Vault access upon death
I see a number of discussions on providing account access to loved ones upon death, but they have all been closed, so I am creating this post to ask a question.
If my wife and I die together in an accident, we want our kids to have access to the data in our vault. If I have 2FA turned on, which I do, providing my children the information contained in the Emergency Kit is useless, because they will require the 2FA code. If my phone is destroyed in the accident, there is no way for them to get into our vault. Is my understanding correct? And if it is, is 1Password really giving us a Hobson's choice between turning off 2FA for our most important data vs. not giving our children access to our passwords and accounts if we die?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
I think the only way to handle this, while still having 2FA in place - would be to print the TOTP 2FA QR code when setting up 2FA on the account. Store that QR code (with instructions on how to use it - scanning into a 2FA app etc), and also store your Emergency Kit (and master password). Ideally store them in separate, secure places. Somewhere that's easy to find and access based on instructions from a will, or another known method that your heirs will understand, or a place that has been communicated in advance.
Note that the TOTP 2FA QR code can be scanned into an infinite number of devices, at any point in the future - it's an entirely offline method of 2FA. All it requires is an application that understands the QR code, and a device that has the correct time (timezone doesn't matter).
You could also purchase one or more Security Keys - register them for 2FA on the account, and leave the Security Key and it's PIN somewhere safe.
But you're correct that 1Password does not have a technical solution designed for passing on access in the event of death/loss of faculties.
Now if a surviving family member is a Family Organiser, then can initiate a recovery of a family member - but the recovery process requires access to the email account of the 1Password member needing recovered. Recovery bypasses 2FA.
0 -
Use of only master password and secret key to unlock an account in case of any disaster, is something really frightening me.
Alongwith secret key, there should be a couple of more options given to end users..
0