I‘ve Stored a copy of the emergency kit in a bank safe and set up 2FA with an auth app on my phone.

JanSoy
JanSoy
Community Member

Let’s say I die - my family opens the safe and gets the Emergency Kit. What do they do now with the 2FA part, assuming my phone also perished with me? :p


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @JanSoy It's worth printing the 2FA QR code and/or manual entry secret and storing that with the Emergency Kit. Someone with access to one of your apps could disable 2FA, but the 2FA secret gives them a simpler and more reliable way in.

  • Tertius3
    Tertius3
    Community Member

    Thanks for bringing this up and reminding me to include a printed copy of the 1Password 2fa code with the printed emergency kit :+1:
    I only printed the emergency kit, but not the 2fa code.

  • JanSoy
    JanSoy
    Community Member

    After recognising this issue I went ahead and purchased a YubiKey 5C NFC which I’ll store next to the Emergency Kit in the safe. Maybe it was overkill, as I now see there’s a 2FA secret, which seems to have the same effect, right?

  • [Deleted User]
    [Deleted User]
    Community Member

    @JanSoy Yes, the TOTP standard used by authenticator apps is based on hashing a secret with the current time. So all someone needs to set-up an authenicator app is the secret, but a YubiKey is a more user friendly solution.

  • rhk
    rhk
    Community Member

    I have followed a slightly different approach (enmergency kit with next of kin), but the yubikey that is registered as a hardware token is with my accountant. Not that I don't trust my next of kin, but I don't want emergency kit and token stolen if there would be a breakin. Instructions on the emergency kit say to look at vault called 'emergency' first, that has some secure notes with instructions

  • JanSoy
    JanSoy
    Community Member

    I love rhk's approach and will adjust my setup accordingly. It's just too dangerous to have both stored next to each other.

    • Emergency Kit in bank-safe (Special instructions saved within a vault in 1Password)
    • 2FA hardware Token at my accountant

    Thanks!

  • Sounds like a plan. Stay safe! I love our community and everyone here always willing to share their experiences.

  • Tertius3
    Tertius3
    Community Member

    I would not store the credentials so far away from themselves.
    What is the purpose of the backup?
    Against what do you need to protect it?
    Will the people that are supposed to use them in case be able to actually use it?

    In case of death or coma:
    My heirs/relatives find a heap of physical stuff and locked computer machinery. They need to be able to find the 1Password credentials and need to find out how to use them. It might be an emergency situation, so it might be necessary to get access to my accounts if not immediately but somewhat fast. So storing the parts (secret key, master password, 2fa key) far away or inaccessible isn't the right approach. A bank safe might not be immediately accessible without paperwork, and it might not be obvious to the heirs the 2fa code is in the bank safe, while the other data is in some paper document folder. So I decided to store all of them in the folder (paper) with all the other vital paper documents I store at home. Not in the safe, because you don't store the key to the safe in the safe. It's not exactly the key to the safe itself, but somewhat near.

    In case of theft:
    If just the folder with the paper documents gets stolen, I'm still around and have access to my computers/smartphone. I will immediately change the keys and passwords online.

    A Yubikey as backup is not what I would use, because it's not designed to be this kind of backup. It needs computer equipment to use, and it might be available computers are not compatible with the Yubikey (for example USB-A/B/C interface). It might be mistaken for a regular USB stick and discarded, because it doesn't make some drive with data available.

  • Thanks for sharing your perspective, @Tertius3. :)

    Ben

This discussion has been closed.