Emergency Access: this is technically feasible, correct?
Could you comment on the technical feasibility of adding an “Emergency Access” feature, similar to other password managers like LastPass, Bitwarden, etc?
Based on what I’m reading in the 1Password Security Design document v0.4.0, this appears technically feasible while preserving 1Password having zero knowledge of unencrypted vault data.
https://1passwordstatic.com/files/security/1password-white-paper.pdf
Emergency Access seems possible with a slight modification to the “Restoring a User’s Access to a Vault” procedure which is described starting on page 48.
We’ll use the same people (Bob, Carol, Server) as shown in Figure 23. After Steps 1-5 the Server will have Carol’s encrypted vault data (dve) and the Encrypted Recovery Key (Rv) for that vault.
Step 6: Bob initiates Emergency Access
Step 7: Carol approves emergency access for Bob, or Bob receives no response within the predetermined amount of time
Step 8: Server sends Bob Rv and dve. Bob is able to decrypt Rv to obtain kv using the Recovery Group’s Secret Key (skr) that was previously encrypted with Bob’s Public Key (pkb) from Step 2. Bob can then decrypt Carol’s encrypted vault data (dve) using kv.
At that point Bob will have full visibility to Carol’s decrypted vault data. At no point in time will 1Password have access to Carol’s decrypted vault data. All the decrypting is done in Bob’s client.
It looks straightforward thanks to the magic of public/private keysets, but am I missing something?
I like the idea of the “Emergency Kit”, but one of my concerns is someone changing the physical/electronic location of their Emergency Kit and unintentionally not informing the person who would need access to it when the time comes.
1Password Version: 1Password for Mac 8.9.15 (80915001)
Extension Version: Not Provided
OS Version: macOS 10.15.7
Browser:_ Not Provided