With no local vault in 1PW8, what's the disaster recovery plan?

My primary vault is synced via Dropbox, and I semi-regularly update an offsite physical hard drive with a copy of the vault. The only password I know is the One Password for that vault.

I can lose my phone & laptop in a single instant, but with that offsite drive, I can bootstrap my wired life from scratch, only knowing my One Password.

How do I do something similar with 1Password 8?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • cryptochrome
    cryptochrome
    Community Member

    You get a subscription and have your data hosted in the 1P cloud.

  • craffert0
    craffert0
    Community Member

    I'm sorry I wasn't clear. I've lost all my devices, so don't know my secret key, so cannot login to 1P. How do I login without that?

  • Tertius3
    Tertius3
    Community Member

    A regular backup strategy for this is that you print your emergency kit, which includes account information and secret key, then also write down your master password, and store this in your paper documents. In case you also enabled 2fa for 1Password, also include a print of your 2fa QR code for 1Password.

  • craffert0
    craffert0
    Community Member

    Paper stinks. It's lost in the fire along with my devices. And giving the paper to someone else means that someone else has my secrets.

    My backup drive has only encrypted data, with the passwords in my encrypted vault. Encrypted with my One Password.

    And now that I think of it, I can read-only share my dropbox folder with my vault with some friends, and be able to just ask them for a copy. And it's safe, because it's encrypted.

  • Hi @craffert0,

    If you do not want to send your friend a paper copy of your emergency kit you could give them a digital copy on a flash drive or hard drive. Additionally you do not need to write your password on to it, the Secret Key is only part of what protects your data so with that alone your data is not accessible. There's more info here: https://support.1password.com/secret-key-security/

    The great benefit of being able to get access to your 1Password account is that you don't lose any of the data that you created after your last backup.

  • Tertius3
    Tertius3
    Community Member

    I thought about what would happen if I wake up in the middle of the night, my flat burning, and I get saved with literally nothing except my nightwear. The only thing that would be left of my personal data is cloud storage. And so I put my important data on Onedrive. I can bootstrap my life from Onedrive. All official documents, all certificates, digitized and synced.
    I have an Office 365 subscription that gets me 1 TB space, and I use this. The 1Password emergency kit is on Onecrive as well - without the master password.
    I need a new smartphone and a replacement SIM card with the old phone number and I'm in again.

    I thought about using an external drive, but this isn't feasible. Either it's offsite and out of reach to keep it up to date, or I brought it onsite for update and don't put it offsite again. I know my laziness. This task has to be automated, and sync to cloud storage is what can be automated.

  • craffert0
    craffert0
    Community Member

    Thanks @Joshua_ag, that's good advice. Because I have a strong password, I can trust my friends to know my secret key, and share it with them in plaintext in a google doc.

    That secret key seems like just a really large Salt. It protects users against their own weak One Password, but doesn't add much for a strong OP. I like that.

  • craffert0
    craffert0
    Community Member

    @Tertius3 that exactly where I'm coming from. I read an article from someone who had to deal with exactly that and tried to figure out how I'd do it.

    So my only question about your system is how do you know your password for Onedrive? The only two passwords I know or ever type are my laptop and 1Password ones.

  • Tertius3
    Tertius3
    Community Member

    No, I don't know my Microsoft account password, because it's generated. I set up a "passwordless" Microsoft account with 2 factor auth. The 2nd factor is the phone. For Microsoft account recovery, I can tell the recovery website to text me the recovery code for login, and so I need a new SIM card on the new phone with the old (registered) telephone number.

    This is really the last resort if everything is gone.

    Usually there are always some devices left with stored credentials somewhat. As standard, I carry my smartphone around everywhere. It has become a key, you know. You also take your keys everywhere. If just this is saved, there is no issue at all to bootstrap from it. Not even a recovery is necessary. And then there is a login on the Windows PC of my father in another town, so this device is registered and I can login with Windows Hello with my PIN on it, as long as my father doesn't break his PC.

  • craffert0
    craffert0
    Community Member

    @Tertius3 yes, if I have my phone, I have my world. That's a good idea about using the SIM for password recovery. As long as you don't get cloned.

    It's always about balancing the various risks. And I just emailed my brother my Secret Key.

  • Some great suggestions in here! :smile: I've been thinking about getting a small fire safe for myself personally, to keep some of my more important paper documents (including the Emergency Kit) safe in the event of a fire - if anyone has any recommendations I'm all ears!

This discussion has been closed.