that the subscription can be continued:
About family organizers in 1Password Families
Personally if I were going to go through with this I would likely make the executor account an organizer. That way my family would have access to those powers after I die, but not until then.
Will they lose all access to their OWN PASSWORDS (i do not mean the ones of the family organiser).
No. Access to the data stored in 1Password is not lost for lack of payment. New items would not be able to be added, existing ones could not be edited, and filling would stop working, but read-only access to the items would continue to be available in the event nobody picked up the subscription:
If your 1Password account is frozen
I suppose one thing you could consider doing if this is still a concern for you would be to purchase a 1Password gift card, print it, and attach it to the Emergency Kit so your family wouldn't have to worry about coming up with the funds to pay in the short term.
Can they transfer their own passwords to a new subscription (even a single user one) before they are finally locked out?
Again they wouldn't be locked out, but yes, they could transfer to a new account if they decide that is the appropriate course of action.
All these points are relevant also for the mentioned Ben's scheme. How can the "executor" access its shared folder , since the executor is just another family member and the organiser died?
You would share the vault(s) containing the credentials you want to pass on with the executor account now:
Create and share vaults
Then when needed that executor account would be accessed using the details on the Emergency Kit for that account:
Get to know your Emergency Kit
I hope that's helpful. :) There is no "one-size fits all" or "correct" answer here — I'm simply highlighting one possible path forward based on the tools currently available.
Ben
0 -
@Loris The family members have from when the family orgainzer dies to the subscription renewal date to decide what to do next. The family members will have access to their own passwords throughout this time and they will not be locked out.
However, when the subscription becomes due for renewal their password databases will become read-only. They will be able to export the passwords and other data, but they will not be able to make changes.
So I was suggesting that the remaining family members might want to set-up a new family subscription sometime between when the family organizer dies and the subscription renewal date. If each family member were added to a new family subscription then they could each transfer their own data and the contents of any shared vaults to their new databases. The contents of the Legacy vault could be transferred at the same time.
Alternatively, they could each get individual subscriptions and do the same.
0 -
Thanks Ben,
Thanks rootzero
i like the "executor account".- If the family members will have a "read only" access but will be able to export and transfer their passwords to their own newly created stand-alone 1password subscription,
- plus they can access the "executor account" and do the same with the shared passwords in that account (shared with the organiser who died) , also transferring them to their new 1passw subscription
it will be perfect to me
Do you confirm?thanks Loris
0 -
@Loris Yes, that is correct.
0 -
Confirming, yes. To be clear: in order to access the executor account, they will need the Emergency Kit (including account password written in) as outlined in this guide. You would need to leave that document to them, via some mechanism. Either leave it with your will, or store it in a fire safe that they'll be able to access when necessary, etc.
Ben
0 -
I apologize for beating the dead horse as it were. I looked in past conversations and it appears about once a year something of this topic comes up. In the case of my expected or unexpected incapacitation, is 1Password looking to implement a system which is more in line with other managers such as LastPass. There are some really bad flaws in the current emergency kit which would be overcome via the Emergency Access system like LastPass. In past conversations on here there's been hints that implementing a system like this is something that would like to be done. Is it on the roadmap? We can gladly get in the conversation of why there's a need for such a system and how the current system doesn't meet the needs, but the reality is that that would just detract from the intent of this request.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided0 -
If you haven't seen it already, I'd encourage you to read through my thoughts about how I'd like to set up my own family for this eventuality, using the currently available systems:
https://1password.community/discussion/comment/625453/#Comment_625453
Beyond that, I don't have any news to add at this point, but I hope those thoughts are helpful.
Ben
0