To protect your privacy: email us with billing or account questions instead of posting here.

Feature Request: Emergency access for estate planning

24

Comments

  • VT1P
    VT1P
    Community Member

    If I am in a coma I would want my children to have access to my finances so they could help me - I would be very happy with a default "Yes" to Bitwarden.

  • MrC
    MrC
    Volunteer Moderator

    I think my flippant point was that there is no one size-fit all solution.

    This is a people problem, that even the largest companies are reluctant to embrace. it's difficult. In the end all judgements must be performed by someone trusted, or an authority.

    Some are comfortable with allowing some implementation of technology to satisfy this role. The risk / exposure to companies who attempt this is high, the reward low. Each company will perform their own risk / reward assessment. I'm pretty confident that few will embrace this area.

  • VT1P
    VT1P
    Community Member
    edited March 2023

    Mr C,

    You wrote: In the end all judgements must be performed by someone trusted, or an authority.

    I do not see this as a people problem where I need to trust a human at 1P.com or Bitwarden to flip a switch at the right time. I see this as a password manager zero-knowledge programming problem. Unless 1P.com can show me why Bitwarden's Emergency Access facility is not really zero- knowledge, I just want 1P.com to give me something similar that is as good or better than Bitwarden's solution.

    The most likely future is that I will get older and eventually invite my POA/executor adult child to become fully involved in my finances to help me. I just want a zero-knowledge, web-based emergency access feature that let's me provide access to info in my 1P.com account if I die in a plane crash, or become severely ill or injured while I am away from home, before I get older and provide access myself in a more orderly way.

  • MrC
    MrC
    Volunteer Moderator

    I see this as a password manager zero-knowledge programming problem.

    if it were all that easy, and liability and cost free, every company would be doing this.

  • VT1P
    VT1P
    Community Member

    I don't see the extra liability. Every password manager faces the risk of being hacked. If their programming is good, including their server security, it shouldn't happen. It appears LastPass' zero-knowledge programming was OK, but they had a problem with senior staff protection of server access credentials and they cut-corners on breadth of encryption. 1P.com is better than LastPass, and as far as I know they don't cut any corners.

    Bitwarden faces the same types of liability and zero-knowledge programming demands as 1P.com, although they have programmed a narrower set of password manager features. Nevertheless, their cost is $10 per year and 1P.com's is much higher.

  • VT1P
    VT1P
    Community Member

    I think 1Password.com could program an emergency access feature like Bitwarden's, but not enough customers are asking for it. I never asked for it either until I retired from work, reviewed my estate planning, and began to worry how our adult children could gain emergency access to our passwords and other key info we keep in our 1P.com account. I don't want to give them access to all the details now, by giving them a copy of my Emergency Kit and my master password, but I would like to provide them access in a true emergency.

    I think 1P.com could program a good zero-knowledge emergency access feature, while still leaving the Emergency kit in place to serve its current role. I don't think it's an insurmountable task for 1P.com, I just think not enough customers are asking for the feature yet. I can accept that, but I plan to keep asking for it.

  • Thanks everyone for continuing to keep this conversation going! A secure, zero-knowledge, emergency access feature is definitely something I'd love to see pursue.

    For those who may have found it while searching for estate planning options and want something you can do immediately... the best option right now is to download and save your Emergency Kit. You can print out the Emergency Kit and write down your account password. Then you can store the Emergency Kit in a personal safe or safe deposit box. Using the Emergency Kit your family or lawyer will be able to access your 1Password account.

    If you're using 1Password Families, you can create a separate family member or guest account and only share the items that you'd like your attorney or loved ones to have access to in case of emergency.

  • lopinc
    lopinc
    Community Member
    edited June 2023

    Hi folks, as a user of LP looking to migrate to 1P, I wish there was an Emergency Access feature like LP has as well. I've searched the boards here and seen many other threads where this was discussed with a few options that really aren't options:

    • Store emergency kit somewhere safe where a family member can get to it

      • That won't work if you have 2FA enabled, which you should (don't assume your survivors will have access to your phone or be able to unlock it), plus you have to implicitly trust the "somewhere safe" in the meantime.
      • Also won't the "emergency kit" method be rendered moot by using Passkeys to login to 1P in the future?
    • Having a family member on a family account do an account recovery

      • Correct me if I'm wrong but the family recovery process requires the person who can't get into their account to create a new account by clicking on a link they are emailed to recover their vault. How is that supposed to happen then they are no longer alive or otherwise incapacitated? Further, if the password to their email account is in their vault, that isn't accessible until it's recovered, then you can't get to the link in the email from 1P and you have a catch-22, so that doesn't work either.

    In researching how LP does this without knowing your vault password/keys, I came across this: https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass/FAQ_Emergency_Access.html&_LANG=enus

    “The key used to encrypt and decrypt your LastPass vault data is encrypted with the Emergency Access contact's public key, and can be decrypted only with their corresponding private key. When setting up Emergency Access, you are using the recipient's public key, encrypting your LastPass vault key with that public key, and then LastPass stores that RSA-2048 encrypted data until it's released (after the waiting period you specify). Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you're sharing it with, which is encrypted with their master password key. This process is completely automated, with no action required by the end user, and ensures that the data is inaccessible by LastPass or outside parties.”

    Sound familiar? It should, it’s similar to how the 1P family recovery feature works. From page 54 which describes how Recovery Groups work: https://1passwordstatic.com/files/security/1password-white-paper.pdf

    “When a vault is created, a copy of the vault key is encrypted with the public key of the Recovery Group. The members of the Recovery Group are able to decrypt the private key of the Recovery Group. Thus from an exclusively cryptographic point of view the members of the Recovery Group have access to all of the vaults.”

    So it seems that 1P already has the mechanism to do Emergency access, by adding a “dead mans switch” functionality to the existing Recovery Group cryptographic procedures that already exist. The differences would be:

    • Instead of emailing the user whose vault is trying to be recovered a link to start the recovery process, you email them a link to stop the recovery process. If that link isn’t clicked within X days the recovery process is allowed to happen by the emergency contact.
    • For the person who started the emergency recovery process, the recovered vault(s) are added/copied to their own account, facilitating the emergency access.

    I really hope this gets addressed soon, it's the only thing that's preventing me from becoming a paid 1P subscriber, thanks.

  • ag_josephine
    ag_josephine
    1Password Alumni

    Hi @lopinc,

    Thank you so much for all your feedback!

    I've filed an additional feature request internally, including your feedback, to bring this to the attention of our team. They regularly review feature requests from our customers to consider what should be added or changed to future versions of 1Password. Your feedback, along with feedback from our other customers, helps them immensely with their planning.

    Thank you again for your suggestion, we appreciate your feedback and love hearing from you - Please let me know if you ever have other ideas on how we could improve 1Password or if there is anything else I can help you out with!

  • Waldo000000
    Waldo000000
    Community Member
    edited June 2023

    I've searched the boards here and seen many other threads where this was discussed with a few options

    @ag_josephine Is there a definitive KB article or docs page or pinned thread that collates/describes the current best recommended workarounds to 1Password's current lack of digital inheritance features for various use cases? At the very least, that would help all of us from needing to search these forums ourselves.

  • K2342
    K2342
    Community Member

    Seconding this feature request - I've been asking for it for awhile myself. Lack of estate planning / dead man's switch features has been the only feature gap I've seen in 1Password. The workarounds I have in place are tedious, clunky, and error prone. 1Password's past explanations for why they won't implement this seems to be some philosophical reasoning, rather than technical. They can, they just dont want to because they see it as less safe / not what a password manager should do.

    I think it's a bunch of bullcrap. What good is a stronghold without a door ? A castle full of food that no one can reach ? How is 1Password protecting everything I care about digitally, but then ignoring the people I care about - who will have to decipher janky workarounds to access 1Password data ?

    Dont get me started :-) . There's a bunch of old threads in this you can look for in search. I will warn you - you will like none of the options. They've all had holes poked into them by other posters.

    Lastpass was a mess - but they did get emergency access correct.

  • ag_josephine
    ag_josephine
    1Password Alumni

    Hi @Waldo000000,

    As wills and estates do vary so much case by case so we don't have any sort of definitive guide as digital estates change so much from person to person; however, I've attached a blog post below that you may find helpful: Digital estate planning: How to share digital accounts safely

  • ag_josephine
    ag_josephine
    1Password Alumni

    Hi @K2342,

    Using the analogy of a door, 1Password does have a door, and as well as keys to access it. However there isn't any sort of digital back door built into 1Password. The "keys" come in the form of your Emergency Kit. In order to grant access your data in case the unthinkable should happen, the best workaround currently is to include your Emergency Kit in your will and ensure someone is granted access to it.

    This lack of digital backdoors means data stored within 1Password's severs is safe from digital attacks.

    I've included a link below to an informative article below:
    How 1Password is designed to keep your data safe, even in the event of a breach

    The above is why the Emergency Kit exists and why we stress the importance of it; as long as someone can gain access to your Emergency Kit, they can open the door to the stronghold, so to speak.

    The previously mentioned Digital estate planning: How to share digital accounts safely article touches upon this also.

  • lopinc
    lopinc
    Community Member
    edited June 2023

    @ag_josephine That's not entirely accurate as, in a family plan, the private key of the private/public keypair for a users vault is also encrypted by the pubic key of the Recovery Group which all family members are a part of and have the private key for, as I noted in my post. That allows a1P family member to recover a vault for another family member, without either knowing the lost password or "key" that's on the emergency kit for the recovered user (which is not the same as the cryptographic public/private key pair).

    So 1P itself may not have a "digital back door" but you have already engineered it so that someone else can have a back door to a vault. It is that process that can be modified to create an emergency access feature, if 1P gets around to implementing it.

  • K2342
    K2342
    Community Member

    Hi @ag_josephine

    Thanks for your response.
    There's a variety of ways around that, as other threads have documented in this forum over the past several years, and well as implementations by other companies (Dashlane, Lastpass, etc) that do have emergency access have shown.

    You can either grant full emergency access like Lastpass did, or just build out the guest workflow more to include revokable, time-lapsed access.

    Regarding the latter, one idea would be for 1Password to use the existing workflow for "Guest" access, and enhance constraints around access to that vault. Make a revokable, time-lapsed access vault that any guest user can access via email. Then users can choose to put their emergency kit there, or whatever other information they'd want the person to have in an emergency. And Voila - 1Password now has a real emergency access workflow that is accessible and secure - without needing to handle any keys more than guest sharing already does.

    I'm not going to rehash the options (for full access), I'm sure 1Password has looked into them. It certainly can be done, it just seems 1Password doesnt want to. And I dont quite understand it - because as time goes on, and 1Password grows, more and more people are going to request emergency access and eventually 1Password will add it. Especially if 1Password plans to have an IPO at some point - sooner or later stakeholders will demand this feature and it will be implemented. Could be 5-10 years from now, but it'll happen. I wish 1Password would just admit this and get ahead of it, rather than hiding behind technical grounds.

    Speak of a digital backdoor is just a scare tactic. There is a balance between absolute security and usability - and 1Password will need to try and land in the middle if they want to really grow. Like it or not, emergency access is something Password Managers need to implement in some way before they can really be used for the masses. If your service becomes too hard to use, it wont gain adoption beyond a bunch of techies like us. Again, this is especially relevant if 1P has IPO plans. Shareholders will require something like this, I am almost sure.

    I love 1Password. I'm a software engineer myself and get the tech part of it. But it truly keeps me up at night that the service I put all my faith into for digital secret management is seemingly burying their head in the sand regarding emergency access. A digital secret manager is no good to me if it will lock out my family in the future because a lawyer or well-meaning family member is unable to work it.

    It's been a longstanding issue for me, and obviously ( :-) ) something I am very passionate about.

  • ag_gareth
    ag_gareth
    1Password Alumni

    Hey @K2342,

    Thank you for letting us know this is something you want to see and we'll get all your feedback added to the feature request we have raised for this.

    In the meantime we have these blog posts all about not only planning and managing your own digital estate with 1Password, but also how to handle inheriting someone else's:

    And if there's anything else we can help with or anything else you'd like us to add to the feature request for this let us know.

  • lopinc
    lopinc
    Community Member

    How would the "emergency kit" work (and having someone else in your family use it) if you login to your 1P account via Passkeys which requires a device that may not be available?

  • K2342
    K2342
    Community Member
    edited July 2023

    Hi @ag_gareth

    Thanks for your response. I find those links at best unhelpful, and at worst - misdirection. The gist I get is "1Password doesnt support emergency access, so we going to make it seem very complex by calling it Estate Planning, and provide some superficial tips you can find on any online blog to seem like we're helping".

    They don't do a whole lot, and kind of support my perspective that there is some politicing going around this at 1P.

    Please just implement a simple, in house emergency access workflow. I dont need 1P to handle my estate planning - just a safe emergency access workflow.

  • ag_gareth
    ag_gareth
    1Password Alumni
    edited July 2023

    Hey @K2342,

    Thanks for your response. I find those links at best unhelpful, and at worst - misdirection. The gist I get is "1Password doesnt support emergency access, so we going to make it seem very complex by calling it Estate Planning, and provide some superficial tips you can find on any online blog to seem like we're helping".

    Our apologies for the misunderstanding. 'Emergency access' is currently provided through the use of the Emergency Kit and our blog posts on digital estate planning were written to explain how to leverage it in that emergency scenario.

    Please just implement a simple, in house emergency access workflow. I dont need 1P to handle my estate planning - just a safe emergency access workflow.

    We absolutely understand you would like a different and specific workflow for this type of emergency. We've raised a feature request for this and your feedback has been added.

  • ag_gareth
    ag_gareth
    1Password Alumni

    Hey @lopinc,

    That's a great question! Unlocking 1Password with Passkeys isn't in early access or beta yet so we don't have anything to announce right now, but this is absolutely something we're working on and you can sign up here to be kept in the loop on passkey updates as they happen.

  • a7n
    a7n
    Community Member

    Hi 1Password,

    Just leaving a comment here to say that I would like this feature implemented.

    I just joined the community. Is there a way for customers to see the status of this feature request?

  • mplante
    mplante
    Community Member

    Hi 1Password team.
    Very simply, the ONLY thing that I miss from Lastpass is the super simple way I was able to give my wife and my adult children access to my digital life in the event that I pass away before them. From a product design perspective please look at "How to use emergency access" on this page here https://www.lastpass.com/features/emergency-access. That's it. Nothing more. Apart from that I'm extremely satisfied of my move to migrate over to 1Password and I've converted a lot of my Lastpass relatives to do the same. But please, we need this one. THANK YOU

  • K2342
    K2342
    Community Member

    @mplante Totally agree. 1Password could shamelessly copy Lastpass's implementation and I'd be thrilled with it.

  • kambusha
    kambusha
    Community Member

    I'd just like to add my vote for this feature. It's the only reason I left 1password about 2 years ago. I need to be able to setup my vault as a digital will so that I can designate some close contacts with emergency access should anything happen to me.

    I would come back to 1password in a heart-beat if they finally implemented this feature. I just don't see the argument against it at this point. If you don't need the feature, then don't use it. I remember reading about domestic abuse or coma use-cases that were apparently the reason not to implement it. However, I don't really get either one. If it's a matter of domestic abuse they would only be a trusted contact if you added them first (they can't just request access to account and then not allow access to your email). Also, realistically (and unfortunately), I doubt the abuser would need emergency access if they really wanted access to the account. Then for the coma use-case, that's a perfect time when you would want a trusted contact to have access to sensitive information to help you out.

    Is there a use-case that's still being discussed as the reason why this feature doesn't make sense for 1password still?

  • Tertius3
    Tertius3
    Community Member

    @kambusha I guess the reason it's not implemented as simple timeout-based solution is that 1Password doesn't want to take responsibility for releasing the emergency access.

    The decision to release access is done on and by their servers. There needs to be a job running every day, and if the timeout is reached, that job is releasing access. If someone is able to mess with that job, it's possible to release emergency access prematurely. After 0 days for example, which means immediately, which would be a disaster.
    This release is outside the control of ourselves, the customer, and this is against the concept of 1Password, as far as I understand: always give the customer full control over every aspect of his account.

  • dkuldell
    dkuldell
    Community Member

    Re-opening the discussion on emergency access.
    For the audience...LastPass has a feature that allows a vault owner to specify trusted emergency contact(s) that can request access to your vault (theoretically in the event of the your incapacitation), subject to an x day grace period in which you can accept or deny the request. If you don't deny the request, then the emergency contact(s) will be allowed access to your vault after the grace period expires.
    I find this far more useful and safe than keeping (or sharing) a physical copy of my 1password emergency kit somewhere that could be stolen or destroyed in a fire/flood. I also really like the fact that the emergency contact(s) can only gain access after the grace period expires and no response from the owner of the vault. Thus the emergency contacts do not have actual access until the grace period has expired.

    When I posted on this topic previously, you mentioned "There is work going on to see how this might be achieved in a secure way." What is the latest news? When can we expect 1Password to have a similar feature?


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Browser: Not Provided

  • @benlye

    I'm sorry for the late reply. Your family member needs to have access to their email address in order to complete account recovery. I've let the team know that you'd like to see other options available in the future. For now, your family members can store the password for their email account with their Emergency Kit: Download and save your Emergency Kit

    @dkuldell

    Thanks for following up. We tend not to pre-announce new features so that we avoid disappointing folks if a feature is delayed or cancelled. If new emergency access features are released you'll see them announced on our blog and in our release notes:

    -Dave

    ref: PB-36295399
    ref: PB-36295481

  • Pleonasm
    Pleonasm
    Community Member

    For your consideration, below is a description of a potential workaround solution to implement the LastPass emergency contact process.

    • The 1Password account owner identifies two highly trustworthy emergency contacts: a primary Person A, and a secondary Person B (who optionally could be a hired attorney). These three individuals may be located in different cities.
    • The account owner provides the 1Password login email address, as well as other contact details, to both Person A as well as Person B.
    • The account owner provides one-half of the master (account) password to Person A and B (e.g., the first 10 characters of a 20-character password); as well as one-half of the Secret Key.
    • The account owner also provides written instructions to Person A and B defining the circumstances under which emergency access to the 1Password account is permitted (e.g., the precise definition of “incapacitation”).
    • If Person A believes that emergency access is warranted due to the occurrence of an event involving the account owner, then Person B is contacted and the second half of the master password and Secret Key are requested.
    • Person B attempts to contact the account owner to review and verify the situation and, if unsuccessful in doing so after a specified period of several days, then forwards the requested information to Person A.
    • During this delay period, the account owner can optionally prevent access by changing the master password and Secret Key, if needed.
    • The objective has now been achieved: Person A is enabled to access the 1Password account, following a specified delay.

    The above process ensures that Person A (as well as Person B) is unable to access the 1Password account before an emergency event occurs – and, more importantly, provides a level of assurance that is lacking in the LastPass methodology: namely, the independent involvement of Person B to verify the circumstances that are motivating Person A’s request to gain access to the account.

  • gpell1pas
    gpell1pas
    Community Member

    I'm perfectly fine with leaving my master password with my family. No need for any fancy new feature.

    But my concern is with the 1Password account subscription. Will 1Password continue working for several years after subscription payments stop? I was quite satisfied with the old design with the vault stored on my local Mac and synchronized with my other devices. I have not seen any benefit with the new 1Password account design. And I kind of resent that migrating to 1Password.com burns all the bridges to the old design.

  • lopinc
    lopinc
    Community Member

    Any update on this, 1Password?

    @gpell1pas I guess that means you don't have 2-factor turned on for your account?