About emergency contact

hepify
hepify
Community Member

Hello everybody ๐Ÿ™‚,
I have read many discussions about introducing an "emergency contact" method as other managers, but I agree that this solution is implausible for 1password's structure and could lead to more problems than advantages.

My idea is to take advantage of managing an emergency contact in 1password itself without going out of the box. In particular for those who use 1Password family.
The principle is always the same, time; a user who is part of a family account can choose a vault and/or a set of items (logins, documents, credit cards, etc.) that will be shared (copied for example) on the vault of another family user marked as an emergency contact.
The elements are automatically shared when the main user, for example, no longer accesses his 1Password account for a certain amount of time, or following a request from the emergency contact and then all the necessary checks.

I know that the solution to all this is to print your own Emergency kit and then manage it as best as possible, but also a software solution would not be bad.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Hi @hepify

    This is definitely an interesting challenge that we'd like to come up with a solution for. I don't have anything specific to share at this point, but it is a problem the team is looking at.

    Thanks!

    Ben

  • ansel4
    ansel4
    Community Member

    I am constantly looking at switching away from 1Password for it's lack of true digital inheritance (emergency contact feature). Handing someone the emergency kit now is not the same thing as I don't want them to have access now to my account, only if something were to happen to me. This is very disappointing that 1Password still can't/won't offer the emergency contacts feature as nearly everything else about 1Password is ideal. But this lack of feature is becoming a deal breaker.

  • Jack.P_1P
    edited October 2021

    Hi @ansel4:

    Digital inheritance is something we've been looking at as previously mentioned, the catch is it's just a very hard problem to solve while meeting the needs of you now, as well as future you and your loved ones.

    We'd like to implement it in 1Password but we want to make sure we do it right, which when comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances, while also not being overly complicated to use, is not as easy as it might seem.

    Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to used a trusted physical solution such as a safety deposit box containing your Emergency Kit, or providing it to a family attorney with any other end of life documents they may store for you as well.

    Jack

  • ansel4
    ansel4
    Community Member

    Thanks for the reply. I've seen that it is something you guys are working on which I appreciate. I obviously am not close to the technical details but I do know that Lastpass, Dashlane, PasswordBoss, Keeper Security, Roboform and Bitwarden have all included Emergency Access features that allow the account holder to establish emergency contacts which can (thru their own free or paid accounts) request access to the account in the event of an emergency. The key functionality here is that if they jump the gun and try to gain access before you want them to have access you can stop it by acting on the email request for access that you get. If you are incapacitated the request will time out (after whatever allotted time you specify) and then they can get access. It is a near perfect solution to digital inheritance as you don't have to worry about handing the keys to your digital world over prematurely but it gives your trusted contact the ability to gain access when you are incapacitated. Right now I have had to pay for another password service to use their emergency access feature AND pay for 1Password. The time will come where I'm not willing to do that and require an all-in-one solution and will have to switch to Bitwarden or another service that comes close to offering the password filling, visual software appeal and user friendliness that 1Password offers AND the critical Emergency Access/Contact feature as described above.

    I really do like 1Password, but it has been years where this feature has been suggested via 1Password forums and via support and sadly there is still nothing to show for it. I'm certainly not trying to be critical or rude, but want to share how important this feature is to me and I know many others. Thanks for listening.

  • @ansel4:

    It's definitely something we're exploring. More than anything, our goal is to make it cryptographically secure for us to be happy about putting it into the world, not just protected by access controls. We do offer the ability for family organizers in a 1Password family account to recover their family members, and similarly administrators in our enterprise offerings, but both cryptographically and using access controls, the person who controls the account remains in the loop and more importantly, the 1Password server never has enough information to decrypt any data.

    With all that said, it becomes significantly trickier to design a system that you don't have to trust when it comes to digital legacy. It's impossible for you to be in the loop, since you're incapacitated. What other password managers tend to offer is a key escrow solution. A key to your encrypted data is then encrypted itself. This key is encrypted using the public key half of a keypair. The person you have selected as your emergency contact has the private half of the keypair in their password manager account. When this individual requests access for digital legacy reasons, you receive notifications to stop the recovery process, and if you do not stop it in time, your encrypted data key is sent to the individual, and as they have the private key, they are able to decrypt the key, and then decrypt the password data sent by the password manager as well.

    The catch with this method though is when you distill it down, in the event of you being incapacitated, your data is not protected by cryptography, your data is protected by access controls. The only thing preventing the password manager service from sending your encrypted key to the emergency contact is trust. There's no cryptographic lock preventing them from doing it, it's just a promise.

    I hear you, and I understand that this is a feature that you've asked for and many others have as well. If we do implement it, we want to make sure it's done with trust in cryptography, not access controls that people expect from 1Password.

    Jack

    ref: dev/projects/customer-feature-requests#29

  • ansel4
    ansel4
    Community Member

    Thank you for your thoughtful and thorough explanation in words that made sense to me. I'm sure it's all quite complex but you did a great job breaking it down. Happy that you all continue to work and try to solve it. Thank you!

  • @ansel4:

    You are very welcome! :chuffed:

  • bakkie
    bakkie
    Community Member

    Thanks for the explanation. It is complicated but I really hope you will develop something as there is definitely a huge demand.

  • @bakkie:

    You're very welcome as well! :smile:

This discussion has been closed.