Account Sharing in-case of Death

rominzandi
rominzandi
Community Member

Hi,

I'm doing some succession planning and have a-lot of account information and passwords which I would like to share with my trustee's to access various accounts in-case of my death.

What would be the best way to share various login's in my account with those individuals whom aren't part of my family plan?

Thank you!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi there @rominzandi

    It's great to hear that you're thinking about the longer term, and I'm glad to say that 1Password can help you with this.

    Early last year, my colleague Nick posted this to our blog, which you might find helpful:

    Digital estate planning: How to share digital accounts safely — 1Password Blog

    The short version of this is that your loved ones and next of kin should know where to look for your Emergency Kit, which contains all the information needed to sign into your 1Password account. From there, they'll be able to access all of your items, just like you can.

    Get to know your Emergency Kit

    Keep your Emergency Kit somewhere safe. We recommend you print it, and handwrite your account password on it. I'd suggest keeping it with your passport, financial documents, your will, or similar important documents.

    If you're using 1Password Families, it would also be a good idea to make sure that someone else in the family is a Family Organizer – they would be able to recover your account for you if you got locked out, although that shouldn't happen if you have your Emergency Kit! They would also be able to recover your account in the event of your passing, and this would serve a similar purpose to the paper Emergency Kit you've stored securely.

    Please let me know if you have any questions about any of the above, or would like any further help. :)

    — Grey

  • mugino
    mugino
    Community Member
    edited October 2022

    I'm in the exact same boat as the OP... looking to migrate my family to 1Password from LastPass due to inadequate document/note sharing capabilities in LP for trustees / future users (also I'm a former 1P user and always felt the 1P experience was far superior to LP).

    However, the 'Emergency Kit' feature is hardly more than writing down your password on a notepad and keeping it in your desk. It just doesn't cut it.

    If 1Password added a similar Emergency Access feature as LP offers, it would be a no brainer. Without that, my search continues.

  • @mugino

    We're still looking at ways we could help customers establish something of a digital estate plan. Right now, the best way to do that is via the Emergency Kit in a safe place, just like a physical will, or by nominating another Family Organizer so that they can get access if needed. However, as I say, work is ongoing to see how best to achieve this in the longer term.

  • williakz
    williakz
    Community Member

    Quick question: what is the downside to adding the password to the Emergency Kit PDF using text tools, then printing out the completed PDF, followed by deletion/shredding of the resulting files? Given the variability in people's handwriting and reading practices, handwritten passwords using complex character strings, mixed case letters, and/or numbers could conceivably be misinterpreted by others just when the need is greatest.

  • @williakz

    If customers are technically knowledgeable enough to annotate the Emergency Kit PDF and then securely destroy the file when it's been printed, that's fair enough. We probably wouldn't advise that to everyone because it involves quite a few steps, and software that we don't make or support. There is also a very small (but not zero!) chance that the file may not be shredded correctly and might leave a forensic trace, or that malware running on the computer could monitor the screen, or that someone is simply watching over your shoulder! Handwriting your account password practically eliminates those threats.

    Our guidance for an account password is to use at least four randomly generated words (something like the quick brown fox won't be good enough), using the Memorable recipe in 1Password's password generator, or using our online password generator.

    There's no need for uppercase letters, numbers, or symbols – using four words already introduces enough randomness that fiddling about with uppercase, numbers, and/or symbols doesn't add any meaningful security, particularly when you remember that your 1Password account is also protected by the Secret Key, which adds a second layer of randomness. And you can just separate the words with spaces, rather than hyphens or anything else.

    For example, a good account password might be something like extract cheetah lyra rugby (although not now that it's out in public!). That's easy enough to remember, perhaps by making a little mental narrative from it, and if it was handwritten on your Emergency Kit as "𝑒𝓍𝓉𝓇𝒶𝒸𝓉 𝒸𝒽𝑒𝑒𝓉𝒶𝒽 𝓁𝓎𝓇𝒶 𝓇𝓊𝑔𝒷𝓎", it should be unambiguous enough to anyone who would need to use it.

    For what it's worth, I went the simpler route of handwriting my account password on my Emergency Kit and just adding (all lowercase, with spaces) to clarify. Even with my appalling handwriting, I know that anyone who would need to use my account password in an emergency would be able to do so without trouble. There's also the side benefit of my account password being easy to speak aloud if it was ever necessary. Users of sign languages might also benefit from using dictionary words instead of a muddle of random characters.

    What works best for you will depend on a number of factors, and we definitely can't predict every possible scenario, so the important thing is to make sure that you make the decisions about your security that work best for you, your family, your business needs, your storage requirements, and so on. No single solution will fit every eventuality.

    We'll always be happy to help answer questions about best practices and what might work best for you – please let us know if you ever need any help. :)

  • williakz
    williakz
    Community Member

    Thanks @GreyM1P. I (mostly) agree with your comments and appreciate you taking the time to formulate them. It's just that users should know they are betting the farm that someone, possibly totally unknown to them, will correctly interpret their handwritten string of unknown (to you or me) complexity. For example, I know a number of users tend to swap out various letters in word-based passwords with numeric or punctuation facsimiles ('0' for 'o'/'O', '1' for 'l', '$' for 's'/'S', etc.) to increase randomness (is this the correct term?) which could result in another level of interpretive jeopardy.

    I recently went through a version of this interpretive dance in dealing with my father's estate; he had a paper notebook full of account numbers and passwords. The numbers were a snap, however he made no distinction between upper and lowercase letters even when the actual string was mixed-case (all were handwritten in block). I unfortunately got VERY used to 'invalid password' messages and lockouts when trying to access his accounts to update or close them. I have since advised my other elderly relatives to keep their various account passwords (if not in my first choice—1Password!) in a spreadsheet data file on a thumb drive periodically updated and secured in a location specified in their final instructions.

  • @williakz

    You're welcome. This is why we recommend words, all in lowercase, with no numbers or symbols as your 1Password account password. It should be the only password that ever needs to exist somewhere outside of 1Password itself, so readability is key. As you've seen with a paper notebook, substitutions, numbers, and symbols make things very tricky. As a user of 1Password, the best way you can help anyone who needs to use your Emergency Kit is to make the account password as legible as possible. Certainly, using words for your account password will help with that, but if you do want to use numbers or symbols, then your original suggestion of annotating the Emergency Kit PDF and printing it, then securely destroying the file, would be the workaround.

    Unfortunately, letter-for-number or letter-for-symbol substitutions don't do anything to increase a password's security – modern password cracking software automatically applies those substitutions, so even if the password is technically more random as a result, it's no more secure. That used to be true, which is probably why that idea has taken hold with the public, but it's no longer the case. My hope is that as best practices change, the security and tech industries do more to educate people about them. For example, it's no longer necessary to change your passwords every 30 days, as used to be the recommendation.

    In the longer term, eradicating passwords by usng passkeys instead will help solve a lot of this trouble, but clearly that's a little way off for now. :)

  • williakz
    williakz
    Community Member

    Sorry to bend your ear a bit more, but the password for one's Apple ID occasionally needs to be entered (I forget the exact circumstances) and MUST be manually entered as it can't be either autofilled or pasted into the appropriate field. I suppose one could always switch screens/apps to look up a goobledygook (hard) password in 1Password, write it down, then enter it into the Apple ID field. Alternatively, and I suspect more widely in practice, one could choose an easy-to-remember (and thus much less secure) Apple ID password. Does any of this ring a bell?

  • @williakz

    In my experience, you can't autofill into the Apple ID prompt on iOS (because the "🔑 Passwords" button doesn't appear on the keyboard), but you should be able to paste. From memory, the only time I've not been able to autofill or paste is during the setup assistant when you first turn on a new device.

    If you single-tap the field, you should see Paste in the context menu, a bit like this:

    image

    That might not be the particular screen you're referring to, but if you run into trouble, let me know what exact task you were trying to do and I'll try reproducing the issue here. :)

This discussion has been closed.