@OneWordPast It's a little baffling that you don't feel comfortable printing the emergency kit, yet you would be happy with an app that essentially has a back door created that could be exploited? By 1Password not knowing any of our credentials, yes we lose some convenience but it means our data really is safe.
Now to try to help, I see you have a family account, What I personally have done is I have both myself and a family member as 'Organisers' giving us both recovery powers.
I then have a shared vault with that other organiser which contains my email account credentials.
This would give me the ability to recover their account and vice versa without any compromise in security as the person is trusted, just as they would have to be with the Lastpass model.
You would also be alerted if they did try to do anything untoward, as most email accounts with any kind of security will give you alerts of all new log ins, just something for you to try
That's a good point. I can certainly understand that some people may not want to share their email account credentials, but that may be an acceptable approach for many. Cheers!
Well, with Sharon's Secret Sharing, 1Password doesn't have to hold any keys. It just has to assemble a key from data provided by trusted friends. Sad that nothing has happened here. There is no real-world solution that is as secure as Sharon's Secret Sharing, so I think 1Password is failing to serve a need here.
@greening - we'd love to have a truly comprehensive and secure approach to legacy management; that's something which has been on our "someday" wishlist for quite some time. It's still on that list. But we may be coming to a point where the kind of developer-cycles it will take to implement such a thing securely across all our platforms and the server may be less of a "someday" thing and more of a real possibility.
That said, the development of any such mechanism that would allow for access to a user's 1Password data by programmatic (rather than social) means by individual(s) other than the account holder themselves is not quite as cut-and-dried as it might initially seem. We'll continue to study the problem, however, and how we might be able to come up with a solution that meets our own standards as well as the security our users have come to expect from us. Thanks for weighing in on the subject!
Here is a solution posted by a Reddit Member in regards to how they do the whole Executioner thing. Seems like a solid way to do it I suppose.
"1Password has the features required for tolerably secure Executor credentials. Create an Executor user in 1Password for Families, sending the invitation to an email address you control. Pick a robust password, print the Emergency sheet, store the Emergency sheet with your will, and grant the Executor user read access to your Vaults. You can change your own password whenever you want without having to update the Executor’s instructions. The person acting as Executor cannot access your passwords until you die."
That sounds like a reasonable plan, assuming you don't use the built-in Personal / Private vault at all, or only use it for items you don't wish to pass on. The executor account would not have access to the items stored in that vault.
Ben, I personally haven’t looked into it, but is there no way to grant access to a personal vault to another family account? This would make that executioner account work as intended —- as long as you store the login info for that account on the emergency kit in a Will.
The Personal / Private vault cannot be shared, however you can create a new vault, share that vault with the executor, and then move the items from the Personal / Private vault there.
Now we're talking, @Ben. This may be a great work-around that's I think is about the most secure way. That way whoever is in your Will will have the aforementioned Executor login information and can log in and see whatever Secure Notes / Logins you've moved in there. The only pain in the neck may be when Passwords are changed as they don't automatically update in all vaults, only in the private one so you'd have to be diligent in also copying the new Password to the entry in the shared vault.
You can set your default vault, so that those items are automatically saved in a vault that is shared, if that is a concern. For example in 1Password > Preferences > Vaults in 1Password for Mac you can change the vault for saving there.
I've been puzzling over this lately, too. Please critique this idea: If I die, and my wife has already passed and I want a relative who is a "successor executor" to have full access to my family account shared vault (I keep everything there so my wife has access) , I could... Give such successor executor my master password, but not my secret key. I could tell them that in the event of my passing, they can retrieve my secret key from a paper file in my home office (that paper would show my secret key–but NOT my master password)*. As long as they only know my master password, they cannot access my vaults until they also have my secret key. I would store the login info to my devices (iPad, phone, desktop, laptop) within a file in my 1Password shared vault. The executor would be able to log into my account on their OWN device once they have paired my master password (which I told them) and my secret key (which they would find, per my instructions in my desk), then they could find the login credentials for my various devices.
*This scheme prevents me from having to have 1 piece of paper at home that has both my secret key and my master password on it, as such a single piece of paper could, in theory, be found in case of burglary or nosy house sitter or if a tornado scattered my office files around the neighborhood.
Any flaws in this plan? Any simpler way?
The risk there would be if said individual gained access to one of your devices that already has your account logged in they would be able to unlock 1Password on that device using your Master Password. Additionally it does mean that if you ever change your Master Password you have to be diligent about updating that person with the latest info, otherwise if you change without notifying them they'll have no access when you want them to. Those would be the only caveats I can think of off-hand. If you're comfortable with that, then this may be a reasonable approach for you.
im now trailing Family accounts on both 1password, and lastpass...
and do love this option on lastpass.. but after reading why 1pass (why dont you own/redirect from that domain?)
doesn't include this function, as they would then hold all keys, and thus be a weak point, i can now totally understand !!
and commend them on, and why atm im going to move to 1password services
back on subject, after reading a around, i do feel i like the idea of greening's post of the Shamir's Secret Sharing algorithm, makes the most sense, and can be implemented MANY ways !
1password doesnt hold the keys, so gives the user the power and options, also having the options for as many splits could open up great possibilities and security...
for example, can be giving to all your 4, or 6 children, will make them get together on your demise too ..
or set up with sister/brothers, or 1 trusted friend and solicitor/will,
maybe a treasure hunt style game to be completed...
makes the options endless..
but one thing i have found that could be used NOW ...
is a dead-man-switch type email, with details of say, the secret key, and the way/location of getting master pass..
with services like facebook, or better still google ( https://myaccount.google.com/inactive ) of which ive only recently found they do ..
which gives us an option right now to set up a email with secret details in it, to be sent if no activity on your google account (thus not logging into your android/phone
but the split shamirs secret sharing optionwould be safer ! as google or whoever wouldnt be holding all the clues either...
Thankyou Mick ...
Thanks for your feedback @gadget78. Full disclosure: I do believe LastPass has found a way to offer this feature without escrowing the encryption keys. You may wish to double check with their team what exactly the situation on that is.
We certainly recognize the desire for some sort of technical solution to estate planning w/r/t account access within 1Password. It is something we've been looking at for some time. As you might imagine, if we're going to take it on, we want to be sure we're doing so in the most responsible way possible. I hope that we will eventually have something to offer in this regard, but I can't make any promises on that, and to be as up front as possible: it isn't something we're actively developing. As such if it does come, it may be quite some time in the future.
Thankyou for the honesty, ive not read, or seen anything on that !,
but this open and honest approach is whats made me 95% sure im gonna swop to 1pass...
just awaiting on how the Mrs gets on with them (she never used a manager before !) ..
defo seems the @greening 's post of the Shamir's Secret Sharing algorithm, would be best outcome !
but for now googles "deadmanswitch" email is the route i will probably take...
again Thankyou for not only the prompt reply, but the honesty in findings and the current roadmap ..
You're very welcome. And thank you for the kind words.
@Ben ; given the recovery process you have for a family organizer (or manager/admin in teams); it would seem most of the work is done. In a recovery scenario; the encryption key for the recovery persons vault is already encrypted by another key (one or more family organizers). For inheritance/legacy means; it would seem reasonable either everyone in the family; or perhaps "inheritors" have a second copy of the vault key encrypted but not available to them. Upon death, one would initiate a process similar to account recovery; though in this case the "deceased" would get an email their account was trying to be recovered after "n days" (again managed by the individual prior to death). When the email comes; if I'm not dead; I can "decline" the action. If I am deceased or otherwise incapacitated and can't reply to the email in some amount of time; then the recovery process begins; but in this case the person doing the recovery (vs the original owner) ultimately gains access to the vault.
This entire process; similar to family vault recovery; would deserve disclosure as this does require some level of "knowledge" and process on the side of 1Password and dependence on email. Just like vault recovery; one would have to have some level of trust among the parties involved; but should not require 1Password to hold the keys?
Thank you for sharing your ideas with us! We can definitely keep this into consideration while we discuss this sort of solution
I appreciate this discussion and look forward to Agilebits/1Password developing a robust solution. I am well and hope to be for years to come; however, as I'm recently embarked on my eighth decade, this retired emergency physician knows there is an end.
1Password has become a repository of all sorts of private and personal information. Of any app I use, it is the one that's feature set is most completely in use by me, my wife and son. I will temporize with a paper-based solution, external to the app.
I encourage the 1Password team to explore aspects of healthcare "break glass" scenarios, specifically the notification component and think about how immediate notification coupled with time lag to access might enhance social aspects of security. Also, consider how a token used by the account owner routinely, if used by another family member could both provide notification to all family members and start a countdown of a few days to some form of access, perhaps with the token owner's encrypted master password in each family member's vault that's invisible and encrypted until the token is used and the time elapsed. The time lapse would allow the true owner to change the master password and lock the family member's vault in the event of misuse.
Just brainstorming here. I'm not a security guru, but I've spent a large part of my career thinking about how information could be secured, yet made accessible in certain circumstances.
Thanks for the insight here, @sjdmd. We appreciate the perspective.