What do I do if somebody accesses my emergency kit with my master password and account key?
Let's assume I'm on vacation and my house is broken into and they clean out my safe which has my emergency kit. Am I just screwed at that point? They would be able to hijack my entire life. What could we do in that scenario?
This is obviously a great example of how 2FA would be useful when adding new devices/browsers.
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Sync Type: Not Provided
Referrer: forum-search:what happens if somebody accesses emergency kit
Comments
-
The thief would still need your master password, right ? Unless it's also kept in your safe alongside your emergency kit....
0 -
@watchmefalll Emergency kit has both Master and Account key. Currently mine just has account key but if I pass then my family won't have the Master...
0 -
Hi @JBallin - Knock on wood. I hope this never happens :+1: If anyone ever tries to access your account from a device not authorized, we send you an email with the IP address, date & time, and what type of device was used.
Let's say you came home and realized someone took the Emergency Kit from your safe, you can log into your account to generate a new Secret Key and change your Master Password. Again as I mentioned before, if someone tried to access your account from an unauthorized device, you will receive an email from us letting you know. I hope this helped a bit. Let me know if you have any additional questions. We're happy to help!
0 -
Master does NOT appear on my emergency kit. Thats the point of having both levels of security, NEVER keep them in the same place. Master is supposed to be the only password you actually have to remember, hence the name "1password"
0 -
@watchmefalll Sure but then you need to give your family members your master password in case you pass, which isn't ideal. Note that while it isn't auto generated on the emergency kit, there is a spot for it and is currently the recommended way to deal with with death.
0 -
I have no particular intention of dying just yet, however I've told my wife what my master is, just in case. By no means will I indicate my master on my emergency kit.
0 -
Right but I prefer not to give anyone my master password at all and as I mentioned, this is the method they recommend. Also what if both you and the family member with the master password pass at the same time?
0 -
Definitely a good discussion! If this is a concern, then definitely don't store both keys in the same location. You can keep your Emergency Kit, which lists your Secret Key, in one location and your Master Password in another location.
You're both killing my hand from knocking on wood too many times. I'm pretty superstitious about stuff like this. :lol:
0 -
@JBallin I use to keep my recover password for Dropbox on a sheet of paper (when I use to sync wit Dropbox), so how is this any different? I had 2SA on Dropbox, recovery password written down, and someone could break in and take it. Guess what, 2SA is now 100% useless at this point because a person had the recovery code and the password.
As @Frank said, keep the master password and secret key separated. I do this and it's just randomness at that point. I have no clues what that are for or anything.
0 -
@prime Good point about recovery code, I just wish there was a way to be 100% protected while having an "exit plan" if I pass but I guess that's still not totally possible. It's good enough but I think that this should be worked on. Even if my master and account key are in separate places that doesn't mean that somebody couldn't find both and get into my account.
0 -
@JBallin I get it, I really do. It took me a while to understand the secret password, and I wanted 2SA. I told Agilebits that I wouldn't use the subscription due to it, but I read all their stuff (and many posts on this site from me saying I wouldn't use it).
I feel safer with my master password and a 40 character long encryption key rather a 10-14 character recover code.
My emergency kit is just 2 pieces of paper and the secret password on one, and my master password on the other. They are both well hidden as well. Even if anyone saw them, there is zero connection to 1Password. I even thought of hiding the one paper at my parents house, just so the passwords aren't together at all.
I bet in time they will have more security, and maybe 2SA. I actually have confidence in them, and very happy with the subscription.
0 -
Great discussion! I have to say, I like the idea of keeping one of keys at a parents or another family member's house. Good tip Prime, I might steal that suggestion :wink:
0 -
I took a different approach. Because I found the notion of printing off the Emergency Kit a bit 20th century, I embedded my secret key into a very boring and long Word document where the secret key is listed as a reference number to another Word document. The document also contains several fake entries resembling my secret key, that all appear to reference other Word documents. This is one of a bunch of Word docs that I have stored in my mailbox. Should someone hack the mailbox, boring Word documents containing no credit\debit card info or log on credentials would not be what they were looking for.
0 -
That's interesting @TDK1044, thank you for sharing your use case. I really love this discussion! So you emailed the Word doc to yourself and it's stored within your email account in a folder. Just want to make sure I'm understanding you correctly. I'm assuming only your Secret Key is listed in the document.
Well this discussion also made me realize we need to work on a better solution for everyone but it's a tough one to solve. So it's great to hear everyone's ideas & suggestions. :+1:
0 -
That's correct, Frank. I e-mailed the world's most boring document to myself, with my secret key hidden within it and resembling other similar keys appearing to be reference numbers, and then stored it in a folder with other legit documents. :)
0 -
I appreciate the clarification TDK1044 and thanks again for sharing! I hope we keep the suggestions coming :+1:
0
