Feature Request: 3rd Party Recovery Kit

Hi all,

I'd like to keep a copy of my recovery kit with my estate docs and other important papers so that my family can access my passwords if something unfortunate were to happen to me. However, it seems the recovery kit is meant more for me to recover my account (i.e. in case I forget the master password) rather than someone else.

Here's a feature that you might consider: 3rd Party Recovery Kits. The concept here is a printout similar to the existing recovery kit, with the following differences:

  • no master password (i.e. 2D barcode is sufficient to gain access). The reasoning here is that I should be able to change my "master password" without having to update the kits that I've included with my estate docs, etc, etc.
  • unique name / identifying number on each 3rd party kit.
  • ability to revoke access to any specific 3rd party kit. Useful if the sheet goes missing, etc.
  • ability to see if a 3rd party kit has ever been used to access the account. Basically, a big warning banner when I next use 1password saying "Hey! the 3rd party kit named 'estate docs' was used!"

For my.1password users:

  • a time-lock type setup where if the 3rd party recovery kit is used, rather than granting immediate access, my.1password instead sends me an email saying that access will be granted in a week unless further action is taken. Within that week, I can revoke the requesting 3rd party kit (and thus keep my passwords safe), or do nothing and after a week the system will honour the request.

Thoughts?

-- Andrew


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • BenBen AWS Team

    Team Member

    Hi @andrew_miklas

    This is definitely an interesting problem to analyze and try to resolve. We've had a number of conversations about it here in the forum. One recent example, which I think hits on most if not all of the points you've made, is available here:

    How to set up emergency access — 1Password Forum

    In particular... regarding wanting to be able to change your own credentials without having to update a paper document:

    By having your Emergency Kit or credentials in a vault that is only accessible to a guest account that you create, and then giving the Emergency Kit for those guest credentials to your estate lawyer/executor, you alleviate this problem. There really wouldn't be any reason to change the guest account credentials unless you change lawyers/executors, but in that case I'd imagine you're going to have some contact with the new folks anyway.

    And regarding notification of access to these items, if you set up the proposed guest account using an email address that you have access to, you would get an email notification when someone new logs in.

    As for the time-lock proposal the resistance to implementing something like that is that it may give a false sense of security / create "security theater." If you were to empower someone with the ability to do that whom you cannot trust they could wait until they know you're going to be on a week long vacation not checking emails to initiate the request. We would much prefer that any solutions we implement be backed by encryption, and utilized with people you trust completely.

    Ultimately I think there are some challenges here that are probably better addressed through non-technical solutions, but there are some ways in which 1Password can currently help with this sort of thing.

    Ben

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file