Family Sharing / Accessing Passwords on Incapacitation

BillJn
BillJn
Community Member

I'm looking at 1password as a possible solution to my family having multiple solutions for password management. I love the concept of one account with secure vaults with the capability of sharing common items such as a Wifi router password or a commonly used account. I haven't been able to figure out the 1password strategy to make one's passwords available to others in the event of death or incapacitation. For example if I was unconscious I would want my wife or children to gain access to my passwords (iphone, bank etc.). With iphone encryption impossible to break my wife or I would never have access to my children's accounts or picture if something happened. As far as I can tell short of writing everyone's master passwords down on paper in plain text and everyone trusting everyone not to look at it I don't know how to make this happen in 1password. Is there any concept of authorizing access if a request is made to another person's vault and if not denied over a period of x days or weeks the passwords become accessible? or something similar? what am I missing? Thanks


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Lars
    Lars
    1Password Alumni

    Hey @BillJn!

    Thanks so much for taking a look at 1Password as part of your digital security! I hope you've had a look at 1Password Families, as that's far and away the best option for most families. If not, definitely give that a look.

    The estate planning issue is an excellent question, and one we've been giving serious thought to as well. At present, there's no dedicated solution to this problem in 1Password -- we've been focused on the launch and refinement of the core features of 1Password accounts recently, but it's something we've already been thinking about for the future. We'd want to take the time to make sure it's done both securely and in a user-friendly way, of course, so I don't have anything to announce regarding it at present.

    However, I do have a suggestion for you, though it's one better dealt with privately. If that's OK with you, please email us at support+forums@agilebits.com and please include a link to this thread in your email, along with your forum handle so that we can "connect the dots" when we receive it.

    You should receive an automated reply from our BitBot assistant with a Support ID number. Please post that number here so we can ensure that this issue is dealt with quickly. :) Thanks for your cooperation.

  • BillJn
    BillJn
    Community Member

    Thank you. #WNB-29777-487

  • Lars
    Lars
    1Password Alumni

    Thank you, replied!

  • emoret
    emoret
    Community Member

    I too, am interested in the answer to this question. Is there a way for me as the 1password administrator to unlock the private vault of a family member in case of incapacitation?

  • The short answer is no. There is no feature of 1Password that allows one individual to access another individual's private vault. This is by design. One possible way to handle this would be for each individual to leave a copy of their Emergency Kit with their will, or in a safety deposit box that would be available to the estate upon their incapacitation.

    Ben

  • vozhyk87
    vozhyk87
    Community Member

    I've been thinking for a while that an elegant solution to this problem would be an awesome feature to have. Perhaps setting up a Trusted Person contact who gets emailed the master password if, say, an owner does not unlock 1P for a set period of time. Anyways, I hope this is considered for some future release.

  • Perhaps setting up a Trusted Person contact who gets emailed the master password if, say, an owner does not unlock 1P for a set period of time.

    In order to do that we would have to have their Master Password in order to email it to the trusted person. That is not a position we're willing to put ourselves in. That sort of access to customer data is the difficulty many other services have/are running into.

    We intentionally never have access to either your Master Password or your Account Key. This protects us (and ultimately you) such that if our servers were compromised there is nothing of real value there. All an attacker would be able to get is encrypted blobs with no way to decrypt them.

    Ben

  • Martok
    Martok
    Community Member

    Would a solution using public-private key cryptography be a possible solution, or are there insecurities with this?

    A competitor offers an "Emergency Access" solution which uses public and private keys (I won't link to this here unless requested but it should be easy enough to search for).

    If this is possible then it would be a good solution for those who can't easily utilise the "leave the emergency kit with the will" type solution (which does have issues in that, if you wish to change your master password, which you may want to do every so often, means updating and re-storing the updated document). If however the public & private keys solution isn't safe, then it's important that we know this and why.

  • AGKyle
    AGKyle
    1Password Alumni

    @Martok

    We do have ideas for how we could implement this type of feature. And I think it's one we'd most definitely like to bring to 1Password Family eventually. I'm not sure if or when this might happen, but I believe a very large contingent of our team uses the Family solution with their families. A few may be using the individual solution instead though if they have no sharing needs. Given that we'd like to have this option available to ourselves means it's something we have a bit of a vested interest in. I just can't promise anything, nor could I promise anything about how it's implemented.

    What I do, at least until then is far more straight forward than putting it in my will directly. I have a safe deposit box at my local bank. Not only do I visit this box weekly to put my latest weekly backup in it but I also store a copy of my 1Password Emergency Kits there. My parents have access to this box as well (I'm single, unmarried, no kids, etc so they're the emergency contact) and know that in the event of a problem that is where they look. My will is there, all my important documents like car titles, mortgage information, etc is there. There's also one more important document though and that is "All the things they need to do in the event of death or serious injury" which I like to think is mostly to make their lives easier if anything were to happen. They've got enough to worry about I don't need the financial side of things to be complicated. In this document I outline which accounts need to be closed, retirement accounts, where important documents are placed, relatively vague guidelines for how to sell various collectible items I have (some are valuable), and how to access my 1Password data.

    I look at my will as merely a way to divide up and handle my estate should that need arise, but the instructions for what to do in the event of a problem is separate, at least in a way, and that is where my 1Password information lives. If I were to get married, this set of documents is equally as useful with some relatively minor modifications.

    And of course, my family all uses 1Password Families, and each of our houses has a separate vault. This helps a lot for things like wifi passwords, router admin passwords (since my parents don't manage that stuff), garage door codes, emergency contact information, and relevant to this particular topic a Secure Note for "In case of Emergency" which contains a very general set of instructions for how to get started with all of the above information.

    Technically, all the accounts to cancel, etc are always more up to date in the vault but I update a paper copy every few months.

    This is just how I handle it and it's never a fun conversation with family members but I figure if something were to happen this is the least I could do to try to make their lives easier. They don't have to put all this crap together, they have step by step instructions for how to proceed. I've even done the homework of "if I die, make sure you get ~15 death certificates because they'll be needed for x, y and z."

    At least I know that if something happened I've done all I can to make the process for them easier from that perspective.

    And back to your original question, I hope that however we do this in the future it'll make things easier for me to explain and easier for my family to use than my current setup. My current setup isn't hard, but, it's not quite as awesome as potentially having a "Disaster Recovery Kit" or something like that which targets this scenario better.

    I hope that helps with reassuring you that we're hopeful we can provide something like this and also gives some ideas for how others can make adjustments to how they do things to potentially make it easier in the interim. If you have any questions though, please let me know :)

  • architect1337
    architect1337
    Community Member
    edited October 2016

    For me - I would put the Emergency Toolkit (with the password bit left blank) with a will and store with a lawyer / safety deposit box- then store each others master key in a special 'if something were to happen to me' vault. Even if you have the master key (or someone manages to get it), without the account key, you can't get into the account.

    This way, you can change the master password as much as you want (and, of course, update this in the shared vault). Any security issues with this?

  • AGAlumB
    AGAlumB
    1Password Alumni

    @architect1337: The only risk there is that someone who has your Master Password shared with them could login as you if they also have access to a device/browser that you've authorized (which therefore has the Account Key saved locally). This describes a friend or family member for most of us, since they are most likely to have access to a shared vault and/or our devices. So the security risk comes down to knowing who you can trust and making sure you don't share information or devices with anyone else. Cheers! :)

This discussion has been closed.