family organiser - recovery weak point

I have a question about security related to vault recovery.

My understanding is that if someone can gain access to my email (as the family admin) then they can recover any of the family vaults. I know that email is essentially one of the most valuable assets to a hacker as, with it, they can initiate password recovery on websites etc.

That said, even if I take very strong measures to secure my email account, if someone who gets hold of my device they could access my email.

I'm very nervous about this. I'd like to dry-run recovery of a vault of one of my family members, because as I understand it, they will be notified of the recovery.

So I need your guidance.

1a. What are the steps needed to recover one of my family's vaults? I'm going to have my son create a new private vault as the test case.
1b. I'd like to do this with my son initiating so that is the real world scenario
1c. I'd like to recover it myself and see how he gets notified and how he can stop it

  1. What is the best practice for a family administrator to secure his/her email. I already use a secure password (stored in 1P) and also OTP (stored in 1P). My phone is Pin locked with FaceID. My Macs though? How to handle?

1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided

Comments

  • Matthew_1PMatthew_1P

    Team Member
    edited May 31

    Hi @blacknell, recovery can't be initiated from an email account; a family organizer must sign in to their account on 1Password.com first in order to start recovery. This means that you have the full protection of your Secret Key and Master Password — we aren't able to start recovery on our end because we don't know your Secret Key nor your Master Password. Only a family organizer can begin recovery, so if someone would like their account recovered they'll need to contact one of the family organizers for the account outside of 1Password. Following on from this, a family organizer that would like to have their own account recovered will need to contact another family organizer to go through the process with them.

    The whole process can be split into three stages:

    1. Initiating recovery (family organizer)
    2. Obtaining new sign in details (person having their account recovered)
    3. Completing recovery (family organizer)

    To initiate recovery:

    1. Sign in to your account on 1Password.com.
    2. Click People in the sidebar.
    3. Click the name of a person, then click Begin Recovery below the person's name.

    To obtain new sign in details:

    The person who is having their account recovered will receive an email after you initiate recovery with a link that will give them a new Secret Key and asks them to set a new Master Password. You'll always get a new Secret Key even if you knew the old one, but you can always choose the same Master Password during recovery.

    To complete a recovery:

    1. You'll be notified by email that a recovery is awaiting completion once someone has got their new Secret Key and Master Password. Click "Complete account recovery" in the email.
    2. A page will open in your browser with the person's details. Click Complete Recovery.

    Once you've completed recovery, the person that just had their account recovered should download their new Emergency Kit and sign in to their account again.

    Our support guide includes a video if you'd like to see the process visually before trying it out.

    As for your email account, it sounds like you're already taking the steps needed to protect it! One other thing to keep in mind is that you should only sign in to your email account (and for that matter, your 1Password account) on devices that you trust.

    I hope that helped answer your questions, but we're here for you if there's anything else we can do :chuffed:

Leave a Comment

BoldItalicStrikethroughOrdered listUnordered list
Emoji
Image
Align leftAlign centerAlign rightToggle HTML viewToggle full pageToggle lights
Drop image/file