Feature Request: Emergency Access

cryptochromecryptochrome Junior Member

Dashlane has it, and I am missing this brilliant Feature in 1Password, now that I've made the switch.

What ist it?

Emergency Access allows people who do not have a 1Password account to request access to your account. Only specified people (email addresses) are allowed to request access. When the request is sent, the password manager will wait a pre-defined amount of time (1 day, 3 days, 3 weeks...) before granting the access. When access is requested, the account owner is notified about it, so he or she can deny the request.

Why is this important?

I think that is obvious. It's 2019, and we all have a massive digital footprint and legacy, that contains very important stuff like insurances, access to online banking and what not. In a catastrophic event (loss of life, coma, etc.), all this stuff can become inaccessible by family, which in itself can have catastrophic consequences. With Emergency Access, this can be prevented.


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @cryptochrome

    This is something that has been discussed a fair bit. The primary difficulty is that 1Password's security is based on encryption (not authentication) and we never have the keys to decrypt your data. As such we have no way to give someone access to your data. Generally this is considered a Very Good Thing(TM). But it does stand in the way of us implementing something like this. We can't give someone something that we don't have.

    I don't believe we've totally given up on the idea, but it seems there are some fairly significant challenges that would need to be overcome.

    Ben

  • cryptochromecryptochrome Junior Member

    I thought so. Would it be a different animal if the other user had a 1P account? In that case it would work similarly to sharing vaults, I guess?

  • If this is a concern for you and not just an intellectual exercise, I would suggest giving a copy of your emergency kit to your lawyer to be kept with your will, living will, power of attorney, etc.. The executor (or other responsible individual) would get access to this information only under the circumstances you predetermine.

    I would absolutely prefer that solution over hosting my access credentials with a company that has the capability to decrypt them. The next person to request access might be the CIA (or FBI, DHS, NSA, RCMP, CSIS, etc.), not my loved ones.

  • BenBen AWS Team

    Team Member

    @cryptochrome,

    While having an account that is part of the same membership would almost certainly be a requirement for any feature like this having that doesn't get us that much closer. Because we don't store your keys we have no way to put them into someone else's account. I'd have to agree with @gordcook's recommendations.

    Ben

  • cryptochromecryptochrome Junior Member

    Those are all fair points. I haven't thought about that at all.

  • BenBen AWS Team

    Team Member

    We'd love to find a more technical solution to this problem, but I think it is worth considering the above, at least in the mean time. :)

    Ben

  • Hello @Ben,

    Not being an expert on encryption, I am wondering how guys at LastPass keep it safe. They have such a feature called Emergency Access: https://helpdesk.lastpass.com/nl/emergency-access/

    At the bottom they explain how they encrypt the access for others in this solutions. Is there a way to implement such a feature in 1Password, because I am such a big fan I don't want to switch to LastPass :)

    And: if you guys are not able to implement this, how (un)safe is it to store my Master Password in a LastPass-account and only use this feature for real nasty situations? This is not a question to bash you, it's genuine interest in this subject!

    Thanks!

  • brentybrenty

    Team Member

    The key for us is never having the "keys" to any of our customers' data. That way we can't be used by an attacker to get into it, and that a rogue team member here couldn't either. But that means we don't have them to give to an "emergency access" contact for you either. So, at that point, you're talking about saving your account credentials somewhere for, say, your loved ones be able to get it -- and that can be your Emergency Kit, or account credentials in any form you wish, anywhere you choose; it's just a matter of what you choose.

  • cryptochromecryptochrome Junior Member

    I solved this for me by subscribing to the family plan and put my emergency kit data in a shared vault. Not very elegant, but it works.

  • brentybrenty

    Team Member

    I know that others do that as well. It's a very personal choice though. :)

  • I solved it by having a family member with recover powers and a shared vault with our email log ins, This would be everything either of us needed to get into the others accounts, without 1 Password having to compromise their security model which is what I would suggest many people love about it.

  • BenBen AWS Team

    Team Member

    Thanks for sharing your solution, @Zaka_7. :)

    Ben

  • As there's some curiosity about how some tools implement their Emergency Access models, I'll paraphrase how Dashlane describes their system, just for the sake of interest. I'm not saying it's good or flawed; I'll defer to the experts.

    A public key is created, encrypted in such a way that only the designee can use it to access my data.

    The data can only be decrypted by combining the public key (created by my request and assigned to my designee) and the private key to which my designee has access after permission is complete, which [the private key] is not stored on Dashlane's servers.

    I must log in to my Dashlane account at least once after my emergency contact has accepted my request. This is necessary for my data to be encrypted with the public key. Only then will my emergency contact be able to decrypt this in his Dashlane account.

  • BenBen AWS Team

    Team Member

    That sounds similar to what LastPass describes. Thanks for sharing @jimmyweg.

    Ben

  • Thanks, Ben. Just to add what the last step would be once the authority is granted, the designee logs on to his account and clicks the Emergency tab, after which the designee gains access. I'm a little hazy about the physical mechanics of how the private key is handled and used for decryption, but Dashlane seems to be saying that they never possess the keys. In simple terms, 1P's method of sharing seems quite clear, with fewer potential attack vectors.

  • brentybrenty

    Team Member

    From the description, it sounds like they necessarily have them at some point. It may be that the idea is that they are destroyed after the confirmation, but it does seem like there's inherently some risk there.

  • I am a longtime 1P licensed version user. I love 1P and rely on it as my only password manager for all of my passwords. However, I want my adult children to have emergency access to my passwords and secure notes if I go down in a plane crash or have a serious stroke. I have asked before about an emergency access feature for 1P and I have been told the same info provided above in this thread.

    So far, my solution has been for me and my adult children to each have Dashlane accounts for the sole purpose of using Dashlane's emergency access feature. My Dashlane account has only one item in it - a secure note with with three unlabeled strings of numbers, letters, and symbols. My children know what the first, second and third password strings refer to (one of them is my 1P master password), but they don't have access to my Dashlane account unless they request access and I don't say No within two days.

    I imagine if I had a 1P.com account I could put my 1P emergency kit in a Dashlane secure note, but I have tried 1P.com and I won't use it because the secret key has to be kept in my computer so I can paste it every time I clear my cookies, which I do every time I close my browser. Having to paste the secret key every time I unlock 1P is a bothersome extra step that makes 1P.com harder to use than the licensed version.

  • MerryBitMerryBit
    edited October 2019

    I'll add my low-tech implementation of emergency access here:

    https://discussions.agilebits.com/discussion/107409/storing-two-halves-of-emergency-kit-with-two-trusted-parties

    Print out your emergency kit and cut it into two halves vertically. Give two trusted contacts one half each. Neither contact will be able to use their half without the other. Short of collusion between the two contacts you should be safe.

  • ag_anaag_ana

    Team Member

    @fourwheelcycle:

    Thank you for the feedback!

    Having to paste the secret key every time I unlock 1P is a bothersome extra step that makes 1P.com harder to use than the licensed version.

    Is there a reason why you are not using your 1Password account in the app, instead than in the browser? If you use it in the app, you will not need to enter your Secret Key every time.

  • ag_anaag_ana

    Team Member

    That is a very interesting idea @MerryBit, thank you for sharing it!

  • You're welcome. It's not my idea though:

    https://en.m.wikipedia.org/wiki/Secret_sharing

    I just applied it to the emergency kit. 😊

  • ag_ana,

    I didn't know there was an app! Did it exist when 1P.com 7 first came out? I'll look again.

  • brentybrenty

    Team Member

    @fourwheelcycle: Our apps can be found on our website as always: https://1password.com/downloads/ :+1:

  • brentybrenty

    Team Member

    @MerryBit: Thanks! And you can certainly give parts of your credentials to different people now as well. :)

This discussion has been closed.