Can I designate someone to aecess my acct when I die? Other than just giving them my pw?

pktex
pktex
Community Member

Can I designate someone to aecess my acct when I die? Other than just giving them my pw?


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:backup contact

«1

Comments

  • [Deleted User]
    [Deleted User]
    Community Member

    @pktex You can leave your Emergency Kit and Two Factor Authentication details with your will, but make sure you update it in the event of a master password change.
    Alternatively you can give your email password and 2FA to one of your family members to store in their Private vault and make another one of your family members a Family Organiser. In the event of your untimely demise they could then work together to recover your account.

  • ag_ana
    ag_ana
    1Password Alumni

    @pktex:

    Adding a second Family Organizer is indeed a good idea for this:

    Implement a recovery plan for your family

  • pktex
    pktex
    Community Member

    Thank you for your responses I'll take a look!

  • ag_ana
    ag_ana
    1Password Alumni

    You are welcome @pktex, let us know if you have any other questions :)

  • ag_ana
    ag_ana
    1Password Alumni

    @OlivierP:

    The first Family Organizer email might be inaccessible (by the second one) so the completion of the recovery plan is impossible!

    Right, access to that email would be necessary, as missingbits explained in their post above:

    Alternatively you can give your email password and 2FA to one of your family members to store in their Private vault and make another one of your family members a Family Organiser.

    Both are needed :+1:

    What is the behavior when using a 2FA in the situation I mentioned?

    There are several ways to temporarily disable 2FA if you have access to the Emergency Kit, so to all of the other login information:

    If you lose access to your authenticator app

  • ag_ana
    ag_ana
    1Password Alumni
    edited May 2021

    @OlivierP:

    We don't have specific plans at the moment, as far as I know, but I will pass your feedback to the developers :)

    ref: dev/projects/customer-feature-requests#29

  • ag_ana
    ag_ana
    1Password Alumni

    You are welcome @OlivierP! If you have any other suggestions, let us know :)

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

  • frapp
    frapp
    Community Member

    +1 on this request!
    A "family subscription" cannot be complete without handling deaths in the family. 100% guaranteed to happen if you wait long enough!!
    When sync'ing passwords with 1password.com, you know if a user has ZERO devices that connected for more that X days, e-g: 3 weeks.
    In that case you should send an email to that user (if enabled) along the lines of "If you do not log in to your 1password account within the next 2 weeks, we will initiate a procedure for member X Y or Z of your family to get access to your personal vault. Click here if you do NOT want this to happen."

  • Hi @frapp

    Please try to avoid posting similar / the same feedback in multiple places; it causes a duplication of efforts, which slows things down for everyone. We understand this is an important issue and will continue to evaluate how to best address the problem moving forward. Thanks!

    Ben

  • pktex
    pktex
    Community Member
    edited July 2021

    These comments have been very helpful. If I add a family member as a 2nd organizer, is she required to log in on certain frequency to maintain access? wouldn't expect her to need to do that, but some earlier comments about timing and number of days are confusing. I was hoping she could keep the needed access for when she needs it and not have to log in at a certain frequency. Please clarify? Thanks again.

  • [Deleted User]
    [Deleted User]
    Community Member

    @pktex The earlier comments on delay periods relate to a feature request. There is no need to login at specific intervals to maintain family organizer status. She will remain a family organizer until you revoke her status.

  • pktex
    pktex
    Community Member

    @rootzero Thank you for the quick and helpful response!

  • ag_ana
    ag_ana
    1Password Alumni

    Indeed, no need to keep logging in for this :+1:

  • pktex
    pktex
    Community Member

    You have all been so helpful with my original question and I've now added a family member to my account where she told me she created her own password. I notice it didn't specifically say "family organizer", is that another step? I further checked and it appeared I also had to actually give her access to view my specific vault which I did, so I think I did this correctly. My goal was for her to be able to view/access all of my info when I die. But does she need MY secret key and MY master pw? Or does she have her own secret key? And now that she is added to my account, does she have her own vault and can set up all her own info? Thank you all again. This is a sensitive topic and I just need to make sure I do it right.

  • [Deleted User]
    [Deleted User]
    Community Member

    @pktex There is an additional step to make her a family organizer. Go to the following page:
    https://my.1password.com/people
    Click on her name and you will see her devices and all the vaults to which she has access. In the left hand pane either "family member" or "family organizer" will be highlighted. If family member is highlighted then select family organizer.

  • pktex
    pktex
    Community Member

    @rootzero Thanks for your response, I discovered that area right after posting my question! Will my family member need MY secret key and MY master pw? Or does she have her own secret key? And now that she is added to my account, does she have her own vault and can set up all her own info?

  • [Deleted User]
    [Deleted User]
    Community Member

    @pktex Yes, if you have completed the following procedure then she should have received an email and clicked on a link to create her own master password and secret key. You would then have received an email with a link to confirm her account.
    https://support.1password.com/add-remove-family-members/
    Think of it like a company or team account. You are the IT admin creating an account for an individual employee with their own master password and secret key. You can decide whether they are an ordinary employee (family member) or an IT admin (family organizer).

  • ag_ana
    ag_ana
    1Password Alumni

    @pktex:

    And now that she is added to my account, does she have her own vault and can set up all her own info?

    Yes, if she received her own password and Secret Key, she will also have her own Private vault where she can enter her information :+1:

  • pktex
    pktex
    Community Member

    Thank you both for your quick and patient responses. Very helpful!

  • ag_ana
    ag_ana
    1Password Alumni

    On behalf of rootzero as well, you are welcome @pktex! :)

  • [Deleted User]
    [Deleted User]
    Community Member

    @pktex One more point I should mention. If you want your family member to be able to recover access to your Private vault when you're not around then she'll need access to the email account you use for 1Password. So best to save the credentials for this email account in a shared vault where she can find them.

  • ag_ana
    ag_ana
    1Password Alumni

    Correct. To clarify: this is because part of the recovery process sends an email to the user whose account is recovered. If you want the family member to also receive this email and act on it on your behalf, she would then need access to your email inbox.

  • pktex
    pktex
    Community Member

    Oh, well I do have all of my email accounts in my vault but I'll need to make sure show knows which one. Thank you for letting me know! You've been extremely helpful!!

  • ag_ana
    ag_ana
    1Password Alumni

    Anytime @pktex, we are here if you have any questions :)

  • Redarkrah
    Redarkrah
    Community Member

    I've read a few of these emergency access threads and they all seem a lot more convoluted than similar features in other products.
    In the event of my untimely demise, my spouse would have a lot more important things to do than figure out but, instead, she'd have to figure out how 1password works with little guidance.
    I see a feature request more than a decade old. It seems like this deserves some serious attention.

  • Hi @Redarkrah:

    It's very possible you may have seen these posts from me elsewhere on the Support Community, but just in case you haven't:

    Digital inheritance is something we've been looking at as previously mentioned, the catch is it's just a very hard problem to solve while meeting the needs of you now, as well as future you and your loved ones.

    We'd like to implement it in 1Password but we want to make sure we do it right, which when comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances, while also not being overly complicated to use, is not as easy as it might seem.

    Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to used a trusted physical solution such as a safety deposit box containing your Emergency Kit, or providing it to a family attorney with any other end of life documents they may store for you as well.

     

    It's definitely something we're exploring. More than anything, our goal is to make it cryptographically secure for us to be happy about putting it into the world, not just protected by access controls. We do offer the ability for family organizers in a 1Password family account to recover their family members, and similarly administrators in our enterprise offerings, but both cryptographically and using access controls, the person who controls the account remains in the loop and more importantly, the 1Password server never has enough information to decrypt any data.

    With all that said, it becomes significantly trickier to design a system that you don't have to trust when it comes to digital legacy. It's impossible for you to be in the loop, since you're incapacitated. What other password managers tend to offer is a key escrow solution. A key to your encrypted data is then encrypted itself. This key is encrypted using the public key half of a keypair. The person you have selected as your emergency contact has the private half of the keypair in their password manager account. When this individual requests access for digital legacy reasons, you receive notifications to stop the recovery process, and if you do not stop it in time, your encrypted data key is sent to the individual, and as they have the private key, they are able to decrypt the key, and then decrypt the password data sent by the password manager as well.

    The catch with this method though is when you distill it down, in the event of you being incapacitated, your data is not protected by cryptography, your data is protected by access controls. The only thing preventing the password manager service from sending your encrypted key as well as your encrypted data to the emergency contact is trust. There's no cryptographic lock preventing them from doing it, it's just a promise.

    I hear you, and I understand that this is a feature that you've asked for and many others have as well. If we do implement it, we want to make sure it's done with the trust in cryptography people expect from 1Password, not just access controls.

    If you have more questions I'd be happy to dig into this with you!

    Jack

This discussion has been closed.