1Password Access after Death, Legacy Contacts

Some of our users provide 1/2 of the password to another family member and another half to another family member.

The use of the Emergency Kit is the only available option. Feel free to look around the community. You'll see varied suggestions from many folks here in the community. As with any important or legal document, you must take appropriate safeguards to ensure its safety. I lock mine behind a safe door, and only I know the combination, too. In the event of my demise, my heirs will need to access it. Outside of that, I also have it stored in a bank safety deposit box for disaster preparedness.

It should never be left out in the open for anyone to find.

Gotcha. I'll get that portion before the team. Thanks for clarification.

Emergency access is a huge glaring need. Please add this feature. I switched to 1Password from LogMeOnce for good reasons LMO was glitchy and has a clunky user interface. 1Password is so much better, EXCEPT I'm seriously missing the Emergency Access feature. Obviously a lot of users and potential users agree. Please get this done.

I have just moved from Bitwarden to 1Password. I find that 1Password is just a little more "polished". The emergency access in Bitwarden, previously mentioned by nNfEfRtqUHrmDWYdocjh is something that did give me some peace of mind. I don't need to rehash the points already made on this string - suffice it to say, printing the Emergency Kit for someone to find after my death poses too many obstacles.

At $10 per year, I can hang on to Bitwarden for this functionality, and then just have my 1Password credentials within Bitwarden.

I used to have an individual 1Password account. I upgraded to a Family account specifically because of my concern about legacy access. Let me share with the group how I have configured my family account to handle legacy access:

1. I am a family organizer for my family account.

2. I made the executor of my will (she is also the successor trustee of my trust, and my designated power of attorney) a second family organizer.

3. I have shared a vault with her that contains just one entry: my email address and password.

4. In the event of my incapacity or death, my executor/trustee can use her authority as a family organizer to begin the account recovery process. And since she has access to my email account, she can can use it to reset my master password and secret key, and thereby gain access to all the rest of my vaults. Since I am notified via email of any attempt to begin the recovery process, I feel 99% confident that she will not abuse her family organizer powers while I am still of sound mind. (FYI, while I have 2FA enabled on all my other accounts, it is disabled in 1Password because I don't think it is necessary there, and therefore it does not interfere with this recovery process.)

It's not perfect. But is good enough for me. My master password and secret key are known only to me, and no one else. And it allows me to sleep well at night, knowing that in the event of my incapacity or death, the people with a need to know can get access to everything in all my vaults.

I hope this strategy will help others.

lopinc

Well my solution is to use LP until 1P implements it. :)
The history of security breaches of LastPass is a knockout criterion for LastPass. Even if it provides some very valuable feature, the service is simply not secure. It cannot be used, if you really value security. If I had been an LP customer, I would have canceled and deleted my account the day their last big breach became public a year and a half ago. No matter their shiny user interface.

The two workarounds 1Password provides by either printing emergency kit, password and mfa qr code or printing the recovery code and ensure you're not losing email access by also printing the email password and email mfa QR code of that might seem tedious, but this will work.

The problem is that the password service must distinguish the rightful owner of an account from an attacker who attempts account recovery using stolen information to gain access to the account. Today, common account recovery is performed by still having some secret, while other secrets have been lost or compromised. Legacy access for your heirs is no different. It's required the service distinguishes your heirs from some attacker who gained the same information that's available to your heirs.

Thanks folks I submitted the feature request. I really hope this is something we can excel at at after all passwords are very much a digital legacy.

Having skimmed through the white paper I don’t understand what is the problem with implementing the following scheme:

Assigning an inactivity period to a vault and a next of kin assignee who is part of the team/family.

Example of work flow:

1) Alice creates a family and shares with Bob their every day activities in a shared Vault
2) Either Alice or Bob invite their executor and lawyer Lawrence to their family. Perhaps even as a guest.
3) Lawrence signs up and creates his own profile along with secret key and account password
4) Lawrence is initially not given access to any vaults.
5) Alice assigns Lawrence as the next of kin on the “Shared” vault she and Bon share.
6) Alice chooses an inactivity period on that vault of 180 days. Thinking even a prolonged hospital visit of her’s where Bob is still alive and functioning and caring for her needs shouldn’t have him out of his 1Password daily activities for more than 180 days.

… after 180 days of inactivity
7) 1Password service does the same thing it would normally do to share the vault with Lawrence. The vault key is encrypted with Lawrence’s public key and he is granted access to the items in it.

Why is such a scheme so hard to implement? There is definitely no lack of interest and need for this feature.

EDIT: mildly infuriating is that this scheme is available today with a business account (for the event logs feature) and a kiddy script using 1Password CLI running on any cloud server or a few of them as the action itself is idempotent.

I agree this is a sticking point and it’s getting quite annoying that the most trusted and realiable and functional password manager in the industry doesn’t have anything of that nature.

Even an n-of-m scheme with the emergency kit would already be an improvement. Or a social recovery of sorts. But really a timed delay access granting feature would be the best. With an email alert to family organizers 24 hours before granting access to really verify the inactivity is a result of incapacitation.

I can't make any promises but I can say that we recently saw some interesting movement on a long requested feature. It (the other feature request) is not ready just yet but should be in the next month or so. I hope we'll see movement on the legacy access feature as well. Thanks for being such engaging members of the community.