Emergency Kit Tweaks

joliver1
joliver1
Community Member

Short Version:

A few simple tweaks to the printed emergency kit document could make things much more secure:
1. The emergency kit should be two pages.
2. The emergency kit should be printed twice.

The first page should be the standard emergency kit as it currently exists, but instead of a master password field, it should indicate the existence of the second page, e.g. "See 1Password Emergency Kit, Page 2"

The second page would contain the following:
1. Team name (URL)
2. Account email
3. User-provided, hand-written master password
4. "Account Key: See 1Password Emergency Kit, Page 1"

This kit would be printed twice and each printed page would then bit stored in separate, physical locations.

Long version:

I'm using both Teams (at work) and Families (at home). 1Password is the central point of my digital ecosystem. I have read the entire 100+ page architectural guide for 1Password for Teams. You guys have really done your homework on this and I am thoroughly impressed with how you guys have thought through all the scenarios. That said, the Emergency Kit feels like somewhat of an afterthought, but can easily be adapted to be more secure.

While the average user will probably want everything together, e.g. the account key and master password, this maybe shouldn't be the default recommendation.

What I do, as noted above, is print two emergency kits. But my emergency kits don't have the password written on each copy. The kit only reference the existence of another printed document which contains the password. The password document is also printed twice and has all of the recovery information except the account key.

I then store each piece of paper in a separate location. For example, the emergency kit as it now exists (just the account key) could have a copy stored at work in a desk, or at a locker at school. Another copy of the same could be stored with a friend or relative. Finally, one copy of the master password document might be stored in a safe place at home as well as another copy with relative or even a safety deposit box.

Only when one copy of the full, 2-page emergency kit is brought together can the account be unlocked.

The only time it would be truly necessary to bring these documents together is:
1. Death/incapacitation of the user holder.
2. Complete loss of digital devices, e.g. theft, fire, etc.

I have been digging through the forums and a few people have raised concerns about having everything together in one place:
https://discussions.agilebits.com/discussion/comment/292722


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • jpgoldberg
    jpgoldberg
    1Password Alumni

    Hi @joliver1!

    Those are great suggestions. Yes, for some people it very much does make sense to store the paper with the account key separately from the paper with the Master Password. (Indeed, I do exactly that). So I definitely support what you are getting at.

    At this point, however, we are just trying to make sure that people do make paper backups, particularly of their Account Keys. If we were to follow your suggestion in the actual presentation of Emergency Kits, its most likely effect would be to put people off from printing one (or from signing up). Maybe, someday, we will add something like what you suggest as a "super Quest", but at the moment we see a larger threat to data availability (through people losing their Account Keys or forgetting their Master Passwords) then through capture of the Emergency Kits.

    For those who do see capture of the Emergency Kit as a threat, then doing something like what you describe is always an option. Produce an Emergency Kit that you don't add your Master Password to, and produce some other document with your Master Password. It would be nice if we had a button to push for doing something like that, but at the moment we are focusing on the simplest things we can do to improve people's data security.

  • joliver1
    joliver1
    Community Member

    I figured the reason was something to do with getting customers to make some kind of backup and having a two-page PDF increases the cognitive overhead of the process—especially for new customers who are completely unfamiliar with how things work.

    I just wanted to make sure I'm not crazy for splitting the keys and storing them separately.

    Kudos on another great product!

  • You're definitely not crazy. In fact I think that is a great approach and it seems jpgoldberg agrees. :)

    Thanks for the kind words, and for the feedback on this issue.

    Ben

This discussion has been closed.