Where do you store your Master Password

I use 2 factor authentication for any service that supports it,and I noticed the several of them generate single-use "backdoor" passwords that they recommend for you to print out and store someplace secure. That's not a bad system at all.

To my knowledge, the way 1Password currently works precludes the existence of a backdoor password scheme. So I'm looking for ideas on how to insure myself against forgetting my master password and having to rebuild my 1Password Vault. I don't think that I'll every forget it, but let say I get hit by the proverbial bus and my relatives need to get access to it to settle my estate. What would be a good setup to give them access to my vault?

Please chime in with your ideas! It could be print and store, it could be to store it in another password manager, store it as encrypted text in Evernote, whatever.

Comments

  • hawkmothhawkmoth
    edited September 2014

    I couldn't find a thread here that I was remembering about how to construct a survival kit. But you aren't the only one to have thought about it. My master password is held in my spouse's 1Password database, and I keep hers in mine. Others have described printing the entire database on paper and storing it in a safe deposit box. That's probably a good approach, so long as your survivors can gain access to it.

    I'll post back if I can find that thread.

    Edit: Check this thread and the links it contains.

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    Like @hawkmoth, my wife and I each have each other's Master Password stored in the other's 1Password. Another great tip is the survival kit that hawkmoth mentioned.

    Mike Vardy made this and you can fill out the PDF then print it to store in a home safe or safety deposit box. Check out the 1Password Emergency Kit.

  • Actually this was one of the many reasons, I bought 1Password in the first place.
    I'm a consultant and for a long time I had a file in the safe at our notary with all the important passwords, note, contracts, etc.
    Now I store almost everything important in my 1Password and the file now contains only the contracts and a piece of paper with my master password.

    If that bus hits me, my wife knows where to find everything important, as well as a few last words :-)

    @chrisdj thanks for the emergency kit - I will update my paper :-)

  • @chrisdj‌

    my wife and I each have each other's Master Password stored in the other's 1Password.

    Call me a pessimist but this seems like a perfect recipe for one partner to completely screw the other over should there be a break down in the relationship. @Schulmeister‌'s idea of storing the password with a notary is a good one because they will only release it in specific circumstances.

  • chrisdjchrisdj AgileBits Support 1Password Alumni
    edited September 2014

    @Schulmeister‌ You're welcome!


    @RichardPayne‌

    Call me a pessimist but this seems like a perfect recipe for one partner to completely screw the other over should there be a break down in the relationship. @Schulmeister‌'s idea of storing the password with a notary is a good one because they will only release it in specific circumstances.

    Pessimist. :p

    In all seriousness, though, I guess that is dependent on the couple. That is a decision that is unique to each situation.

    My thoughts are that a couple that is secure together is secure together. ♥️

  • Security is only ever temporary. :-P

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    I'm out of catchy phrases until I refill my coffee. :)

  • Pah, amateur. Always have a coffee machine on your desk!

  • So I recently re-encrypt my 1Password vault shown here and my one fear now was remembering my new password. So what I did (not sure if this is a good idea) I still had my 2nd choice for a password manager. I put that on my phone and turned off all syncing so it was just on my phone. I used my old password for it, and that gave me access to my new password for 1Password. After a few times entering my new password for 1Password, I was fine.

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    Hi @prime,

    I'm not sure if there is anything particularly wrong with the approach you took. Our security folks tend to recommend just writing it down on paper and storing it in a safe place (like the emergency kit referenced earlier). The advantage here is that if you decide you want to destroy that piece of paper, it if quite easy to ensure its destruction.

  • benfdcbenfdc Perspective Giving Member

    My master password (along with my Dropbox account login) is in a sealed envelope in the safe deposit box that I share with my wife. There is another sealed envelope in the box that supposedly contains her master password, but of course I cannot be certain! Not as secure as third-party escrow, but as others have noted the important thing is to find an arrangement with which you are comfortable. One obvious risk with the "master password in the spouse's vault" approach is that, absent some other backup, it will be of no help if a mishap should incapacitate both spouses.

  • Hi @benfdc,

    Thanks for sharing your thoughts here. I'll admit, my husband and I share our Master Passwords the same way that @chrisdj and his wife do. Your statement of the obvious risk is clearly a good one to keep in mind. :)

    One obvious risk with the "master password in the spouse's vault" approach is that, absent some other backup, it will be of no help if a mishap should incapacitate both spouses.

  • benfdcbenfdc Perspective Giving Member
    edited October 2014

    The key phrase is absent some other backup. There’s nothing objectionable per se in storing other family members’ master passwords in one’s keychain. My wife keeps work-related passwords in hers, and she doesn’t think that her employer would approve of me having easy access to them. I would not object to her having my master password, but she thinks that it is fairer that we both play the game by the same rules. :)

  • benfdcbenfdc Perspective Giving Member
    edited October 2014

    I received an email from one of my banks this week with a link to this blog post about digital assets and estate planning. One thing that is stressed is the importance of cataloging digital assets and recording how to access them. Obviously 1Password can be of great help here. However, and apropos of this thread, it does raise issues about the prudence of storing other people’s master passwords in one’s keychain. For example, I have my sister-in-law’s master password and her Dropbox login in my keychain because I help her to manage that keychain, and because I am her "fail-safe" in case she forgets her password. If I should pass away, why should the executor of my will have access to my sister-in-law’s stuff?

    I guess I ought to have a talk with her!!

    Also, there are presently 1,343 items in my keychain, not including the contents of the trash bin. Without tags or folders to help direct an executor to items of particular importance, this could be something of a mess!

    One solution would be to have a separate "estate planning" vault, Keeping the estate planning vault in sync with one’s working vault could turn out to be something of a chore, but the multiple vault feature introduced in 1Password 4 could be a big help. Set up a separate Estate Planning vault, use an EstatePlanning tag to designate items that belong there, "share" all tagged items to that vault on a regular basis, and give your executor access only to the Estate Planning vault rather than your main vault. (Which vault you give your spouse access to is, of course, another matter entirely.) I think that 1Password is engineered in a way that would avoid the unintended creation of duplicate entries in the Estate Planning vault.

  • If I told you... well you know what I would have to do then. ;)

  • chrisdjchrisdj AgileBits Support 1Password Alumni

    @benfdc Just as a thought, but perhaps you, your wife, your sister, other relative should fill out and safely store the 1Password Emergency Kit I linked to earlier. This keeps you from having to store other's Master Password in your own vault, but also provides the "I forgot" failsafe and the survivorship concern. The key is that each of you needs to know that an Emergency Kit exists should the worst happen, so that can be accessed under that circumstance.

This discussion has been closed.