Signing back into the Community for the first time? You'll need to reset your password to access your account.  Find out more.

Forum Discussion

Former Member's avatar
Former Member
2 years ago

1Password Access after Death, Legacy Contacts

I am not planning to die anytime soon, but sometimes things happen. Beyond securing my 1Password details in an Escrow account, or with a lawyer, or in a bank lockbox, does 1Password offer any mean...
discussion
Zorak's avatar
Zorak
New Contributor
12 months ago

Add me to the long list of people (judging by the number of search results in Google for this sort of thing) who are strongly in favor of some kind of time-delayed emergency/contingency access feature similar to what LastPass has. In previous discussions I have seen "security" cited as the reason 1P has not implemented such a feature, and granted there is always a tradeoff between security and convenience, but the "user story" I would like the product management team to consider is:

  • I have close family/friends I would trust to manage my affairs in case I am incapacitated or dead
  • In many cases I may already today be using Family product features to share secrets/creds with them
  • But only to a limited subset of accounts, because I do not necessarily trust them to have the same amount of tech savvy or paranoia etc. as I do, and I don't necessarily want to give them full access to all my financial data etc.
  • And when I say "them" I mean "them, or anyone who compromises their devices/accounts, or can be in a position to extort/coerce it out of them" -- this is why the time delay feature is crucial. If I am actually alive and functioning :) it gives me time to veto an unauthorized access. If I am dead or in a coma, then giving my loved ones access to my info becomes a priority and outweighs any concerns I might have about their security hygiene.
  • For the above/similar reasons, sharing the Emergency Kit and actual passphrase is a non-starter
  • The "recover accounts for family members" feature doesn't work either, because you can't (I believe) recover your own account, and in a scenario where I'm dead, it doesn't help if a trusted person can "recover" my account because they would need access to my email to complete the recovery.

There are always tradeoffs involved; the goal is to make the consciously and knowingly. If 1P feels this sort of feature renders the product inherently less secure, it can still implement it and make it optional, with lots of warning dialogs and disclaimers that people have to click through to enable it, but they can still make that choice for themselves.

If I'm missing something and/or there's an existing way to address the above concerns, I'm all ears!

Alternatively, I would be much happier sharing my emergency kit with people if there was a "when your Emergency Kit is used from a new location, send a notification and require either 2FA or ___ days to elapse before it can be used" option available, which accomplishes the same thing.