Just switched from LastPass... missing 2 major things?

Hey @Delhitful88:

Thanks for giving us a try!

Those are some great questions.

Emergency recovery / legacy management is something we've discussed a few times here on the Support Community, so I'm sharing some of what I've said previously.

Digital inheritance is something we've been looking at as previously mentioned, the catch is it's just a very hard problem to solve while meeting the needs of you now, as well as future you and your loved ones.

We'd like to implement it in 1Password but we want to make sure we do it right, which when comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances, while also not being overly complicated to use, is not as easy as it might seem.

Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to used a trusted physical solution such as a safety deposit box containing your Emergency Kit, or providing it to a family attorney with any other end of life documents they may store for you as well.

It's definitely something we're exploring. More than anything, our goal is to make it cryptographically secure for us to be happy about putting it into the world, not just protected by access controls. We do offer the ability for family organizers in a 1Password family account to recover their family members, and similarly administrators in our enterprise offerings, but both cryptographically and using access controls, the person who controls the account remains in the loop and more importantly, the 1Password server never has enough information to decrypt any data.

With all that said, it becomes significantly trickier to design a system that you don't have to trust when it comes to digital legacy. It's impossible for you to be in the loop, since you're incapacitated. What other password managers tend to offer is a key escrow solution. A key to your encrypted data is then encrypted itself. This key is encrypted using the public key half of a keypair. The person you have selected as your emergency contact has the private half of the keypair in their password manager account. When this individual requests access for digital legacy reasons, you receive notifications to stop the recovery process, and if you do not stop it in time, your encrypted data key is sent to the individual, and as they have the private key, they are able to decrypt the key, and then decrypt the password data sent by the password manager as well.

The catch with this method though is when you distill it down, in the event of you being incapacitated, your data is not protected by cryptography, your data is protected by access controls. The only thing preventing the password manager service from sending your encrypted key as well as your encrypted data to the emergency contact is trust. There's no cryptographic lock preventing them from doing it, it's just a promise.

I hear you, and I understand that this is a feature that you've asked for and many others have as well. If we do implement it, we want to make sure it's done with the trust in cryptography people expect from 1Password, not just access controls.

Additionally, if you wanted, you could make the family member(s) you'd like to have access to your account in event of an emergency a family organizer. That would give them the ability to recover your 1Password account in the event it was needed.

As for authorizing devices, using two-factor authentication for your 1Password account should be exactly what you're looking for. Let me know how you get on with that!

Jack