Feature Request: Emergency access for estate planning
Comments
-
@Pleonasm - no one should have to "pre pay" their subscription because you're not providing an adequate solution to the problem of incapacitated access.
Your proposed solution in the referenced post doesn't handle if 2-factor is enabled on the account, not to mention the future when passkeys may be used to login to 1P. I shouldn't have to decrease account security, by disabling 2-factor, just so others can have emergency access. Both are possible as discussed before. Don't make users have to work around shortcomings in your product, instead address the issue and improve the product, thanks.
0 -
Thanks but your proposed solution in the referenced post doesn't handle if 2-factor is enabled on the account, not to mention the future when passkeys may be used to login to 1P.
0 -
@Pleonasm re "Does the LastPass emergency access process successfully work when two-factor authentication has been enabled on the account, implemented with an authenticator app, a passkey, or a hardware security key?"
Yes, you should take a look at how LP does it. It's really simple. You designate another LP user as someone who has emergency access and how many hours/days you have to deny it if that person requests it. If the designee requests it, and you don't deny it in the allotted time, they get access to your vault. No pre shared keys, passwords, 2-factor codes, YubiKeys, or anything else required. It's real simple and it just works. https://blog.lastpass.com/2016/01/how-to-lastpass-emergency-access/
The way LP achieves this is the same way that 1P does family account recovery, by using a "recovery group". (read about how recovery groups work securely here here: https://1passwordstatic.com/files/security/1password-white-paper.pdf). So 1P can do the same thing, instead of requiring positive confirmation by the account holder to allow vault recovery, in the "emergency access" scenario you would require positive confirmation by the account holder to disallow vault recovery after the pre-specified days. That's it. The mechanism for true emergency access is already built into the family plan model of 1P, and can even be made an exclusive feature of that pricing tier (if they're smart). But 1P just hasn't implemented it yet.
1 -
@Pleonasm Please see the comment I left in the other thread here (https://1password.community/discussion/comment/698959/#Comment_698959 that explains why all that is unnecessary. I prefer not to cross post.
0 -
(the forum ate my post for some reason so I'll try again)
@Pleonasm re "Does the LastPass emergency access process successfully work when two-factor authentication has been enabled on the account, implemented with an authenticator app, a passkey, or a hardware security key?"
Yes it does, it's dead simple and it just works. Read here: https://blog.lastpass.com/2016/01/how-to-lastpass-emergency-access/
Basically, you designate another LP user(s) as your emergency access person, set the amount of time (hours or days) that you have to deny their request to access to your vault should they request it, and that's it. No pre-sharing of passwords, keys, secrets, 2-factor anything, or YubiKeys required.
This works securely on the same principle that 1P family recovery feature does, by using a "Recovery Group". You can read about how 1P Recovery Groups work here: https://1passwordstatic.com/files/security/1password-white-paper.pdf but as you can see, it's cryptographically secure way to recover another family members vault. Think of it as adding your emergency access designee to your family group, same process.
The idea with emergency access is the same, a family member can get access to your vault should you be unable to. The only difference is that the current implementation requires positive confirmation to allow a family member to recover your vault, whereas emergency access would require positive confirmation to prevent it after the pre-defined x hours or days. Under the hood, the cryptographic process would be the same. That means that 1P could implement it today, they just have chose not to. In fact the smart thing to do would be to make it a feature of the Family subscription plan and have it that only other members of your family plan group can be granted emergency access. That way individuals (like me) would upgrade and pay more just for that feature.
1 -
Correct that's how it works now, but my point is 1P can use the existing system as a way to implement emergency access to allow a family member access to the vault. The cryptography of it doesn't change, just who gets access to the vault once unlocked, that's just a procedural modification for a different kind of recovery.
This comment leads me to believe you may be a 1P employee, or are you just quoting an employee? And no, it doesn't require a wholesale change of the security model, that's my point. The way Recovery Group cryptographic process works doesn't change, just what's done with the vault once it's recovered (given to family member A or B).
As a founder of a consumer SaaS service myself, I can tell you that once you require your customers to take steps they shouldn't have to to get around the shortcomings of your product, that's never a good thing. Whether you or I think it's burdensome or not is not the issue. Most people aren't tech savvy like us and won't either understand the work around or won't think about it the scenario until it's too late. A good consumer product makes it easy and takes the guesswork out of how to use the product. We shouldn't have to even think about it, it should just work, that piece of mind and ease of use is what 1P is selling.
0 -
I think I am going to resolve this issue in my family by making one other member a Family Organizer. I think that will allow them to access my account just as I, as Organizer, can restore access to any family member who looses ability to access their account. Of hand, I don't see why that wont do the trick. Comments? Of course, the other family member must be chosen carefully.
0 -
@seattlerust because the family recovery process requires that the person who's account is being recovered (yours) to authorize it via clicking on an emailed link (i.e. you need to take positive action to allow the recovery of your account). So they would need to have access to your email account to approve the recovery, without the benefit of a password for your email account that is presumably stored in your 1P vault, to access your 1P vault. A catch-22 unless you gave them the pw to your email by some other means.
In short, the Family recovery process is designed for you to recover your vault, not someone else, and that's the problem. However as I noted, the behind the scenes mechanism can be repurposed for family recovery of another family members vault by using negative permission (ie having a time period to deny the request) vs requiring positive permission.
0 -
@seattlerust That's a valid approach. The only possible issue I see is the technical understanding of the person you're giving the family organizer role. They must be able to understand how the 1Password family account is working as a whole including shared vaults, permissions, member accounts.
You need to be sure this person isn't accidentally deleting vaults or accounts or moving/copying stuff around due to lack of understanding. For many vital operations, there is no undo. He must not be a person who clicks first, then thinks about what he has done.0 -
Folks, read the procedure of the family recovery process: https://support.1password.com/recovery/
"The person whose account you’re recovering will get an email from 1Password. When they click Recover my account in the email, a page will open in their browser and they’ll be asked to confirm their email address. Then they’ll get a new Secret Key and create a new account password."
If they are unavailable, and you don't otherwise have access to their email account, how would you be able to click "Confirm" on the email they are sent to recover their vault?
0 -
Agreed. My family group consists of my wife, and two adult daughters. The two daughters are in late 50's and are reasonably computer savvy; my wife, not so much. These are the people who will have to deal with my digital legacy anyway, and I have had them using 1Password as their password manager to bring them up to speed. I have a lot of confidence with them and the daughters will help each other. Thank you for your response.
0 -
@seattlerust so you're going to give your family members your email account credentials so they can get into your email before they have access to your 1P vault?
0 -
Yes. This information will be part of a shared vault that contains various data important for them to have access to as future beneficiaries of our trust, etc. They, of course, have their own private vaults, as do I. The shared vault will also contain information, some people call lit a "digital will" I think, to help unwind numerous other things such as who I recommend to deconstruct my computer with a roadmap to my computer. Another item would be a list of subscriptions that are or are not set for auto-renewal, so that the auto renewals can be turned off in a timely fashion. I have been quite surprised at the amount of stuff that will be important to those who have to deal with my over forty years of digital activity. Maybe we on this forum should write a book 😜
0 -
Hi everyone! I'm leaving another vote for requesting the "emergency access" feature. I'm new to 1Password, and I love it, but what would really stop me from monitoring the evolution of other password managers as time goes on is including this feature. The "emergency kit" does not work for me for many of the aforementioned reasons.
1 -
I've posted a request for a Sealed Envelope entry type that would trigger an alert if the seal is ever broken, as a possible solution to this problem.
https://1password.community/discussion/143527/req-sealed-envelope-entry
1 -
First post from a long-time LastPass user currently evaluating 1Password. So far the lack of Emergency Access is the only snag.
Like posters in this and other threads, I don't see where implementing an Emergency Access feature like the one in LastPass would break the 1Password security model. (If true, then I would lean towards ascribing 1P's resistance to lack of resources, doesn't increase revenue and/or ego.)
I did think of a really ugly workaround, and would appreciate comments. It doubles the cost, and I really resent having to consider it, but with a sizeable estate and lots of cash flow-related logins it may be cost justified.
The workaround would be to maintain the LastPass Family Account for me and my successors, but the only content in my LP vault would be a PDF of the 1Password Emergency Kit.
I realize that this degrades my overall security to the LP level, but so far the losses from the LP vault heist appear to be from crypto traders whose plaintext URL's identified them as being worthy of a brute force crack attack. I doubt I'd attract that much attention. LP security is probably sufficient for my everyday needs, but LP's functionality and support has been degrading over the last few years.
Thoughts?
0 -
I might be willing to give up 2FA.
I can't find it right now, but in one of the "We want Emergency Access" threads there was a link chain to a 1P blog post that said 2FA isn't an intrinsic part of the 1P security model.
I'm not excessively (?) paranoid. A robust master password and a secret key stored on-device, coupled with a totally encrypted vault, probably is sufficient for me. My financial accounts are configured so that it would take additional effort to move money to the outside world. I don't do crypto.
(Ironically I am using 2FA on LastPass, which would help shield the 1P Emergency Kit, but that doesn't impact the LP Emergency Access functionality.)
(LastPass showed URL's in plaintext so when the bad guys got the vaults they could identify who to crack. So far security researchers have identified at least $35 million in crypto that has been stolen as a result of the LP vault heist.)
0
