1Password Access after Death, Legacy Contacts

24

Comments

  • gvanschip
    gvanschip
    Community Member

    Good point. I actually added my mother to my family account and made sure that she shares all her items in a shared vault. Likewise, I have added both my children to my account and created an item with access details for my account. All manual options so having something automated build in would be great. I do realize that it would need a lot of careful consideration from a security standpoint.

  • I'm glad you've found some ideas in this topic. I've shared your comments internally.

  • thimplicity
    thimplicity
    Community Member

    Please add me to the list of people who are interested in a functionality similar to Bitwarden. The solution should not include storing something in a safe, as people might not live close to another

  • MerryBit
    MerryBit
    Community Member

    This feature has been requested literally for over a decade, so I would not hold my breath. 😊

    Here is the oldest thread I could find asking for such a feature, it is from 2011:

    https://1password.community/discussion/2278/feature-request-emergency-password-for-family-in-case-of-death

  • @MerryBit

    Yes, it has been requested as you mention. However, 1Password 8 which makes many more things possible did not exist then. The revamp of 1Password.com is underway and recovery codes are in beta. I hope this is something we can bring to light. Many more things are possible now that were not possible back then. I'm not saying it could happen over night but there is a possibility.

  • MerryBit
    MerryBit
    Community Member

    Recovery codes? How do they work and where can I try them out?

  • Hey @MerryBit

    Assuming you have an individual account they are in beta testing. Other account types should be on the horizon.

    https://1password.community/discussion/145444/recovery-codes-for-individuals-beta

  • MerryBit
    MerryBit
    Community Member

    Thanks @ag_tommy !

  • You're most welcome.

  • thedean
    thedean
    Community Member
    edited May 17

    I used to have an individual 1Password account. I upgraded to a Family account specifically because of my concern about legacy access. Let me share with the group how I have configured my family account to handle legacy access:

    1. I am a family organizer for my family account.

    2. I made the executor of my will (she is also the successor trustee of my trust, and my designated power of attorney) a second family organizer.

    3. I have shared a vault with her that contains just one entry: my email address and password.

    4. In the event of my incapacity or death, my executor/trustee can use her authority as a family organizer to begin the account recovery process. And since she has access to my email account, she can can use it to reset my master password and secret key, and thereby gain access to all the rest of my vaults. Since I am notified via email of any attempt to begin the recovery process, I feel 99% confident that she will not abuse her family organizer powers while I am still of sound mind. (FYI, while I have 2FA enabled on all my other accounts, it is disabled in 1Password because I don't think it is necessary there, and therefore it does not interfere with this recovery process.)

    It's not perfect. But is good enough for me. My master password and secret key are known only to me, and no one else. And it allows me to sleep well at night, knowing that in the event of my incapacity or death, the people with a need to know can get access to everything in all my vaults.

    I hope this strategy will help others.

  • Thank for sharing @thedean.

  • @MerryBit et al.

    I wanted ensure you saw the recovery code announcement for families.

    https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest

  • lopinc
    lopinc
    Community Member

    @ag_tommy It's not clear if if a family organizer uses the recovery code of a family members account to recover that members account, does it give them access to the vault items? I mean the whole point of "legacy access" is if they are not available to access their vault themselves, so if the family organizer can't see the contents of the other family members recovered vault, it doesn't solve the issue. thanks.

  • ag_tommy
    edited May 27

    @lopinc

    A recovery code would/could be used by you or your heir in that situation. Assisted recovery from a Family organizer would not need the code and would be one in which you or your heir actively participate. Both require access to the users email. The following may help.

    Generate and use recovery codes

  • lopinc
    lopinc
    Community Member

    @ag_tommy I'm talking about the new beta feature for 1P families that you posted about: https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest

    Nowhere on that page does it say if the family organizer would then have access to the other persons vault if the new recovery code method is used, that's what I'm trying to confirm.

    The issue with the existing assisted recovery for Families is it requires the other persons involvement as you noted, which in an emergency situation (like death), may not be possible.

  • ag_tommy
    edited May 30

    The recovery code would allow anyone to access the data in the users account. It is a way for you or anyone to recover the account. Typically the recovery code would be used by you.

    Using a recovery code allows Family Organizers and Family Members to self-recover their accounts in case they forget their account password or lose their Secret Key/trusted devices.

    Perhaps you're thinking the Organizer is creating a code for the family member? That is not the case, each member would need to to create their own from inside their account. When I create the code I am doing so for my account as the Family Organizer. You or the family member would need to print their own and keep it safe.

    tl;dr Yes the Private/Personal vault woud be accessible using this method. The key is self-recover

  • lopinc
    lopinc
    Community Member

    @ag_tommy No I realize the individual user is creating a recovery code for themselves, but I guess what isn't clear is if the family organizer can use that code without access to that family members email. According to https://support.1password.com/recovery-codes a verification email is part of the recovery flow, so that won't work if the family member is unavailable/incapacitated/etc.

    Are you saying the recovery code process for families doesn't require email verification? If so is that recovery flow documented anywhere? Thanks!

  • Yes, you need to know the email account password and or have access to it no matter the method used. The email is one of the key details for the account.

    https://support.1password.com/recovery-codes

    When you use a recovery code:

    You’ll need access to the email address associated with your 1Password account to verify it’s you.
    ...

    https://1password.community/discussion/comment/711218/#Comment_711218

    Both require access to the users email.

  • lopinc
    lopinc
    Community Member

    @ag_tommy That's unfortunate, so even in the Family account context it doesn't eliminate the catch-22 of needing access to the family members email password that's in their vault which is inaccessible without the email password. :)

    I was confused by the statement here: https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest which said under the "Multiple Recovery Methods" section, "1. They won't need to wait on someone else to confirm their recovery" - I thought that could mean that as long as the family organizer doing the recovering verified the process, the family member being recovered wouldn't have to themselves verify. Thanks.

  • No worries! It can get confusing especially around recovery and adding a new method. Recovery is one thing we want to ensure everyone understands vs. being in a very bad situation.

    The statement above would have been from the viewpoint of a user self-recovering their account with a recovery code. The recovery code would take the organizer out of the picture (using the code). They (the organizer) would never know a recovery took place. Again, with the code. To be clear with a recovery code you would not need to provide it to an organizer expect in legacy type situation. At least, that is the only time I can think of you'd provide it to them. Even then, the organizer may not be the heir/executor in charge of your estate. In such a situation, the organizer would likely not need to know the code. Only the executor or some other person you feel comfortable leaving the details to would need to access it.

    In an estate-type situation, the executor would likely receive the code with the will and other essential papers. They would also need to know the password to the email account to complete the recovery process.

    I would summarize it like this (My description as I might relay it to my children, who are my heirs.)

    Recovery code - Self-recover or estate situation.
    Recovery from a Family Organizer - assisted recovery or estate situation.

    Both recovery options would require access to the email address/account.

  • lopinc
    lopinc
    Community Member

    @ag_tommy got it, and yes please add me to the list of people who want a true "Emergency Recovery" type feature, which is hopefully even easier to implement now, thanks.

  • thedean
    thedean
    Community Member

    @lopinc

    Please scroll up and read my post dated May 16. I discussed how to provide email access in the process I designed for to allow for legacy access to my 1Password account. For a family account, the process is pretty simple. Just set up a shared vault with your trusted family organizer that contains only my email address and password. That way, in an emergency, through the standard family recovery process he/she can easily gain access to all my vaults if necessary. Since my family organizer is a trusted friend, I do not lose sleep over them abusing my email account.

    The process becomes a little more complicated if you have a individual account and a recovery key (and no shared vault). But in that case, you can provide your recovery key, email address and password to your executor, trustee or power of attorney in a legal document (like your will or trust) only to be used in the event of your demise.

    In either case, no one else has access to your master password or secret key unless you become incapacitated. Neither process is totally perfect, but I don't believe in making the perfect the enemy of the good. I feel these two options are good enough until such time as 1Password provides a completely automated process.

    I hope this helps,
    Dean

  • You're most welcome and I'd be happy to add your voice. It'll be there with with my own. :)

  • lopinc
    lopinc
    Community Member
    edited May 30

    @thedean thanks but my email is protected by 2FA so just the password wouldn't be enough (can't assume they'd have access to my authenticator app, what if my phone is lost with me). Also, what happens if the trusted person's 1P account gets hacked for some reason (trusting them doesn't mean they chose a good password and/or kept their secret/recovery key safe, etc).

    The larger issue is that we shouldn't need these convoluted work arounds, 1P should ideally provide a true emergency-access-if-something-happens-to-me solution the same way LastPass does, and since recovery keys are now a thing, it's technically possible, it just has to be implemented. Hopefully they'll get around to it.

  • thedean
    thedean
    Community Member
    edited May 30

    @lopinc:

    I understand your concerns.

    I too have 2FA on my email account. I use 1Password's plug-compatible authenticator in place of Google's authenticator. So, when I save my email address and password in a vault that my family organizer shares, she automatically get my email 2FA key as well. So 2FA is not an issue for me. And I actually prefer 1Password's authenticator over Google's because I think it is a lot easier to use.

    I understand your concern about your trusted person's account getting hacked because of their carelessness with protecting their master password or secret key. But I would argue that if you are worried about that, then you have trusted the wrong person. Trusting a person means more than just trusting their honesty. It also means trusting that they have the capacity to properly safeguard the secrets with which you entrust them. If you don't have that confidence, then you should find another person who embodies both those qualities. Also, even if 1Password were to implement a perfect fully automated legacy system today based around the recovery key, you would still have the same problem if you didn't trust that person to properly care for the recovery key.

    Finally, yes you are correct that the larger issue is that 1Password should provide an automatic emergency access feature. And as I said before, my short-term solution is not perfect. But I refuse to be paralyzed by inaction and not implement a good solution today because I don't have a promised perfect solution right now.

    I hope this helps.
    Dean

  • lopinc
    lopinc
    Community Member

    @thedean what do you mean by a "plug-compatible" authenticator? Do you mean you're putting the 2FA seed in the vault?

    In the way that LP implements it, you have a pre-defined amount of time to deny the emergency access request (x hours/days/weeks) that you can set before access is granted so that if the request for access isn't legit, you can deny it, so trust isn't an issue.

    Well my solution is to use LP until 1P implements it. :)

  • thedean
    thedean
    Community Member

    @lopinc

    Yes, you can put your current 2FA seed directly into 1Password and use it the same way you would use any other authenticator app (like Google, LastPass, Microsoft, etc.). I prefer it over other apps, because 1Password will auto-fill both my password and my 2FA code for me --- all hands free. You can find the documentation here: https://support.1password.com/one-time-passwords.

    If LastPass works for you, that's great. I dropped LastPass when they got hacked. There is risk in every decision we make. We all have to make our own personal choice about where we land on the risk/reward curve.

    Dean

  • Tertius3
    Tertius3
    Community Member

    @lopinc

    Well my solution is to use LP until 1P implements it. :)

    The history of security breaches of LastPass is a knockout criterion for LastPass. Even if it provides some very valuable feature, the service is simply not secure. It cannot be used, if you really value security. If I had been an LP customer, I would have canceled and deleted my account the day their last big breach became public a year and a half ago. No matter their shiny user interface.

    The two workarounds 1Password provides by either printing emergency kit, password and mfa qr code or printing the recovery code and ensure you're not losing email access by also printing the email password and email mfa QR code of that might seem tedious, but this will work.

    The problem is that the password service must distinguish the rightful owner of an account from an attacker who attempts account recovery using stolen information to gain access to the account. Today, common account recovery is performed by still having some secret, while other secrets have been lost or compromised. Legacy access for your heirs is no different. It's required the service distinguishes your heirs from some attacker who gained the same information that's available to your heirs.

  • lopinc
    lopinc
    Community Member

    @Tertius3 I understand your point, but I would argue that printing all that information is insecure in its own right, especially if a recovery code now negates the need for the combined 1P password+security key. Any future LP breach can be mitigated by changing the # of rounds of encryption cyphers used to a high and random 6-7 digit number, which I've done, as well as change all of the passwords contained within it (which I would have had to do anyway whether I moved to 1P or not). At this point, my encrypted LP vault is more secure out in the open than all those codes put on paper, and I get the benefit of true emergency access. Pro's and con's and to each their own.

    But again, the whole point of this is that all 1P has to do to win my business is to implement a feature that apparently many people are asking for and their competition already has. Their move.

  • Thanks folks I submitted the feature request. I really hope this is something we can excel at at after all passwords are very much a digital legacy.