If Google Drive requires 2FA then it's safe-ish to store Emergency Kit?

ontario
ontario
Community Member
edited November 2022 in Business and Teams

Hello everyone, right now for my team:
1. Our Google Drive requires 2FA (only 1Password OTP is allowed as the second form of authentication)
2. Everyone has a private folder in Google Drive.
3. I as administrator have access to everything on Drive.
4. Each person has a printed copy of their Emergency Kit in a safe location at home.
5. Digital copies of Emergency Kit not allowed.

We're new to 1Password so I'm worried about rare scenarios where someone needs to regain access to their 1Password account but they're on a business trip. We're a small team, organizational value at the higher-end of eight digits. I'm trying to think of the right balance for my team between security vs. accessibility. I also feel like risk can't be eliminated but can be managed.

If I allowed Emergency Kits to be stored on Google Drive, on a scale of 1-to-10 how much risk do you feel that adds?
If it's like +2 risk then I'm comfortable with that!
If it's like +999999 risk then I'll keep everything as is :).
Thank you!


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hi @ontario,

    Thanks for asking about best practices for storing Emergency Kits for 1Password. While I'm not sure we're in an ideal position to asses risk for your team, I'm happy to discuss the situation and see if there is anything I can help you clarify.

    Firstly, you mentioned potentially Emergency Kits in Google Drive, which also requires an OTP that is stored in 1Password.

    It seems to me that with no other changes, this would create a circular dependency on having access to 1Password, to access the Google Drive for the Emergency Kit, which is needed to set up new 1Password devices.

    • If a team member already has a 1Password app signed in, they have access to the same information and being able to get the Emergency Kit from Google drive wouldn't improve anything.
    • Conversely, if they are locked out of or lost all of their 1Password apps, they wouldn't be able to get the OTP code needed to access Google Drive, and would still be locked out of both 1Password and Google Drive. Perhaps I've misunderstood how the OTP restriction on Google Drive works.

    Second, you mentioned "I as administrator have access to everything on Drive."

    Depending on perspective, this could create a vulnerability around your access should you ever go rogue, or if your access to Google Drive was compromised. For the most part, your account owner access can grant you access to all shared 1Password vaults anyways, but having the Secret Key and account password for other accounts could grant access to their private vault too.

    It's also worth noting that 1Password already has tools to Implement a recovery plan for your team and to Recover accounts for family or team members. Using an account recovery may be preferable if a team member finds themselves totally locked out and in need of a new Secret Key or account password. That would avoid them needing to have access to the Emergency Kit while traveling.

    For what it's worth: I don't generally advise teams to share their Emergency Kit, but I know some teams ask their team members to do this.


    Can you elaborate more on the scenario you are envisioning? I'd like to better understand why team members might need their Emergency Kit while traveling.

    I'll be on the lookout out for your reply.

    Thank you,

  • ontario
    ontario
    Community Member

    Oooooh that recovery plan info is helpful. I think I'll go that route instead if someone needs to regain access. Thank you Scott!

  • Hey @ontario,

    I'm glad to hear the recovery plan will help your team. Let me know if you have any further questions.

    Cheers,

This discussion has been closed.