Account Recovery Catch-22

haydave
haydave
Community Member

I'm learning about the 1Password account recovery process for our Family account. If I understand correctly, an administrator/account owner can initiate a recovery for another family member, but that family member has to have access to their email. What happens if that family member's credentials for their email account are in 1Password? It seems like you could be in a no-win situation! In order to login to my email account, I need the credentials from 1Password (which is why we bought it in the first place), but in order to recover my 1Password account (because I lost my secret key) I need access to my email, but to access my email...

Shouldn't there be a way for the alternate account administrator to provide a new secret key to another family member? What about changing the email address of a family member (i.e. so I could get a temporary email until I could get back into my main email)?

I appreciate the security features of 1Password, but it seems like there's a hole in the recovery process, if I think about disaster recovery (e.g. the house burns down and only one of us has a trusted device).


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser:_ Not Provided

Comments

  • Hello @haydave! 👋

    Thank you for the feedback! The account recovery process is designed to help you, as the family organizer, recover another family member's account in case they forget their account password or lose their Secret Key.

    Most importantly: the process is designed so that the family organizer can't gain access to another family member's account without access to that family member's email account. If the family organizer was able to arbitrarily change the Secret Key or the email address associated with another family member's account then they would be able to take over and access the accounts of other family members whenever they wanted to. The recovery process is designed to prevent that from happening.

    Would having your family member share their email account password with you, the family organizer, offer a solution to the scenario that you outlined? Another option may be to set a recovery email or phone number for your family member's email account so that you can also help them reset the password for their email account as well in the event that they get locked out of both 1Password and the email account at the same time.

    -Dave

  • haydave
    haydave
    Community Member

    I understand the balance here...keeping the individual user accounts secure while also allowing the family organizer the power to help recover accounts.

    The thing that I'm getting hung up on is the loss of the secret key. The scenario I'm thinking of is that the family member still remembers their password, but has lost access to the secret key. (It's not really 1Password anymore is it? It's 2Password ;-) If the family organizer had a way to regenerate or recover the secret key only, that would allow the family member to get back into their account, but prevent the family organizer from taking over the account.

    David

  • @haydave

    If your family member is okay with you being able to access their Secret Key, then you can have the family member download their Emergency Kit, save the Emergency Kit in an item in 1Password, and then move that item to a shared vault that you, the family organizer, have access to.

    Alternatively, your family member can print their Emergency Kit and store it in a safe place like a personal safe or bank's safe deposit box in case of emergencies.

    -Dave

  • [Deleted User]
    [Deleted User]
    Community Member

    I'm trialing 1password, migrating from LastPass -- testing Family plan, atm, b4 moving on to biz accounts.

    THIS^^ topic is disconcerting ... That definitely sets 1password as the odd-app-out.

    No well thought out, end user friendly Emergency Access 'tween family members? Hmmm ....

    It appears been discussed/requested here since -- at least -- 2018:

    "How to set up emergency access"
    https://1password.community/discussion/92832/how-to-set-up-emergency-access/p3

    doesn't really give me a "we listen" warm-fuzzy.

  • @pgnd

    Thank you for the feedback! We're working on making the recovery process more intuitive in the future for things like estate planning. You can get a glimpse of the future here: A vision of the future with 1Password

    -Dave

  • [Deleted User]
    [Deleted User]
    Community Member

    You can get a glimpse of the future here: A vision of the future with 1Password

    Wow. The 2022 reincarnation of PowerPoint Flying Text. Some of the least helpful marketing blather I've seen in a decade.
    Makes my eyes hurt.

    But ok.

  • @pgnd

    It's definitely a high-level overview but an exciting peek into things that we're working on, we're hoping to fill in more detail on our blog and other media as time goes on.. That being said, I've passed along your feedback about account recovery to the team. 🙂

    -Dave

    ref: IDEA-I-285

This discussion has been closed.