Just switched from LastPass... missing 2 major things?

Delhitful88
Delhitful88
Community Member

Hi all,

I'm trying out 1Password because of the integration of masked email with Fastmail. This is a nice integration, and so it was worth me checking out 1Password, but there are 2 major things that seem to be missing which will likely mean I go back to LastPass, unless someone can help me find similar functionality.

  1. Emergency recovery: A printed key?! LastPass allows you to elect family members who are also on your family LastPass account to be able to request access to your account, and if you do not decline within a set period (say 7 days), then they get access. You can set this period up to 30 days. This means that even if one of the people you trust enough to give them this responsibility, they still have to wait up to a month before they get access, within which time you have time to deny that. In the event of a death, the month doesn't really matter. This is MUCH better than 1Password's Masterkey print out in my opinion. Physical safes? Escrow? It's 2022. This might be a deal breaker by itself....

  2. Device recognition: LastPass allows you to block new devices from accessing your account. When a new device tries to log in with the correct credentials, an email is sent requiring verification of that device. This means I could basically publish my Username and Password on reddit, and I'd still be safe (perhaps not entirely, but you get my point). Does 1Password have something similar?

Masked email integration is a nice touch, but frankly it doesn't take long to just do it manually so it's not worth the downsides of not having the above.

Thank you!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided

Comments

  • Hey @Delhitful88:

    Thanks for giving us a try!

    Those are some great questions.

    Emergency recovery / legacy management is something we've discussed a few times here on the Support Community, so I'm sharing some of what I've said previously.

    Digital inheritance is something we've been looking at as previously mentioned, the catch is it's just a very hard problem to solve while meeting the needs of you now, as well as future you and your loved ones.

    We'd like to implement it in 1Password but we want to make sure we do it right, which when comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances, while also not being overly complicated to use, is not as easy as it might seem.

    Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to used a trusted physical solution such as a safety deposit box containing your Emergency Kit, or providing it to a family attorney with any other end of life documents they may store for you as well.

     

    It's definitely something we're exploring. More than anything, our goal is to make it cryptographically secure for us to be happy about putting it into the world, not just protected by access controls. We do offer the ability for family organizers in a 1Password family account to recover their family members, and similarly administrators in our enterprise offerings, but both cryptographically and using access controls, the person who controls the account remains in the loop and more importantly, the 1Password server never has enough information to decrypt any data.

    With all that said, it becomes significantly trickier to design a system that you don't have to trust when it comes to digital legacy. It's impossible for you to be in the loop, since you're incapacitated. What other password managers tend to offer is a key escrow solution. A key to your encrypted data is then encrypted itself. This key is encrypted using the public key half of a keypair. The person you have selected as your emergency contact has the private half of the keypair in their password manager account. When this individual requests access for digital legacy reasons, you receive notifications to stop the recovery process, and if you do not stop it in time, your encrypted data key is sent to the individual, and as they have the private key, they are able to decrypt the key, and then decrypt the password data sent by the password manager as well.

    The catch with this method though is when you distill it down, in the event of you being incapacitated, your data is not protected by cryptography, your data is protected by access controls. The only thing preventing the password manager service from sending your encrypted key as well as your encrypted data to the emergency contact is trust. There's no cryptographic lock preventing them from doing it, it's just a promise.

    I hear you, and I understand that this is a feature that you've asked for and many others have as well. If we do implement it, we want to make sure it's done with the trust in cryptography people expect from 1Password, not just access controls.

    Additionally, if you wanted, you could make the family member(s) you'd like to have access to your account in event of an emergency a family organizer. That would give them the ability to recover your 1Password account in the event it was needed.

    As for authorizing devices, using two-factor authentication for your 1Password account should be exactly what you're looking for. Let me know how you get on with that!

    Jack

This discussion has been closed.