Recovery process when email address is unavailable?
I'm exploring possible situations where a recovery might be needed. Imagine that we have a fire in the house, assume that all of our recovery kits and computers are destroyed.
I will assume that one of the 1Password admins has their phone in their pocket, or has an off-site recovery kit and therefore has their account key, so I can now get in to my own vault.
However, how would I get family member Bob into his account? As an admin, I can do a recovery, but this requires access to Bob's email account and sadly both his phone and computer were destroyed, so Bob doesn't have access to 1Password or his email account's password and 2FA code (also in 1Password). Bob took contentious note of his email address recovery codes, dutifully noting them in 1Password (which we can't access) and in the fire safe with the 1Password recovery kit, which was tragically destroyed.
Is there any way to get Bob back into his 1Password account without access to his email address or both Account Key and Password? Can I change his email address?
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Comments
-
Hey @TheDave! That's certainly an interesting scenario. Thanks for asking about it. The simple answer to what you're looking for is an off-site storage place for the Emergency Kit with the Master Password written in it. You can even put it on a USB drive somewhere, perhaps in a safety deposit box. Account recovery was built to help you recover someone's Account Key and Master Password if they lose access to them, but there are limitations like this one — the email address for their account needs to be accessible. It's a challenge we have yet to think up a solution for, perhaps because there isn't one.
After all, from a security perspective, the system wants to make sure it's you who it's allowing to create a new Account Key and Master Password. You having access to something that is yours and verified on the account already — your email — is the best way to do that. Being able to change the email as the Family Organizer would be a security concern since you could get access to that member's Personal vault and that's their private vault, something they may not have expected you to access.
One thing you could do is use Google Apps for your family's email addresses. It'd give you a chance to reset their email password if you need to. It's more of an advanced solution, but this scenario is more of an advanced one as well, so it seems fitting. :) Let us know what you think!
0 -
I'm actually reasonably content with the current setup, it was more a case of "can I rely on this to protect my passwords against a malicious admin?"
I can solve the recovery problem for myself from a technical standpoint, and I'll make sure that everyone else knows how to avoid a chicken-and-egg situation.
0 -
I'd be curious to hear about the Malicious Admin scenarios you've got in mind.
Rick
0 -
I consider passwords to be quite personal, I do not and would not share my passwords with my spouse, nor do I expect similar. I don't expect the teenagers to store their passwords somewhere that the parents could trivially access either, and unfortunately teens typically (correctly) look at parents as security threats, but friends are often considered safe despite being transient, meaning that they'll often share passwords to certain types of accounts without realizing or understanding the ramifications of password reuse.
As far as malicious admins, I worry about a lot of things. I worry that someone will unlock their own account for one of the kids or a guest who will fall for a tech support scam or similar. I worry that someone will install a keylogger or similar on my spouse's machine and use that as an entry point to initiating a recovery of my account.
While it's not currently an issue, I also worry about the broader scope of what happens when a relationship ends. I've seen people hold former spouse's social media accounts hostage, shared Amazon and iTunes accounts are virtually impossible to separate.
There are also legal concerns. Your bank will treat fraud differently when you say "I have never, in my life, ever, shared my PIN or password with anyone" vs if you open a fraud report with "I violate the terms of service and law by sharing my PIN and password with my spouse and one time the kid, but you know, that's maybe probably not what happened this time".
I am contractually required to not share my work passwords with any other individual under any circumstance and could lose my job for doing so.
0 -
@TheDave It's definitely an interesting topic! In my mind, what it all essentially boils down to is trust. You could choose to only store all of your personal information and passwords in your own mind, but that doesn't necessarily mean you should trust yourself with that data. There are plenty of unsavoury methods that humans have practiced over millennia to coerce information out of individuals - and if you cannot even trust yourself with maintaining absolutely privacy and secrecy.
This then is the balance of any system that is designed to protect or secure, be it software like 1Password, or something physical like a lock - it's a balance between deterrence for an attacker, and convenience for the owner. 1Password is able to provide about the best level over coverage for both that's available.
In terms of deterrence, we use beyond-industry-standard encryption and security protocols for protecting our customers data. We're fully open about the security that we use - the core design of our system is described in detail in our security white paper, and we actively seek the input of the security community at all times. In terms of convenience, we have apps available for Mac, Windows, iOS and Android devices, as well as our web interface.
Anyone considering the usage of any security system and its features needs to consider trust as part of their evaluation; our open and honest approach to 1Password gives our customers the greatest affordance to build trust with a password manager. Ultimately what they do with their account (and the protections we provide them for their account, such as their Account Key and master password) is up to them, but it sounds like a security conscious individual such as yourself has things well in hand!
0
