Feature Request: Emergency access for estate planning
Comments
-
FYI: A practical workaround solution to the problem of "Death and Succession" has been proposed in: Feature Request: Emergency Access feature (see October 23, 2023 comment).
0 -
@gpell1pas, concerning the question "Will 1Password continue working for several years after subscription payments stop?", one option to consider is prepaying your 1Password account using 1Password Digital Gift Cards.
0 -
@Pleonasm - no one should have to "pre pay" their subscription because you're not providing an adequate solution to the problem of incapacitated access.
Your proposed solution in the referenced post doesn't handle if 2-factor is enabled on the account, not to mention the future when passkeys may be used to login to 1P. I shouldn't have to decrease account security, by disabling 2-factor, just so others can have emergency access. Both are possible as discussed before. Don't make users have to work around shortcomings in your product, instead address the issue and improve the product, thanks.
0 -
Thanks but your proposed solution in the referenced post doesn't handle if 2-factor is enabled on the account, not to mention the future when passkeys may be used to login to 1P.
0 -
@lopinc, concerning the addition of two-factor authentication functionality to the proposed process…
- Consider configuring 1Password to use a pair of YubiKey hardware security keys and providing Person A with one (see here). In this way, the emergency contact person is now fully equipped to access the owner’s 1Password account.
- In addition, it may be possible to do the same using an authenticator app, by capturing the 16-character secret key displayed during setup (see here) and providing that key to Person A?
- Finally, it is possible in 1Password to share a passkey (see here and here). As a result, the 1Password account passkey could be provided to Person A so that it is available for use when emergency access is needed?
P.S.: These three suggestions should, in my opinion, be tested by the 1Password account owner to ensure that they work as intended in the context of the proposed process.
0 -
@lopinc, two thoughts to continue this interesting conversation…
- The ability to prepay the 1Password account using 1Password Digital Gift Cards is not related to the emergency access issue. Even if a user’s account is frozen due to nonpayment of the subscription fee, 1Password still allows access to all items (see here). Prepayment of the account is simply an option for individuals who may want additional peace-of-mind.
- Does the LastPass emergency access process successfully work when two-factor authentication has been enabled on the account, implemented with an authenticator app, a passkey, or a hardware security key?
0 -
@Pleonasm re "Does the LastPass emergency access process successfully work when two-factor authentication has been enabled on the account, implemented with an authenticator app, a passkey, or a hardware security key?"
Yes, you should take a look at how LP does it. It's really simple. You designate another LP user as someone who has emergency access and how many hours/days you have to deny it if that person requests it. If the designee requests it, and you don't deny it in the allotted time, they get access to your vault. No pre shared keys, passwords, 2-factor codes, YubiKeys, or anything else required. It's real simple and it just works. https://blog.lastpass.com/2016/01/how-to-lastpass-emergency-access/
The way LP achieves this is the same way that 1P does family account recovery, by using a "recovery group". (read about how recovery groups work securely here here: https://1passwordstatic.com/files/security/1password-white-paper.pdf). So 1P can do the same thing, instead of requiring positive confirmation by the account holder to allow vault recovery, in the "emergency access" scenario you would require positive confirmation by the account holder to disallow vault recovery after the pre-specified days. That's it. The mechanism for true emergency access is already built into the family plan model of 1P, and can even be made an exclusive feature of that pricing tier (if they're smart). But 1P just hasn't implemented it yet.
2 -
@Pleonasm Please see the comment I left in the other thread here (https://1password.community/discussion/comment/698959/#Comment_698959 that explains why all that is unnecessary. I prefer not to cross post.
0 -
(the forum ate my post for some reason so I'll try again)
@Pleonasm re "Does the LastPass emergency access process successfully work when two-factor authentication has been enabled on the account, implemented with an authenticator app, a passkey, or a hardware security key?"
Yes it does, it's dead simple and it just works. Read here: https://blog.lastpass.com/2016/01/how-to-lastpass-emergency-access/
Basically, you designate another LP user(s) as your emergency access person, set the amount of time (hours or days) that you have to deny their request to access to your vault should they request it, and that's it. No pre-sharing of passwords, keys, secrets, 2-factor anything, or YubiKeys required.
This works securely on the same principle that 1P family recovery feature does, by using a "Recovery Group". You can read about how 1P Recovery Groups work here: https://1passwordstatic.com/files/security/1password-white-paper.pdf but as you can see, it's cryptographically secure way to recover another family members vault. Think of it as adding your emergency access designee to your family group, same process.
The idea with emergency access is the same, a family member can get access to your vault should you be unable to. The only difference is that the current implementation requires positive confirmation to allow a family member to recover your vault, whereas emergency access would require positive confirmation to prevent it after the pre-defined x hours or days. Under the hood, the cryptographic process would be the same. That means that 1P could implement it today, they just have chose not to. In fact the smart thing to do would be to make it a feature of the Family subscription plan and have it that only other members of your family plan group can be granted emergency access. That way individuals (like me) would upgrade and pay more just for that feature.
1 -
@lopinc, thank you for increasing the visibility of the emergency access topic on this forum. To continue the dialogue, here are a few more thoughts to consider….
- RE: “The idea with emergency access is the same, a family member can get access to your vault should you be unable to” and “The mechanism for true emergency access is already built into the family plan model of 1P.” Based on my understanding, these statements may need to be revised. A Family Organizer can help a family member recover an account, but the Family Organizer does not gain access to the contents of that person’s private vault(s) as a consequence of the recovery process. This is also true for 1Password business accounts (see here). Finally, as the 1Password Security Design whitepaper states, “A member of the Recovery Group will not be granted access to the encrypted data in a vault that they otherwise wouldn’t have access to even if they can obtain the vault key” – i.e., access to the contents of a private vault is prevented.
- RE: “…1P could implement it today.” I suspect that 1Password may disagree, based on this explanation: “…it would take a significant re-engineering effort, and a radical rewrite of the security model, to offer any sort of digital legacy options for 1Password accounts…. 1Password is built differently to other password managers, and neither we, nor our customers, want to introduce a weak point in our security model” (see here).
- The solution I have proposed (see here) is certainly not as “friction free” as the LastPass approach – yet, it is also not especially burdensome. My goal was to suggest a process that is essentially ‘equivalent’ to the LastPass methodology in terms of delivering the desired outcome, while also capable of being implemented immediately by any interested forum member. (Criticisms of that proposal are most welcome.) I hope that some may find it useful and tailor it to their specific needs, until such time as 1Password implements a superior solution that is integrated into the product.
0 -
Correct that's how it works now, but my point is 1P can use the existing system as a way to implement emergency access to allow a family member access to the vault. The cryptography of it doesn't change, just who gets access to the vault once unlocked, that's just a procedural modification for a different kind of recovery.
This comment leads me to believe you may be a 1P employee, or are you just quoting an employee? And no, it doesn't require a wholesale change of the security model, that's my point. The way Recovery Group cryptographic process works doesn't change, just what's done with the vault once it's recovered (given to family member A or B).
As a founder of a consumer SaaS service myself, I can tell you that once you require your customers to take steps they shouldn't have to to get around the shortcomings of your product, that's never a good thing. Whether you or I think it's burdensome or not is not the issue. Most people aren't tech savvy like us and won't either understand the work around or won't think about it the scenario until it's too late. A good consumer product makes it easy and takes the guesswork out of how to use the product. We shouldn't have to even think about it, it should just work, that piece of mind and ease of use is what 1P is selling.
0 -
I think I am going to resolve this issue in my family by making one other member a Family Organizer. I think that will allow them to access my account just as I, as Organizer, can restore access to any family member who looses ability to access their account. Of hand, I don't see why that wont do the trick. Comments? Of course, the other family member must be chosen carefully.
0 -
@seattlerust because the family recovery process requires that the person who's account is being recovered (yours) to authorize it via clicking on an emailed link (i.e. you need to take positive action to allow the recovery of your account). So they would need to have access to your email account to approve the recovery, without the benefit of a password for your email account that is presumably stored in your 1P vault, to access your 1P vault. A catch-22 unless you gave them the pw to your email by some other means.
In short, the Family recovery process is designed for you to recover your vault, not someone else, and that's the problem. However as I noted, the behind the scenes mechanism can be repurposed for family recovery of another family members vault by using negative permission (ie having a time period to deny the request) vs requiring positive permission.
0 -
@seattlerust That's a valid approach. The only possible issue I see is the technical understanding of the person you're giving the family organizer role. They must be able to understand how the 1Password family account is working as a whole including shared vaults, permissions, member accounts.
You need to be sure this person isn't accidentally deleting vaults or accounts or moving/copying stuff around due to lack of understanding. For many vital operations, there is no undo. He must not be a person who clicks first, then thinks about what he has done.0 -
This content has been removed.
-
Folks, read the procedure of the family recovery process: https://support.1password.com/recovery/
"The person whose account you’re recovering will get an email from 1Password. When they click Recover my account in the email, a page will open in their browser and they’ll be asked to confirm their email address. Then they’ll get a new Secret Key and create a new account password."
If they are unavailable, and you don't otherwise have access to their email account, how would you be able to click "Confirm" on the email they are sent to recover their vault?
0 -
Agreed. My family group consists of my wife, and two adult daughters. The two daughters are in late 50's and are reasonably computer savvy; my wife, not so much. These are the people who will have to deal with my digital legacy anyway, and I have had them using 1Password as their password manager to bring them up to speed. I have a lot of confidence with them and the daughters will help each other. Thank you for your response.
0 -
@seattlerust so you're going to give your family members your email account credentials so they can get into your email before they have access to your 1P vault?
0 -
Yes. This information will be part of a shared vault that contains various data important for them to have access to as future beneficiaries of our trust, etc. They, of course, have their own private vaults, as do I. The shared vault will also contain information, some people call lit a "digital will" I think, to help unwind numerous other things such as who I recommend to deconstruct my computer with a roadmap to my computer. Another item would be a list of subscriptions that are or are not set for auto-renewal, so that the auto renewals can be turned off in a timely fashion. I have been quite surprised at the amount of stuff that will be important to those who have to deal with my over forty years of digital activity. Maybe we on this forum should write a book 😜
0 -
With respect to the issue of giving "your family members your email account credentials so they can get into your email," this could be mitigated by creating an email account that is used exclusively for 1Password, and providing those login credentials to family members in advance. In this way, the trusted individuals can see and act upon emails from 1Password, but are unable to view other day-to-day private correspondence of the account holder.
P.S.: BTW, Bitwarden appears to have an emergency access feature similar to LastPass.
1 -
This content has been removed.
-
@lopinc, yes, I agree with your perspective. Yet, given that 1Password has not implemented an emergency access feature, it is necessary to currently work within the existing framework to find workaround solutions that approximate that feature.
Nonetheless, focusing on the existing account recovery process, one wonders: could a modest modification of that workflow be developed that yields the emergency access feature? What if the account recovery, after being initiated by the Family Organizer, is paused for several days, allowing the account owner who received the recover-my-account email from 1Password to optionally terminate the process during that period? What if the recover-my-account email from 1Password is also forwarded to the Family Organizer after that period has expired, so that the Family Organizer could then complete the account recovery without involvement by the account owner? Perhaps these modest changes to the workflow could indeed succeed in delivering the emergency access feature to a member of a family plan who chooses to setup that feature?
P.S.: The account recovery process performs a reset of two-factor authentication which, as a result, would not be a hindrance (if that option had been enabled by the account owner).
0 -
Hi everyone! I'm leaving another vote for requesting the "emergency access" feature. I'm new to 1Password, and I love it, but what would really stop me from monitoring the evolution of other password managers as time goes on is including this feature. The "emergency kit" does not work for me for many of the aforementioned reasons.
1 -
I've posted a request for a Sealed Envelope entry type that would trigger an alert if the seal is ever broken, as a possible solution to this problem.
https://1password.community/discussion/143527/req-sealed-envelope-entry
1 -
First post from a long-time LastPass user currently evaluating 1Password. So far the lack of Emergency Access is the only snag.
Like posters in this and other threads, I don't see where implementing an Emergency Access feature like the one in LastPass would break the 1Password security model. (If true, then I would lean towards ascribing 1P's resistance to lack of resources, doesn't increase revenue and/or ego.)
I did think of a really ugly workaround, and would appreciate comments. It doubles the cost, and I really resent having to consider it, but with a sizeable estate and lots of cash flow-related logins it may be cost justified.
The workaround would be to maintain the LastPass Family Account for me and my successors, but the only content in my LP vault would be a PDF of the 1Password Emergency Kit.
I realize that this degrades my overall security to the LP level, but so far the losses from the LP vault heist appear to be from crypto traders whose plaintext URL's identified them as being worthy of a brute force crack attack. I doubt I'd attract that much attention. LP security is probably sufficient for my everyday needs, but LP's functionality and support has been degrading over the last few years.
Thoughts?
0 -
I might be willing to give up 2FA.
I can't find it right now, but in one of the "We want Emergency Access" threads there was a link chain to a 1P blog post that said 2FA isn't an intrinsic part of the 1P security model.
I'm not excessively (?) paranoid. A robust master password and a secret key stored on-device, coupled with a totally encrypted vault, probably is sufficient for me. My financial accounts are configured so that it would take additional effort to move money to the outside world. I don't do crypto.
(Ironically I am using 2FA on LastPass, which would help shield the 1P Emergency Kit, but that doesn't impact the LP Emergency Access functionality.)
(LastPass showed URL's in plaintext so when the bad guys got the vaults they could identify who to crack. So far security researchers have identified at least $35 million in crypto that has been stolen as a result of the LP vault heist.)
0
