Feature Request: Emergency access for estate planning

VT1P

If I am in a coma I would want my children to have access to my finances so they could help me - I would be very happy with a default "Yes" to Bitwarden.

MrC

I think my flippant point was that there is no one size-fit all solution.

This is a people problem, that even the largest companies are reluctant to embrace. it's difficult. In the end all judgements must be performed by someone trusted, or an authority.

Some are comfortable with allowing some implementation of technology to satisfy this role. The risk / exposure to companies who attempt this is high, the reward low. Each company will perform their own risk / reward assessment. I'm pretty confident that few will embrace this area.

VT1P

Mr C,

You wrote: In the end all judgements must be performed by someone trusted, or an authority.

I do not see this as a people problem where I need to trust a human at 1P.com or Bitwarden to flip a switch at the right time. I see this as a password manager zero-knowledge programming problem. Unless 1P.com can show me why Bitwarden's Emergency Access facility is not really zero- knowledge, I just want 1P.com to give me something similar that is as good or better than Bitwarden's solution.

The most likely future is that I will get older and eventually invite my POA/executor adult child to become fully involved in my finances to help me. I just want a zero-knowledge, web-based emergency access feature that let's me provide access to info in my 1P.com account if I die in a plane crash, or become severely ill or injured while I am away from home, before I get older and provide access myself in a more orderly way.

MrC

I see this as a password manager zero-knowledge programming problem.

if it were all that easy, and liability and cost free, every company would be doing this.

VT1P

I don't see the extra liability. Every password manager faces the risk of being hacked. If their programming is good, including their server security, it shouldn't happen. It appears LastPass' zero-knowledge programming was OK, but they had a problem with senior staff protection of server access credentials and they cut-corners on breadth of encryption. 1P.com is better than LastPass, and as far as I know they don't cut any corners.

Bitwarden faces the same types of liability and zero-knowledge programming demands as 1P.com, although they have programmed a narrower set of password manager features. Nevertheless, their cost is $10 per year and 1P.com's is much higher.

VT1P

I think 1Password.com could program an emergency access feature like Bitwarden's, but not enough customers are asking for it. I never asked for it either until I retired from work, reviewed my estate planning, and began to worry how our adult children could gain emergency access to our passwords and other key info we keep in our 1P.com account. I don't want to give them access to all the details now, by giving them a copy of my Emergency Kit and my master password, but I would like to provide them access in a true emergency.

I think 1P.com could program a good zero-knowledge emergency access feature, while still leaving the Emergency kit in place to serve its current role. I don't think it's an insurmountable task for 1P.com, I just think not enough customers are asking for the feature yet. I can accept that, but I plan to keep asking for it.

Blake

Thanks everyone for continuing to keep this conversation going! A secure, zero-knowledge, emergency access feature is definitely something I'd love to see pursue.

For those who may have found it while searching for estate planning options and want something you can do immediately... the best option right now is to download and save your Emergency Kit. You can print out the Emergency Kit and write down your account password. Then you can store the Emergency Kit in a personal safe or safe deposit box. Using the Emergency Kit your family or lawyer will be able to access your 1Password account.

If you're using 1Password Families, you can create a separate family member or guest account and only share the items that you'd like your attorney or loved ones to have access to in case of emergency.

lopinc

Hi folks, as a user of LP looking to migrate to 1P, I wish there was an Emergency Access feature like LP has as well. I've searched the boards here and seen many other threads where this was discussed with a few options that really aren't options:

• Store emergency kit somewhere safe where a family member can get to it

  • That won't work if you have 2FA enabled, which you should (don't assume your survivors will have access to your phone or be able to unlock it), plus you have to implicitly trust the "somewhere safe" in the meantime.
  • Also won't the "emergency kit" method be rendered moot by using Passkeys to login to 1P in the future?

• Having a family member on a family account do an account recovery

  • Correct me if I'm wrong but the family recovery process requires the person who can't get into their account to create a new account by clicking on a link they are emailed to recover their vault. How is that supposed to happen then they are no longer alive or otherwise incapacitated? Further, if the password to their email account is in their vault, that isn't accessible until it's recovered, then you can't get to the link in the email from 1P and you have a catch-22, so that doesn't work either.

In researching how LP does this without knowing your vault password/keys, I came across this: https://support.lastpass.com/s/document-item?language=en_US&bundleId=lastpass&topicId=LastPass/FAQ_Emergency_Access.html&_LANG=enus

“The key used to encrypt and decrypt your LastPass vault data is encrypted with the Emergency Access contact's public key, and can be decrypted only with their corresponding private key. When setting up Emergency Access, you are using the recipient's public key, encrypting your LastPass vault key with that public key, and then LastPass stores that RSA-2048 encrypted data until it's released (after the waiting period you specify). Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you're sharing it with, which is encrypted with their master password key. This process is completely automated, with no action required by the end user, and ensures that the data is inaccessible by LastPass or outside parties.”

Sound familiar? It should, it’s similar to how the 1P family recovery feature works. From page 54 which describes how Recovery Groups work: https://1passwordstatic.com/files/security/1password-white-paper.pdf

“When a vault is created, a copy of the vault key is encrypted with the public key of the Recovery Group. The members of the Recovery Group are able to decrypt the private key of the Recovery Group. Thus from an exclusively cryptographic point of view the members of the Recovery Group have access to all of the vaults.”

So it seems that 1P already has the mechanism to do Emergency access, by adding a “dead mans switch” functionality to the existing Recovery Group cryptographic procedures that already exist. The differences would be:

• Instead of emailing the user whose vault is trying to be recovered a link to start the recovery process, you email them a link to stop the recovery process. If that link isn’t clicked within X days the recovery process is allowed to happen by the emergency contact.
• For the person who started the emergency recovery process, the recovered vault(s) are added/copied to their own account, facilitating the emergency access.

I really hope this gets addressed soon, it's the only thing that's preventing me from becoming a paid 1P subscriber, thanks.

ag_josephine

Hi @lopinc,

Thank you so much for all your feedback!

I've filed an additional feature request internally, including your feedback, to bring this to the attention of our team. They regularly review feature requests from our customers to consider what should be added or changed to future versions of 1Password. Your feedback, along with feedback from our other customers, helps them immensely with their planning.

Thank you again for your suggestion, we appreciate your feedback and love hearing from you - Please let me know if you ever have other ideas on how we could improve 1Password or if there is anything else I can help you out with!

Waldo000000

I've searched the boards here and seen many other threads where this was discussed with a few options

@ag_josephine Is there a definitive KB article or docs page or pinned thread that collates/describes the current best recommended workarounds to 1Password's current lack of digital inheritance features for various use cases? At the very least, that would help all of us from needing to search these forums ourselves.

K2342

Seconding this feature request - I've been asking for it for awhile myself. Lack of estate planning / dead man's switch features has been the only feature gap I've seen in 1Password. The workarounds I have in place are tedious, clunky, and error prone. 1Password's past explanations for why they won't implement this seems to be some philosophical reasoning, rather than technical. They can, they just dont want to because they see it as less safe / not what a password manager should do.

I think it's a bunch of bullcrap. What good is a stronghold without a door ? A castle full of food that no one can reach ? How is 1Password protecting everything I care about digitally, but then ignoring the people I care about - who will have to decipher janky workarounds to access 1Password data ?

Dont get me started :-) . There's a bunch of old threads in this you can look for in search. I will warn you - you will like none of the options. They've all had holes poked into them by other posters.

Lastpass was a mess - but they did get emergency access correct.

ag_josephine

Hi @Waldo000000,

As wills and estates do vary so much case by case so we don't have any sort of definitive guide as digital estates change so much from person to person; however, I've attached a blog post below that you may find helpful: Digital estate planning: How to share digital accounts safely

ag_josephine

Hi @K2342,

Using the analogy of a door, 1Password does have a door, and as well as keys to access it. However there isn't any sort of digital back door built into 1Password. The "keys" come in the form of your Emergency Kit. In order to grant access your data in case the unthinkable should happen, the best workaround currently is to include your Emergency Kit in your will and ensure someone is granted access to it.

This lack of digital backdoors means data stored within 1Password's severs is safe from digital attacks.

I've included a link below to an informative article below:
How 1Password is designed to keep your data safe, even in the event of a breach

The above is why the Emergency Kit exists and why we stress the importance of it; as long as someone can gain access to your Emergency Kit, they can open the door to the stronghold, so to speak.

The previously mentioned Digital estate planning: How to share digital accounts safely article touches upon this also.

lopinc

@ag_josephine That's not entirely accurate as, in a family plan, the private key of the private/public keypair for a users vault is also encrypted by the pubic key of the Recovery Group which all family members are a part of and have the private key for, as I noted in my post. That allows a1P family member to recover a vault for another family member, without either knowing the lost password or "key" that's on the emergency kit for the recovered user (which is not the same as the cryptographic public/private key pair).

So 1P itself may not have a "digital back door" but you have already engineered it so that someone else can have a back door to a vault. It is that process that can be modified to create an emergency access feature, if 1P gets around to implementing it.

K2342

Hi @ag_josephine

Thanks for your response.
There's a variety of ways around that, as other threads have documented in this forum over the past several years, and well as implementations by other companies (Dashlane, Lastpass, etc) that do have emergency access have shown.

You can either grant full emergency access like Lastpass did, or just build out the guest workflow more to include revokable, time-lapsed access.

Regarding the latter, one idea would be for 1Password to use the existing workflow for "Guest" access, and enhance constraints around access to that vault. Make a revokable, time-lapsed access vault that any guest user can access via email. Then users can choose to put their emergency kit there, or whatever other information they'd want the person to have in an emergency. And Voila - 1Password now has a real emergency access workflow that is accessible and secure - without needing to handle any keys more than guest sharing already does.

I'm not going to rehash the options (for full access), I'm sure 1Password has looked into them. It certainly can be done, it just seems 1Password doesnt want to. And I dont quite understand it - because as time goes on, and 1Password grows, more and more people are going to request emergency access and eventually 1Password will add it. Especially if 1Password plans to have an IPO at some point - sooner or later stakeholders will demand this feature and it will be implemented. Could be 5-10 years from now, but it'll happen. I wish 1Password would just admit this and get ahead of it, rather than hiding behind technical grounds.

Speak of a digital backdoor is just a scare tactic. There is a balance between absolute security and usability - and 1Password will need to try and land in the middle if they want to really grow. Like it or not, emergency access is something Password Managers need to implement in some way before they can really be used for the masses. If your service becomes too hard to use, it wont gain adoption beyond a bunch of techies like us. Again, this is especially relevant if 1P has IPO plans. Shareholders will require something like this, I am almost sure.

I love 1Password. I'm a software engineer myself and get the tech part of it. But it truly keeps me up at night that the service I put all my faith into for digital secret management is seemingly burying their head in the sand regarding emergency access. A digital secret manager is no good to me if it will lock out my family in the future because a lawyer or well-meaning family member is unable to work it.

It's been a longstanding issue for me, and obviously ( :-) ) something I am very passionate about.

ag_gareth

Hey @K2342,

Thank you for letting us know this is something you want to see and we'll get all your feedback added to the feature request we have raised for this.

In the meantime we have these blog posts all about not only planning and managing your own digital estate with 1Password, but also how to handle inheriting someone else's:

• Digital estate planning: How to share digital accounts safely
• You've Inherited a Digital Estate Plan: Now What?

And if there's anything else we can help with or anything else you'd like us to add to the feature request for this let us know.

lopinc

How would the "emergency kit" work (and having someone else in your family use it) if you login to your 1P account via Passkeys which requires a device that may not be available?

K2342

Hi @ag_gareth

Thanks for your response. I find those links at best unhelpful, and at worst - misdirection. The gist I get is "1Password doesnt support emergency access, so we going to make it seem very complex by calling it Estate Planning, and provide some superficial tips you can find on any online blog to seem like we're helping".

They don't do a whole lot, and kind of support my perspective that there is some politicing going around this at 1P.

Please just implement a simple, in house emergency access workflow. I dont need 1P to handle my estate planning - just a safe emergency access workflow.

ag_gareth

Hey @K2342,

Thanks for your response. I find those links at best unhelpful, and at worst - misdirection. The gist I get is "1Password doesnt support emergency access, so we going to make it seem very complex by calling it Estate Planning, and provide some superficial tips you can find on any online blog to seem like we're helping".

Our apologies for the misunderstanding. 'Emergency access' is currently provided through the use of the Emergency Kit and our blog posts on digital estate planning were written to explain how to leverage it in that emergency scenario.

Please just implement a simple, in house emergency access workflow. I dont need 1P to handle my estate planning - just a safe emergency access workflow.

We absolutely understand you would like a different and specific workflow for this type of emergency. We've raised a feature request for this and your feedback has been added.

ag_gareth

Hey @lopinc,

That's a great question! Unlocking 1Password with Passkeys isn't in early access or beta yet so we don't have anything to announce right now, but this is absolutely something we're working on and you can sign up here to be kept in the loop on passkey updates as they happen.

a7n

Hi 1Password,

Just leaving a comment here to say that I would like this feature implemented.

I just joined the community. Is there a way for customers to see the status of this feature request?

mplante

Hi 1Password team.
Very simply, the ONLY thing that I miss from Lastpass is the super simple way I was able to give my wife and my adult children access to my digital life in the event that I pass away before them. From a product design perspective please look at "How to use emergency access" on this page here https://www.lastpass.com/features/emergency-access. That's it. Nothing more. Apart from that I'm extremely satisfied of my move to migrate over to 1Password and I've converted a lot of my Lastpass relatives to do the same. But please, we need this one. THANK YOU

K2342

@mplante Totally agree. 1Password could shamelessly copy Lastpass's implementation and I'd be thrilled with it.

kambusha

I'd just like to add my vote for this feature. It's the only reason I left 1password about 2 years ago. I need to be able to setup my vault as a digital will so that I can designate some close contacts with emergency access should anything happen to me.

I would come back to 1password in a heart-beat if they finally implemented this feature. I just don't see the argument against it at this point. If you don't need the feature, then don't use it. I remember reading about domestic abuse or coma use-cases that were apparently the reason not to implement it. However, I don't really get either one. If it's a matter of domestic abuse they would only be a trusted contact if you added them first (they can't just request access to account and then not allow access to your email). Also, realistically (and unfortunately), I doubt the abuser would need emergency access if they really wanted access to the account. Then for the coma use-case, that's a perfect time when you would want a trusted contact to have access to sensitive information to help you out.

Is there a use-case that's still being discussed as the reason why this feature doesn't make sense for 1password still?

Tertius3

@kambusha I guess the reason it's not implemented as simple timeout-based solution is that 1Password doesn't want to take responsibility for releasing the emergency access.

The decision to release access is done on and by their servers. There needs to be a job running every day, and if the timeout is reached, that job is releasing access. If someone is able to mess with that job, it's possible to release emergency access prematurely. After 0 days for example, which means immediately, which would be a disaster.
This release is outside the control of ourselves, the customer, and this is against the concept of 1Password, as far as I understand: always give the customer full control over every aspect of his account.

dkuldell

Re-opening the discussion on emergency access.
For the audience...LastPass has a feature that allows a vault owner to specify trusted emergency contact(s) that can request access to your vault (theoretically in the event of the your incapacitation), subject to an x day grace period in which you can accept or deny the request. If you don't deny the request, then the emergency contact(s) will be allowed access to your vault after the grace period expires.
I find this far more useful and safe than keeping (or sharing) a physical copy of my 1password emergency kit somewhere that could be stolen or destroyed in a fire/flood. I also really like the fact that the emergency contact(s) can only gain access after the grace period expires and no response from the owner of the vault. Thus the emergency contacts do not have actual access until the grace period has expired.

When I posted on this topic previously, you mentioned "There is work going on to see how this might be achieved in a secure way." What is the latest news? When can we expect 1Password to have a similar feature?

---

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Dave_1P

@benlye

I'm sorry for the late reply. Your family member needs to have access to their email address in order to complete account recovery. I've let the team know that you'd like to see other options available in the future. For now, your family members can store the password for their email account with their Emergency Kit: Download and save your Emergency Kit

@dkuldell

Thanks for following up. We tend not to pre-announce new features so that we avoid disappointing folks if a feature is delayed or cancelled. If new emergency access features are released you'll see them announced on our blog and in our release notes:

• Blog
• 1Password Releases

-Dave

ref: PB-36295399
ref: PB-36295481

gpell1pas

I'm perfectly fine with leaving my master password with my family. No need for any fancy new feature.

But my concern is with the 1Password account subscription. Will 1Password continue working for several years after subscription payments stop? I was quite satisfied with the old design with the vault stored on my local Mac and synchronized with my other devices. I have not seen any benefit with the new 1Password account design. And I kind of resent that migrating to 1Password.com burns all the bridges to the old design.

lopinc

Any update on this, 1Password?

@gpell1pas I guess that means you don't have 2-factor turned on for your account?