What is the use case for the last recovery completion step?

zygis
zygis
Community Member
in Business and Teams

Hey,

I would like to know about the recovery process. Every step makes sense except the last step, where the admin should confirm the recovery completion.
It seems that this is an unnecessary step. If the admin and the user who requests the recovery are in different time zones (EU and US), this last step creates some friction, and the user is locked out of their account for longer than needed.

I believe this step was added due to some scenario or use case, but I can't figure this out. Is it still necessary?

I would love to see this step as a setting that I could just turn off.

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • GreyM1P
    GreyM1P

    Hi there @zygis

    That last step grants the recovered user the access to the vaults they had before. They'll have generated new credentials during recovery (a new Secret Key is generated and they make a new account password) and that derives a new Account Unlock Key for that user. Someone in the Recovery group needs to confirm that recovery to make that Account Unlock Key valid so that the user can access the vaults they could do before the recovery.

    If you would like more detail, page 57 and 58 of the 1Password Security Design white paper go into this in depth, including how keys are handled.

    Let me know if you have any questions. :)

    — Grey

  • zygis
    zygis
    Community Member

    Hey @GreyM1P

    It looks very good on paper.

    Let's take the same example with Bob and Carol. Bob lives in the EU, and Carol lives in the US. Their office hours are barely touching.

    1. In the morning, Carol realizes that she can no longer access her passwords. Carol writes a message to Bob and goes to the morning meeting.

    2. Bob sees the message and initiates the recovery.

    3. After an hour, Carol sees an email about the recovery and proceeds with the steps. The last step requires Bob's action again. But Bob is no longer at the office.

    4. Carol is not happy, and she really needs to access some accounts. One action she can do is to reset her password to some "temporary" one and go with her day.

    5. Bob probably checks his emails once he is at home or maybe the next morning. He completes the recovery. Carol has already finished her day.

    6. The next morning, she sees a bunch of emails from various other tools, newsletters, and one email about a finished recovery process. Due to how busy people are these days, the probability that Carol will change her password again is low.

    At the end of the day, Carol is happy. Bob is happy with the false sense of security. But the company that hired Bob and Carol is now less secure because they chose a password manager that is so secure on paper that it even affects the the UX in a way that Carol took that insecure step in the first place.

    Just my two cents here. Anyway, I got my answer. Thanks.