Preparing for the inevitable: a specific vault for executors/successor trustees

CalfeeRider
CalfeeRider
Community Member

I've been a 1Password user since it first appeared on the Mac scene (and a Mac zealot since before the first Mac announced "It sure feels good to get out of that bag" onstage at the Flint Center in January, 1984).

My guess is that your team is in need of more support people with this sea change in your platform architecture, but you're to be congratulated for this revolution/evolution.

I signed up for Teams by mistake before Families actually was released; you were very kind to assist me in getting it changed to "Families."

I actually have 3 questions/comments:

  1. My family members include my wife, her two adult children, and my two adult children. One of hers and one of mine are designated as co-successor trustees/co-executors of our trusts and wills. I'm guessing that what I need to do is create a vault that they will gain access to upon both of our deaths by retrieving an emergency kit (paper printout containing access code and PW) for that vault. I'm uncertain, however, whether that vault should be/can be shared with them in some way that access to the emergency kit is required for them to gain access, or whether I should create an "executor" family member with an emergency kit for that family member that is stored with our will and trust.
  2. I do have a few secrets (don't we all) that none of my family members will ever need access to. My understanding is that if I move everything in my current local vault (synced to my other Macs and iOS devices via Dropbox) to my families "personal" vault, that if I leave my OWN emergency kit for my executors/successor trustees, they'll gain access to everything in my "personal" vault. That includes lots of stuff they have no need to wade through (business website logins, car racing and bicycle racing sites, exercise and weight loss sites, etc., etc.,) no legal right to wade through (logins to electronic health record systems at the hospitals where I practice; indeed, while these are currently encrypted and private to me, if they're discoverable by my heirs, accessing them might subject my estate to legal action as a breach of the HIPAA privacy and security rules), and those few items that I don't want them to have access to. That's why I think a special "executor" family member is the way to go, unless there's some way to trigger access for them to a vault within my own "space" upon the triggering event of my and my wife's death. Can you comment on that?
  3. Is there some way to have "stuff" that I'll want to share with my executors on my death automatically synced from my "personal" vault or a vault shared now only with my wife synced into a repository (separate "legacy" family member or shared vault that they can't get access to without my wife and me dying first), so that when I change bank accounts or passwords for a few credit cards in my "personal" family vault or my local individual vault those changes synchronize to the vault the executors will need one day?

Sorry to be so wordy. I just want to get this right.

And I'm in 125% agreement that there should be "read-only" access to shared vaults. I don't want a family member to accidentally sever my access to Netflix!


1Password Version: 6.0.2
Extension Version: 4.5.3
OS Version: OS X 10.11.3
Sync Type: Dropbox, and 1PW for Families

Comments

  • Ben
    Ben
    edited March 2016

    Hi @CalfeeRider,

    Thanks for taking the time to write in on this important subject! Something we don't really want to have to think too much on, but definitely very helpful if it has been thought of when the time comes.

    but you're to be congratulated for this revolution/evolution

    Thank you. :)

    I should create an "executor" family member with an emergency kit for that family member that is stored with our will and trust.

    If you want them to have access only when the need arrises, then yes, this would likely be the best solution currently. At present there isn't a feature that will grant access of a vault to an account (or accounts) when certain conditions are met. They would either have to be manually added by an administrator of the family account, or login as a user that already has access. Speaking of administration of the family, since we're talking about morbidity, have you planned for administrative credentials for the 1Password for Families account to be available to someone else? Something to think about, if not.

    if I leave my OWN emergency kit for my executors/successor trustees, they'll gain access to everything in my "personal" vault.

    Correct. From your description I don't think this is the direction I'd recommend.

    (logins to electronic health record systems at the hospitals where I practice; indeed, while these are currently encrypted and private to me, if they're discoverable by my heirs, accessing them might subject my estate to legal action as a breach of the HIPAA privacy and security rules)

    This is an interesting dilemma. As a healthcare provider myself (EMT), with access to patient records, you've got me thinking. :)

    On first scan of your post I thought you were concerned about your family members accessing your personal healthcare records being a possible breach of a HIPAA rule, which I don't believe is a concern. Obviously you simply may decide you do not want your estate to have that information, but I do not think there is any violation if you choose to make that information available to your heirs. Of course, "I am not a lawyer," and I only include this information for anyone else reading, to possibly spike some curiosity.

    That's why I think a special "executor" family member is the way to go

    I think this sounds like a reasonable approach. For me, I'll likely just set up an "executor" vault, which the appropriate people will always have access to. I trust them enough to not take advantage of any information there before it is needed. But every situation is different, and a separate "executor" account within your family may make sense. Do note though that you will still need a separate vault, which both you and the executor account have access to, as you will not be able to access the executor account's "personal" vault from your account.

    unless there's some way to trigger access for them to a vault within my own "space" upon the triggering event of my and my wife's death.

    As I mentioned briefly above we do not currently have such a feature, but with one of the ideas around 1Password for Families being the ability to make this whole unpleasant process easier that is certainly something we could look into for the future. Obviously if it were to be something we were to offer we'd need it to have a reasonable level of security, such that it would be difficult to "spoof" someone's death, but also such that we aren't manually processing death certificates etc. ;)

    Is there some way to have "stuff" that I'll want to share with my executors on my death automatically synced from my "personal" vault or a vault shared now only with my wife synced into a repository (separate "legacy" family member or shared vault that they can't get access to without my wife and me dying first), so that when I change bank accounts or passwords for a few credit cards in my "personal" family vault or my local individual vault those changes synchronize to the vault the executors will need one day?

    I believe the best way to handle this would be for you to create an "executor" vault which three accounts have access: you, your wife, and the executor account.

    And I'm in 125% agreement that there should be "read-only" access to shared vaults. I don't want a family member to accidentally sever my access to Netflix!

    Understood! As you've probably seen if you've spent any time on these forums we've received a fair amount of feedback on that request. :) Our developers are definitely looking into the possibility.

    I hope that is helpful! There isn't necessarily a one size fits all answer, but I hope I've given you enough information such that an informed decision can be made. Of course if you have any follow up questions or feedback please feel free to write back.

    Ben

  • CalfeeRider
    CalfeeRider
    Community Member

    Thanks so much for the detailed responses. Looks as though I'll need to think of a better name for the "executor" vault, because for the immediate (and I hope relatively long term future, it will be what I use to access passwords for all my routine financial transactions).

    As far as the HIPAA implications are concerned, my worry is that whomever has access to my own primary vault could actually log in as me to the EHR of the dialysis centers where I see patients as well as one of the three hospitals where I see patients (the other two require two-factor authentication for access). I'm sure that my wife and kids wouldn't do that, but even the possibility that they could, coupled with the fact that I'm acknowledging I know of the risk could subject me to fines of $1,000 per day for each patient of mine who would be at risk for breach of PHI.

  • You're very welcome!

    And I understand the HIPAA concerns. I have yet to set up my own "executor" vault, but now that you've pointed this out I realize I will certainly have to. Leaving behind my own emergency kit (my original plan) will not be an acceptable solution. So, thank you for your insight here.

    Ben

  • CalfeeRider
    CalfeeRider
    Community Member

    bwoodruff said:

    "Speaking of administration of the family, since we're talking about morbidity, have you planned for administrative credentials for the 1Password for Families account to be available to someone else?"

    Just to make things clear, if I do that for the "executor" virtual family member, and put the emergency kit for that person with my will and trust original documents, will the administrator become able to comb through my and my wife's private vaults after our deaths?

    Bottom Line: what I'll need to do now is create a vault that I share with my wife and the "Executor" virtual person (access to that member becoming available to our "in the flesh" executors once they pick up our original documents after we die. In the meantime, each of them will have their own family membership so hopefully they'll be up-to-speed 1Password members when that access is needed. They'll use the Emergency kit for "Executor to trigger that access, and that will give them access to the shared vault that I'll create NOW for all of my day-to-day bookkeeping (paying bills, reviewing insurance statements,_ etc., etc._.

    Thanks again for all your help.

    Oh, and given your EMT status, you might want to take a look at a book entitled "1000 naked strangers."

  • Just to make things clear, if I do that for the "executor" virtual family member, and put the emergency kit for that person with my will and trust original documents, will the administrator become able to comb through my and my wife's private vaults after our deaths?

    The short answer is no. Being an administrator ("owner") does not grant you access to anyone's personal vaults. Each account's personal vault is only visible when logged in as that account. This is why I mentioned that you won't be able to use the "executor" account's personal vault for your purposes (it won't be accessible from your account).

    The longer answer is that owners technically have the "keys to the kingdom," as it were. They have to in order to be able to perform account recovery should someone forget their Master Password or lose their account key. Policy makes it such that data that they aren't explicitly granted access to is not available to them, but if they were somehow able to get the encrypted data they would have the keys to decrypt it. Note that we're talking about a malicious owner at this point who is explicitly trying to do something they know they are not supposed to, not a casual accident. Someone would have to find a way to break the policy that prevents them from accessing other people's data, which thus far (as far as I know), no one has been able to do.
    In addition if an owner has access to your email account, they can perform recovery on your account, completing both halves of the process (normally the owner initiates and the user completes -- but with access to your email they can also complete the process). This would allow them to reset your Master Password and Account Key. So if you do not want them to have access to all of your other data, do not give them access to your email account that is associated with your 1Password account.

    I'll check out the book. Thanks for the recommendation!

    Ben

  • RonHeiby
    RonHeiby
    Community Member

    This has been an interesting thread, and answers some of the questions I have also had. I'll certainly be creating an "executor" account when I sign up. But let's say that all of the above is done. It seems to me that we are postulating not creating an emergency kit for the actual owner of the account. My thinking is that once I die, the executor of my estate gains access to my house and my safe deposit box. If I create an emergency kit for me, the executor will have access to my emergency kit stored in either location. And, if I don't want my executor to have access to my personal vault, who would I choose to hold a copy of my emergency kit? Seems like the bottom line is that I don't create one and so do not have the benefits of having it.

    Another option? Right now, I have a 1Password vault sync'd across my devices via Dropbox. It has a master password. Is there any reason why its master password has to be the same as the master password for my access to my Families vault(s)? Although I don't see anything explicit in the documentation pages I've found, I am picturing myself going through these steps:

    1. Sign up for Families and get appropriate credentials
    2. Via the web site, establish myself with an entirely new master password
    3. Open 1Password on each of my Mac, iOS, and Android devices, using my existing (at time zero) Dropbox-sync'd vault's master password
    4. On each device, go into settings, Teams, and add my Family credentials and my Families master password
    5. Exit the apps
    6. Open 1Password on any device, using my existing (at time zero) Dropbox-sync'd vault's master password
    7. See that all of my entries are there, plus any I have moved / copied to a Families vault
    8. Move everything that my wife or executor would need to a shared vault
    9. Move everything that my wife would find convenient to a (perhaps same) shared vault
    10. Move everything that my wife or executor wouldn't care about, but is not super confidential (like access to others' medical records or that recipe I'm taking to my grave) to my personal Families vault
    11. Leave everything that I never want anyone else to have access to (like that recipe) in my Dropbox-sync'd vault
    12. "Profit!"

    I think this handles everything, lets me have an executor emergency kit for their needs, lets me have an emergency kit for my needs (knowing that even with that, my recipe is safe), and for the recipe, it's status quo ante with me having to trust my memory or a hidden piece of paper, because there is no emergency kit for the Dropbox-sync'd vault.

    Right?

  • It seems you've thought this out, @RonHeiby. I don't see any difficulties with your approach. And no:

    Is there any reason why its master password has to be the same as the master password for my access to my Families vault(s)?

    You are correct, it does not (mine isn't).

    That said, I don't claim to be an expert in this area, but couldn't you put a request in your will to have your emergency kit destroyed? Obviously there wouldn't be anything technical preventing whoever had that document from accessing your account, but I would think & hope that if you laid out explicit wishes that your account not be accessed and that the executor account be accessed instead that should be honored.

    Ben

  • RonHeiby
    RonHeiby
    Community Member

    Thanks for the quick response. Interesting idea about instructing that my emergency kit be destroyed. I'll have to think that through.

  • HalfBekend
    HalfBekend
    Community Member
    edited March 2016

    Interesting discussion.

    Suppose there are people interested in becoming family team members that have not been using 1Password before. The question is if such people would need to buy regular non-Family team licenses to use the personal vaults with Dropbox syncing as proposed by RonHeiby.

    The solution also works on the presumption that future versions of the apps keep the option to use both personal vaults with Dropbox syncing as well as Family team vaults.
    Obviously, in future this may then also lead to the need to have licenses for everyone and every platform used for vaults in Dropbox syncing as well as a sufficient number of Family team members.

    By the way, it seems to me that as an emergency kit for Ron is made in RonHeiby's proposal, the recipe under item 10 is not really taken to the grave if that emergency kit is abused in case of death. Only items in the Dropbox synced vault are taken to the grave.
    It is possible to save the emergency kit for RonHeiby's Family team account in the Dropbox synced vault to solve this.
    To always maintain access to the Family team vaults, apart from using the Emergency kit in the Dropbox synced vault, access can be restored by another Admin or Owner resetting the password. Thus there are 2 options to restore access to the Family team vaults of Ron in case he forgets to die :)
    Obviously, this does not hold for the Dropbox synced vault, but that never was possible in the first place as Ron also acknowledges.
    Placing the Master password of the Dropbox synced vault in the Personal Family team vault, seems to be a risk if the Administrator (or Owner) gains access to the email address to which the reset email for the Family team vaults of Ron is sent and seems to be a bad idea.

  • williamporter
    williamporter
    Community Member

    Wow! This is a really interesting thread with lots of thoughtful posts. Thanks to the OP and everybody else. I'm bookmarking this one.

    Will

  • @HalfBekend,

    I think one of us is misunderstanding RonHeiby's approach. To me it doesn't seem the family members / executor would need access to the vault in Dropbox. Maybe I misread?

    But in any event at present adding a 1Password for Families account to 1Password unlocks all of the features. It is equivalent to adding a license. It is possible that will change in the future (though I'm not aware of any plans for that), but the apps will always be included for the purposes of accessing your Families account.

    Thanks.

    Ben

  • HalfBekend
    HalfBekend
    Community Member
    edited March 2016

    @bwoodruff
    I think we are understanding it the same way: the family members/executor would not need access to the vault in Dropbox: actually that is the beauty of Ron's proposal.
    But Ron would and for the same reason one would want to have an emergency kit for the vaults in the Family account, Ron would want a means to regain access to his vault in Dropbox in case he forgets his password for whatever reason.
    Such reasons obviously can be manyfold.

    Suppose one would print out the master password for the Dropbox vault and hide it in a very good place: if your memory fails and you forget your Master password that you probably have been using extensively, you might also forget where you have hidden the print out.
    And if you would store the print out in an obvious place like a physical vault, you might forget the keys or the combination of that physical vault.

    Would a biometrics identity check work? As long as the iPhone has not been switched off, the vingerprint scanner provides access to the 1Password vaults. :)
    Sounds as a nice solution but you still need access to your iPhone.

    Does the biometrics information used by Microsoft Hello leave your devices? If not I guess the Hello-feature by Microsoft is currently the best option because as far as I know, it does not require the device to stay turned on to log into your Microsoft account. This would obviously also require unlocking the 1Password vaults with biometrics. Is unlocking the 1Password vaults with Microsoft Hello a supported feature in the 1Password app for Windows 10? That would be awsome.
    I don't have numbers on how secure biometrics are compared to really good passwords / pass phrases that humanoids, especially those that have grown very, very old and face the inevitable, can remember. However as people get older, I imagine the balance shifts to biometrics.

    But thinking ahead: if biometrics would work, would the whole principle of the emergency kit for the Family team vaults or even resetting a password requiring access to your email account to receive the reset email not be superfluous or outdated and make that Ron's proposal can be even further optimized?

  • RonHeiby
    RonHeiby
    Community Member

    I have known people with Alzheimer's and other forms of dementia. I thought about that when considering the written master password for my Dropbox vault and the possibility / likelihood of forgetting where I put it if I were in a state where I forgot the password itself.

    We are postulating that I have successfully maintained all of the entries that anyone else would have any reasonable need to access in the appropriate Family vaults, and it's only the stuff that they should not be allowed to see that would be in the Dropbox vault.

    I have come to terms with the idea that if I forget the master password and where I put the paper copy due to dementia, I'm probably not going to be needing any of the information I've saved there.

    My experience with dementia in others is that it generally comes on over a span of time. I think it likely that this would be noticed before it got too out of hand, and I would have another chance to review the Dropbox vault and see if anything there should be "promoted" to the Family vault before I completely forgot how to access it.

  • williamporter
    williamporter
    Community Member

    @RonHeiby: Dealing with my elderly mother's dementia right now. She knows who I am but otherwise doesn't know where she is, what day it is, what's going on. Yes, it comes on gradually. In fact, my memory is getting iffier each year and I'm not officially "old" yet. But my mother's memory crashed on June 1 last year when she had seizures. Luckily by that time I was taking care of her affairs and already had all her passwords and accounts in a 'Mother' vault in 1Password.

    But it's not just memory loss you need to worry about. There's the very real risk of, erm, getting hit by a meteorite.

    Will

  • RonHeiby
    RonHeiby
    Community Member

    Thanks, Will. Sorry to hear about your mother. I was taking care of my father's affairs for a few years. (Actually, I'm still winding down a few things.)

    I have also come to terms with being unable to access my vault if I am hit by a meteorite. :-)

  • williamporter
    williamporter
    Community Member

    @RonHeiby says:

    "I have also come to terms with being unable to access my vault if I am hit by a meteorite. :-)"

    Heh, true dat. But what I was thinking was, if I get hit by a meteorite, it might be a help to somebody ELSE (wife, surviving daughters) if I've left access to my accounts. I haven't actually taken care of this yet; but I hope to in the next couple of months. Perhaps the solution is to leave my emergency kit in a bank safety deposit box that my survivors can get into.

    This thread has really gotten me thinking even harder about these interesting questions. Thanks again to the OP for starting it!

    Will

  • HalfBekend
    HalfBekend
    Community Member
    edited March 2016

    Now I am lost.
    To make sure we all have the same version of the proposal in mind as there are several options. Here is the outline. Sorry it is lengthy…

    • Membership for you to a Family team is arranged (1st Master Password)
    • Personal Dropbox Vault arranged (2nd Master Password)
    • 1st Master Password differs from 2nd Master Password
    • at least two people are administrator or owner of the Family team
    • shared LIVE Family vault:
      o items that you already need while living and need to share with for instance your wife and that she will need after the inevitable happens are stored in a shared live Family vault (example: login items for the energy provider to your house)

    • unshared PERSONAL Family Vault:
      o All items that you need as long as you live and function and that others don’t need (example: see below)

    • Unshared PERSONAL Dropbox Vault:
      o All other items that you want to keep secret and should not be shared with anyone in any circumstance (secret to the grave)
      o (this vault holds a copy of the emergency kit for the Family membership account OR (read AND and OR) the login credentials of the email account a reset email will be sent to if your Family team membership is reset)

    • unshared PERSONAL email account:
      o Login credentials are secret and not stored in any shared vault. However: a copy in the unshared PERSONAL Family Vault does not hurt. Attention needed to keep it in sync with the login credentials in the PERSONAL Dropbox vault manually.

    • Biometrical access to the unshared PERSONAL Dropbox Vault is arranged (Fingerprint on iPhone OR if that is already supported biometrics in Microsoft Hello)

    Options
    Option 1: emergency kit for your membership is stored somewhere with the intention that it be be found
    This means that your unshared PERSONAL Family vault may (will) be accessed by others. Shared LIVE vaults will also be accessed by whoever find the emergency kit. It you share data with your wife but someone else finds it, this may be undesired.
    A shared EXECUTOR Family vault is not needed: the emergency kit already gives access.

    • Unshared PERSONAL Family vault
      Example content: login credentials you need for work and don’t give liability problems (see CalfeeRider item 2)

    Option 2: emergency kit for your membership is stored such that others will (virtually) never get access to it. A shared EXECUTOR Family vault makes sense.

    • shared EXECUTOR Family vault:
      o All items that an executor need access to;
      o An emergency kit for the shared executor Family vault is stored such that it is found after the inevitable happens, for instance it is kept together with your will (example: login credentials for a bank account). Only then the executor will get access to this vault the first time;

    • Unshared PERSONAL Family vault (see above)
      Example content: all login credentials you need for work

    Options independent of Option 1 and 2
    **- Option A: a copy of the Master Password for the Dropbox vault is not stored anywhere

    • Option B: a copy of the Master Password for the Dropbox vault is stored in a safe place with the intention that it will under no circumstance be found by anyone else.**

    @RonHeiby
    I agree: there is an end to everything and this arrangement is already very, very good. That said, if Microsoft Hello biometrics is not supported yet, such support would make it even better.
    Why? There are many forms of memory loss (having an accident, dementia or simply forgetting something): there are numerous people that forget a password they have been using several times a day at work after their holidays according to the IT dept.
    Recently, somehow my keyboard settings had changed. I could not get access after typing my password several times. Somehow I got uncertain and started doubting the relative order between parts of the password …
    (further I am perfectly sane, at least I believe so ;) ).

    @williamporter
    I was on the line of Option 2 (with shared EXECUTOR Family vault) and Option A. It seems you were in the line of Option 1.

    However, if you go for Option 1, there may be an alternative (Option 1a): you choose who may get access to your Family vaults and make that person one of the Administrators or Owners. You also make sure that person receives your login credentials of your email account in emergency cases (and not sooner than that). In this alternative you don’t store the emergency kit of your Family membership account somewhere to be found. This way you can choose who can get access to all your Family vaults …

  • RonHeiby
    RonHeiby
    Community Member

    I'm thinking that the main reason for establishing an "executor" user on the Family account is so that they don't need to wade through a bunch of crap that will not help them wind down our affairs. Examples:

    • Bank and Credit Card Information - Goes into a "Financial" vault, shared with my wife and "executor". Maybe it should even be called "Executor", since I'm thinking of non-financial things to go into it. (I hope vaults can be renamed, since I already created "Financial".)
    • GVC, Amazon, Barnes & Noble, and other stores - Goes into a vault shared with my wife, maybe the full "shared" vault, and we just tell the executor that they probably need nothing that's stored in there.
    • Slashdot, Ars Technica - My wife doesn't care and my executor shouldn't, so Unshared Personal Family vault.
    • Liability issues, etc. - Unshared Dropbox vault

    That leaves a few things that I haven't come up with a good decision on, including:

    • Yahoo! Account Credentials - I'd probably say that they can go into my Unshared Personal Family vault, except that the same credentials control access to a bunch of my photographs, some of which might be interesting to my family at some point and will likely be lost when the credit card paying for my Pro account gets cancelled. So, maybe in a vault shared with the executor with information in the Notes as to why it's there.
    • Google Account Credentials - Really leaning towards Unshared Personal for this, but it also has the photos issue. However, I think that Google has a system where you can set up rules like, "If I don't access my account for some time T, make my photos, docs, etc. available to this designated person. I need to research that, as it might be a better way to go than sharing it with the executor. OTOH, if I'm just incapacitated for a while, maybe I don't want Google's dead user criteria to be triggered. My head hurts. :-)
    • Monthly Farmer Produce Delivery - We get a box or two of fresh produce delivered to our door about once a month. If my wife and I are dead, it would be courteous for someone to cancel the account. So maybe in a vault shared with the executor. OTOH, that person's going to have a lot of other work to do to deal with things, so maybe I shouldn't add this kind of minor crap to the load.

    Maybe the solution on the photos is just to be sure that I've got everything backed up on my Drobo, and my iMac login / password are included in the executor vault. Of course, that photos solution means more work for me, that I should be doing anyway. Photos I take with my DSLR and are imported into photo software on the iMac get automatically uploaded to Google, but photos I take on my Nexus 6 go to that photo library on Google, but not automatically down to my iMac photo software. Hmm.

    And, since I use Quicken, a text file with instructions on how to fire it up, where to find the documentation, what the Quicken Password Vault password is (which, now that I think about it, should have more entropy) should also be in there.

    So much to figure out and then execute! I think the 1Password Family product makes some thing possible / easier, though.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Wow! What an awesome discussion! It's given me a lot of great ideas, and I have no doubt that others will benefit as well. Thanks for sharing all of this. :chuffed:

    I have come to terms with the idea that if I forget the master password and where I put the paper copy due to dementia, I'm probably not going to be needing any of the information I've saved there.

    @RonHeiby: No kidding! And while it may not be possible to account for all contingencies, I'm glad we're having this discussion, since it makes us all think about the "what if so-and-so might need that..." scenario too.

    As far as your Yahoo, Google, and Produce Delivery examples, my approach is to share everything from beyond the grave unless there's a specific reason not to. I certainly can't imagine every scenario, and with the exception of certain things that I know I don't want anyone to have access to, I'll furnish the rest, just in case, rather than driving myself crazy. But this is a super-personal decision that we all have to make for ourselves. That just happens to be mine. ;)

    Would a biometrics identity check work? As long as the iPhone has not been switched off, the vingerprint scanner provides access to the 1Password vaults.

    @HalfBekend: Biometrics are somewhat problematic. While they certainly can be more convenient to use (when they work, that is), it's also possible for them to make us less secure, since we could be "compelled" to provide biometric data in certain circumstances.

    Additionally, biometrics should never be the sole means of accessing your vault, since they aren't binary. A Master Password can be entered exactly the same as many times as is needed, but biometric data, even with a great technology like Touch ID, is not always going to be identical. I know I'm not the only one who has to enter my iPhone passcode when it's too cold...or my Windows password when I've had a particularly rough day and I ain't pretty no more. Something to consider.

    Does the biometrics information used by Microsoft Hello leave your devices? If not I guess the Hello-feature by Microsoft is currently the best option because as far as I know, it does not require the device to stay turned on to log into your Microsoft account. This would obviously also require unlocking the 1Password vaults with biometrics. Is unlocking the 1Password vaults with Microsoft Hello a supported feature in the 1Password app for Windows 10? That would be awesome.

    The 1Password for Windows 10 beta app has supported system consent verification (which includes Windows Hello and many fingerprint readers) since late last year. It can be enabled in Settings > Options. This data is also stored only locally on the device.

    That said, if Microsoft Hello biometrics is not supported yet, such support would make it even better. Why? There are many forms of memory loss (having an accident, dementia or simply forgetting something): there are numerous people that forget a password they have been using several times a day at work after their holidays according to the IT dept.

    That's a great point! But again, while these options are great to have from a convenience standpoint, and in these examples they are implemented well, it's important to keep the risks in mind as well. I don't want someone to be able to get into my vault using Windows Hello when I fall asleep on a plane just because I happen to be looking like myself that day. :pirate:

  • HalfBekend
    HalfBekend
    Community Member

    @brenty Good point about the above of your sleep. But eh, don't pirates sleep with one eye open?

  • sbamberger
    sbamberger
    Community Member

    @bwoodruff Add my voice to the list of people who would like an electronic means of designating an executor (e.g. allow an executor to request access which is granted after a certain period of time unless denied). To me, this is the feature that truly turns your families offering into something meaningful for families (as opposed to just a bulk purchase with some shared vaults capability). When you add that feature, I'm a buyer. Thanks!

  • @sbamberger

    Thanks for the feedback. Unfortunately the problem with a solution like this is that is requires that we (AgileBits) have access to your data. We can't give someone something that we don't have. And we don't have or want access to your data. If we had such access we could be compelled to give it to someone else.

    I can definitely see the value in such a feature, but I'm not sure it would align with the model we have. I think there have been a number of interesting ideas presented here that might address such a need without having to have AgileBits have access to your data.

    Ben

  • AGAlumB
    AGAlumB
    1Password Alumni

    @brenty Good point about the above of your sleep. But eh, don't pirates sleep with one eye open?

    @HalfBekend: Shh! ;)

    @bwoodruff Add my voice to the list of people who would like an electronic means of designating an executor (e.g. allow an executor to request access which is granted after a certain period of time unless denied). To me, this is the feature that truly turns your families offering into something meaningful for families (as opposed to just a bulk purchase with some shared vaults capability). When you add that feature, I'm a buyer. Thanks!

    @sbamberger: Just to expand on what Ben said, this is precisely the difficulty: in either case AgileBits would have to be able to access people's data to furnish it, whether it be to your loved ones or governments. And while the former is something we'd all like ideally, the latter is almost certainly not; but enabling one enables the other.

    Ultimately the only way around this is for the individual to prearrange for their beneficiaries to have the tools they need to access it. In order for us to give someone the keys to your data after a specified period of time or something similar, we'd have to have them to begin with. We at AgileBits are committed to helping you keep your data secure, and the flip side of that is that only you have access to in, and therefore only you can grant someone else access.

  • sbamberger
    sbamberger
    Community Member

    @brenty @bwoodruff Thanks for the thoughtful response on this issue. Given the current media attention to the privacy/security/encryption issues facing "another major tech company" :) your comments are appropriate and well-taken.

    I still think that some electronic solution needs to be part of the future. Just to brainstorm, my executor needs two keys -- one to "access" the vault and one to "decrypt" the vault. You store the access key but not the decryption key. If someone tries to use the access key, there's a notification sent to me, and if I fail to respond, the door opens for the user to enter the decrypt key. This would seem to solve for most of the cases other than the malicious hacker-executor (and once I've chosen that guy as executor, all bets are off anyway).

    I realize not a perfect solution, but I'd still challenge the team to find technical ways of solving this problem other than a piece of paper stored with my will. That doesn't meet my security test either, and it provides barriers for my loved ones when I want things to be as smooth as possible for them.

    Thanks for continuing to make great products and engage so thoughtfully with the community.

  • Thanks for the feedback, @sbamberger. We haven't give up on the idea, and agree it is an important topic. Hopefully this is an area in which we can continue to iterate. :)

    Ben

  • HalfBekend
    HalfBekend
    Community Member

    @sbamberber @bwoodruff @brenty
    For me the whole point of 1Password being safe no matter what outweighs the function to enable an executor.
    Prearranging things outside of 1Password is preferred over introducing risks to enable an executor from my point of view such as in @sbambergers proposal.
    Thus, risks involved in enabling an executor would probably make me walk away from 1Password.

    Having it as an option is sort of problematic. I would like to be able to trust 1Password without having to make all the security considerations myself: that is way to complex. If selecting options would compromise safety, this would certainly lower my faith.

  • Megan
    Megan
    1Password Alumni

    Hi @HalfBekend,

    I would like to be able to trust 1Password without having to make all the security considerations myself: that is way to complex.

    I am with you 100% here. Security software is always working to balance two very different factors: security and convenience. The most secure software ever isn't going to be used by many people if it's so complex that they can't figure out how to set things up. With 1Password, our goal is to make security convenient for everyone, so of course, as we consider options for this type of feature, we'll do all we can to ensure that it is simple.

    If selecting options would compromise safety, this would certainly lower my faith.

    Of course, any solution we select would also maintain 1Password's standards of security. Because keeping you secure is what we do. We certainly wouldn't want to lower your faith in our software!

    As is evidenced by this thread, it won't be a simple problem to solve, but I think it would be a great one to have a solution for. :)

  • ideoplex
    ideoplex
    Community Member

    Does it work if we implement a two party rule by having AgileBits provide a public key that is used to encrypt something locally and stored in a shared vault? Then no one party has access to the information.

    I think it is also reasonable for AgileBits to require a fee (I'm thinking hundreds of dollars, if not thousands) to verify the situation and decrypt the information when requested.

    @bwoodruff @sbamberger @HalfBekend

  • You bring up an interesting idea, @ideoplex. We're simply not set up to do that sort of thing at this time, but it may be something we can consider for the future.

    Ben

This discussion has been closed.