I am not planning to die anytime soon, but sometimes things happen. Beyond securing my 1Password details in an Escrow account, or with a lawyer, or in a bank lockbox, does 1Password offer any means of allowing one or more designated member of the 1Password Families account to access the 1Password account in case of the primary owner's passing? Apple now offers the ability to add one or more Legacy Contacts so that in case of your untimely demise, an Access Key and a Death Certificate allows Apple to grant the holder of both of these to get a new Apple ID that has access to your Apple ID Account. It may be something 1Password wants to consider, though I realize that reviewing Death Certificates may not be on the high list of priorities for the team! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided

@ooglek We do not have any available options like what you're seeking. Well, short of sharing the Emergency Kit and password. I hope that will change. For now, I've shared my Emergency Kit with my adult children, and I keep my password secured in a safe (inside a sealed envelope), which will be opened when I pass. It's a grim subject, but you are 100% correct. It is one that needs to be addressed beforehand. I recommend ensuring anyone in a family membership has a secondary organizer. 🚑 Recover accounts for family or team members I went through this several years ago with my wife. We prepared using the above method. We thought I would be the first to go. That didn't happen. Life throws you those curveballs. I can let the team know this subject is also on your mind. ref: PB-37977565

As I age and see the disarray some family members have left for others, I want more and more not to leave a mess for my survivors. This is really, really important. If 1PW is not yet ready to implement a specific purpose-built program for this, I would really appreciate a comprehensive discussion on the website (not abbreviated in the Community) as to all the potential work-arounds we could use. It should be written for laypeople, and not laden with shoptalk.

Adding to this mountain of requests for legacy access. I use Simple Login instead of Fastmail for unique email addresses for every service so, on top of family not being aware of unique long passwords for every service, having MFA or a passkey for access- they won't even know what email address is being used for any given service. 1Password access after that bus finally catches me is going to be critical. That said, I'm hoping the legacy feature, if and when we get it, allows designation of a specific vault (or a tag/category) to provide access to. I'd like to be able to organize or some how specify which credentials should be shared if I'm snuffed out. I've got nearly 500 items in 1Password currently and I can only see that growing as time goes on and I use the tool for more and more items which I expect would be stressful, confusing, and exhausting to sift through when successors would need maybe a dozen or two credentials. I'd also prefer to keep things such as shared, work related, social media and other dumb things private and basically make it as simple as possible for less tech-savvy and unfamiliar people to get access to the few important things they'll need.

Hello! Just echoing this. I have been using LastPass because of their Emergency feature, and looking to potentially change to 1Password but this will be a blocker for me. Recently a close friend lost her husband unexpectedly and suddenly. She has had so many issues canceling subscriptions and having access to all the things he had access to. We don't want to think about these things, but I think inherently a Family account should be covering that for us. Knowing that my passwords are safe on a vault that my family can access if anything was to happen to me is really important. And the other way around! All the current solutions I see require a million things to setup and so many chances for frustration (no access to email, not sure which 2FA is enabled, etc.). Also, printing the page doesn't seem like a great idea considering 1Password principles: that basically gives access to anyone that finds the page very easily at any point. It's hard enough to deal with the grieve of losing a loved one, it would be great if products like 1Password prioritised making such a human and difficult moment an easier one. I'll remain hopeful to see a feature like this come into 1Password :)

Hi, I'm also interested a lot in this legacy/emergency access. Bitwarden and Ente have it. For now I'm forced to have this convoluted setup: - print the Emergency Kit, give it to family members - I use an open-source third party emergency access service (https://weexpire.org/) to E2EE encrypt a note with my 1Password master passphrase. With a 7 days wait time - it gives me a link (containing the encrypted note) and an access code that I put in an item "in case of emergency" in a shared vault with my family member/emergency contact When needed they open the link, provide the access code on the website, wait 7 days, re-open the link, get my master passphrase, use this with my emergency kit they already have to connect to my account. Clearly not ideal for ease of use

1Password Access after Death, Legacy Contacts

1P_Tommy
Moderator
9 months ago
Yes, you need to know the email account password and or have access to it no matter the method used. The email is one of the key details for the account.

https://support.1password.com/recovery-codes

When you use a recovery code:

You’ll need access to the email address associated with your 1Password account to verify it’s you.
...

https://1password.community/discussion/comment/711218/#Comment_711218

Both require access to the users email.
lopinc
Occasional Contributor
9 months ago
1P_Tommy That's unfortunate, so even in the Family account context it doesn't eliminate the catch-22 of needing access to the family members email password that's in their vault which is inaccessible without the email password. :)

I was confused by the statement here: https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest which said under the "Multiple Recovery Methods" section, "1. They won't need to wait on someone else to confirm their recovery" - I thought that could mean that as long as the family organizer doing the recovering verified the process, the family member being recovered wouldn't have to themselves verify. Thanks.
1P_Tommy
Moderator
9 months ago
No worries! It can get confusing especially around recovery and adding a new method. Recovery is one thing we want to ensure everyone understands vs. being in a very bad situation.

The statement above would have been from the viewpoint of a user self-recovering their account with a recovery code. The recovery code would take the organizer out of the picture (using the code). They (the organizer) would never know a recovery took place. Again, with the code. To be clear with a recovery code you would not need to provide it to an organizer expect in legacy type situation. At least, that is the only time I can think of you'd provide it to them. Even then, the organizer may not be the heir/executor in charge of your estate. In such a situation, the organizer would likely not need to know the code. Only the executor or some other person you feel comfortable leaving the details to would need to access it.

In an estate-type situation, the executor would likely receive the code with the will and other essential papers. They would also need to know the password to the email account to complete the recovery process.

I would summarize it like this (My description as I might relay it to my children, who are my heirs.)

Recovery code - Self-recover or estate situation.
Recovery from a Family Organizer - assisted recovery or estate situation.

Both recovery options would require access to the email address/account.
lopinc
Occasional Contributor
9 months ago
1P_Tommy got it, and yes please add me to the list of people who want a true "Emergency Recovery" type feature, which is hopefully even easier to implement now, thanks.
thedean
Contributor
9 months ago
lopinc

Please scroll up and read my post dated May 16. I discussed how to provide email access in the process I designed for to allow for legacy access to my 1Password account. For a family account, the process is pretty simple. Just set up a shared vault with your trusted family organizer that contains only my email address and password. That way, in an emergency, through the standard family recovery process he/she can easily gain access to all my vaults if necessary. Since my family organizer is a trusted friend, I do not lose sleep over them abusing my email account.

The process becomes a little more complicated if you have a individual account and a recovery key (and no shared vault). But in that case, you can provide your recovery key, email address and password to your executor, trustee or power of attorney in a legal document (like your will or trust) only to be used in the event of your demise.

In either case, no one else has access to your master password or secret key unless you become incapacitated. Neither process is totally perfect, but I don't believe in making the perfect the enemy of the good. I feel these two options are good enough until such time as 1Password provides a completely automated process.

I hope this helps,
Dean
1P_Tommy
Moderator
9 months ago
You're most welcome and I'd be happy to add your voice. It'll be there with with my own. :)
lopinc
Occasional Contributor
9 months ago
thedean thanks but my email is protected by 2FA so just the password wouldn't be enough (can't assume they'd have access to my authenticator app, what if my phone is lost with me). Also, what happens if the trusted person's 1P account gets hacked for some reason (trusting them doesn't mean they chose a good password and/or kept their secret/recovery key safe, etc).

The larger issue is that we shouldn't need these convoluted work arounds, 1P should ideally provide a true emergency-access-if-something-happens-to-me solution the same way LastPass does, and since recovery keys are now a thing, it's technically possible, it just has to be implemented. Hopefully they'll get around to it.
thedean
Contributor
9 months ago
lopinc:

I understand your concerns.

I too have 2FA on my email account. I use 1Password's plug-compatible authenticator in place of Google's authenticator. So, when I save my email address and password in a vault that my family organizer shares, she automatically get my email 2FA key as well. So 2FA is not an issue for me. And I actually prefer 1Password's authenticator over Google's because I think it is a lot easier to use.

I understand your concern about your trusted person's account getting hacked because of their carelessness with protecting their master password or secret key. But I would argue that if you are worried about that, then you have trusted the wrong person. Trusting a person means more than just trusting their honesty. It also means trusting that they have the capacity to properly safeguard the secrets with which you entrust them. If you don't have that confidence, then you should find another person who embodies both those qualities. Also, even if 1Password were to implement a perfect fully automated legacy system today based around the recovery key, you would still have the same problem if you didn't trust that person to properly care for the recovery key.

Finally, yes you are correct that the larger issue is that 1Password should provide an automatic emergency access feature. And as I said before, my short-term solution is not perfect. But I refuse to be paralyzed by inaction and not implement a good solution today because I don't have a promised perfect solution right now.

I hope this helps.
Dean
lopinc
Occasional Contributor
9 months ago
thedean what do you mean by a "plug-compatible" authenticator? Do you mean you're putting the 2FA seed in the vault?

In the way that LP implements it, you have a pre-defined amount of time to deny the emergency access request (x hours/days/weeks) that you can set before access is granted so that if the request for access isn't legit, you can deny it, so trust isn't an issue.

Well my solution is to use LP until 1P implements it. :)
thedean
Contributor
9 months ago
lopinc

Yes, you can put your current 2FA seed directly into 1Password and use it the same way you would use any other authenticator app (like Google, LastPass, Microsoft, etc.). I prefer it over other apps, because 1Password will auto-fill both my password and my 2FA code for me --- all hands free. You can find the documentation here: https://support.1password.com/one-time-passwords.

If LastPass works for you, that's great. I dropped LastPass when they got hacked. There is risk in every decision we make. We all have to make our own personal choice about where we land on the risk/reward curve.

Dean

Forum Discussion

1Password Access after Death, Legacy Contacts

Recent Discussions

Support for Zen browser

Merging Duplicated Password

Feature request: Default correct account for site when multiple exist

Username generator

1Password does not work with Safari profiles