After some searching it sounds like this is a feature request and if this is the wrong place to submit feature requests please let me know.
The way LastPass solves this problem (high level description) is by encrypting my vault such that either I or a designated survivor can unlock it. However, LogMeIn (LastPass company) does not give my designated survivor the encrypted vault. If a survivor attempts to unlock my account, LogMeIn will attempt to contact me via email and then wait an amount of time I designated before sending the requestor the encrypted vault.
The nice thing about the LastPass system is that if my survivor's LastPass account is compromised while I'm still alive, this will not do any good unless LogMeIn colludes with the attacker and gives them the copy of my vault that is encrypted using my designated survivor's password. If they do compromise my survivor's account, they can initiate a recovery which will involve LogMeIn attempting to contact me and let me know that a recovery is in progress. If I set the recovery delay to a sufficiently long period of time, it becomes very unlikely that the attacker will succeed unless I am dead/incapacitated.
The problem with the 1Password solution to survivorship is that an attacker only needs to compromise my email and my designated survivor's last pass password. Since my designated survivors are not very good at operational security, this means that the "hard part" of such an attack is compromising access to my email, which can be done at the DNS layer, mail server layer, or local computer layer. On top of that, the attacker only needs read access to my email, they do not need write access. This means they can passively sniff email communication from AgileBits to me (which is largely unencrypted when routed over SMTP) to finish the recovery after compromising my account.
With the LastPass solution, the attacker needs to compromise my survivor's account (same with both tools) and they need to compromise my email in a way that makes it so I do not receive the recovery email for the recovery duration (e.g., 2 days, 2 weeks, etc.), but they do. This means if they execute something like a DNS attack it would need to be incredibly well timed such that I fail to notice that email to me is being re-routed and resolve the issue prior to the email coming from LogMeIn.
The LastPass solution could be further improved by adding more ways of attempting to contact me prior to releasing the encrypted vault. For example, if they tried email, snail mail, SMS, phone, etc. all in an attempt to reach me during the recovery window then an attacker would have to attack all of those communication channels in a way that I don't notice, which is incredibly difficult.
I really want to switch to 1Password and recommend it to my friends, but this and a couple other OpSec related issues are currently preventing me from doing so. In this case, 1Password is making the critically incorrect assumption that account recovery keyholders follow at least as good operational security measures as the account holder being recovered. Without that assumption, 1Password's recovery mechanism reduces to a strength that is only slightly better than "as secure as the weakest recovery account". For business use cases, assuming the account recovery team follows better OpSec than everyone else is probably a pretty reasonable thing. However, for the family use case there is almost certainly a wide range of OpSec practices followed across members, yet the data being secured by 1Password may differ in terms of criticalness across those members.
On top of that, in the business and family scenario it is possible (and potentially trivial) for a designated recoverer to gain temporary read access to the account's email, thus allowing them to do the full recovery process by themselves in a short amount of time with no opportunity for intervention.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided