(Automating) Archiving of Selected Passwords (for Digital Executor)

@woodenbrain

BTW: I'm not Dead Yet.

Whew! 😳 I'm not sure I'm capable of providing customer support via seance. 😉

Digital legacy is something we've been giving a lot of thought to, lately. Can I ask: is this executor a family member who might also benefit from using 1Password? Because we've created 1Password Families memberships for just such situations. With 1Password Families, up to five people can each have their own 1Password account as part of the 1Password Families account, and you can share vaults with only certain people. For digital legacy stuff, you could move any items you wanted to be part of this into a separate vault you share with only your executor. They'd be available to you and to that other person, but no one else. Does that sound like what you're looking for?

@woodenbrain - OK, thanks for the clarification. If you want to share these items only after your death, and you're committed to standalone 1Password, then the way to go about this would be as follows:

1. Create a new vault by using the File > New Standalone Vault command. Once you do, you'll see a window like this:
   
2. Give your new vault a name and - most importantly - a vault password.
3. Consider creating a Secure Note in your Primary vault in 1Password that has the password for the newly-created vault. This will allow you to access it even if you forget it.
4. Select the items you'd want an executor to have access to, and move them into the newly-created vault using these instructions.
5. Visit Preferences > Sync and select the newly created ("Executor") vault.
6. Use the drop down to select "Folder" as your sync method. You'll get a selector like this:
   
7. Click "Choose" and a Finder window will appear, allowing you to select where to place the sync keychain.
8. IMPORTANT - Choose a permanently attached external drive or a USB flash drive as your location. Anything else will not be visible/usable to anyone but you. Placing the sync keychain (OPVault) in a removable drive means that anyone who knows the vault password will be able to - in the event of your untimely demise - attach that same drive to their own Mac or PC, download 1Password and import the data from that file. The OPVault is of course encrypted, so anyone without the vault password will not be able to access it.

If you're comfortable using the sealed-letter in a safety deposit box (or with a lawyer) method of passing along the vault password to your executor, this should work for you. NOTE: if you choose a USB flash drive, you MUST have that drive inserted when you use 1Password, because it will need to access the OPVault to keep in sync any changes you make while using 1Password. If it's an external hard drive, it must be a) attached (which would probably be all the time, so not a big deal), b) turned on and c) mounted, for the same reason.

@woodenbrain

Why a USB flash drive or external drive and not a Shared Folder on my boot drive?

The way Apple does the official "Shared" folder really isn't fully shared so anyone can access it. It can cause sync irregularities with Folder sync in a way that locating the OPVault on a physically separate drive will not.

Will this method not work on the new subscription model?

Well, that was what I was describing to you with my 1Password Families suggestion. There are a few ways to use 1password.com accounts. You can have an individual account, which would mean: only you (and anyone else with whom you shared your Master Password and Secret Key -- something we do NOT recommend). You could put your Master Password and Secret Key for your individual account into that "only upon my death" letter...but that wouldn't solve the problem of giving your executor ONLY those logins/credentials you wanted them to have. If you had an individual account and you give someone else the Master Password and Secret Key, they would be able to see (and edit/delete/change) EVERYTHING. If you want the executor to only have access to what you want them to see, this won't work for you.

The other ways to use a 1password.com account would be either 1Password Families or 1Password Business. Each of these allows much greater flexibility with sharing, but again, there's no way to "time-lock" or "dead man switch" a single vault. For the present, whoever in your family/team/business you give access to any specific vault...has access to it, now and forever (or until you remove them). And you said you didn't want this because you didn't think your aunt would use 1Password and even if she did, you didn't want her to have access to this stuff except in the event of your death. So again, not really suited to your use-case as things stand now. We're looking into a way to handle digital legacy issues in a comprehensive way in 1Password.com accounts in the future, but any such solution is a ways off.

That leaves the standalone setup, which, coincidentally, is what you already use, and what I gave the above instructions for. That's mostly why I used the phrase "committed to standalone 1Password" -- because 1password.com account/subscriptions have been available for more than two years, so I assume if you'd wanted that, you'd have switched a while ago. Apologies for making assumptions.

No need to apologize, it was an accurate assumption. Like many, I abhor subscription models for software and deeply wish agile would revisit.)

@woodenbrain: If you're suggesting that we ditch 1Password.com memberships and go back to the bad old days where everyone — even novice users – had to deal with sync configuration and conflicts, respectfully, we're not gonna do that. We offer both options for a reason: different strokes for different folks. :)

My concern here is investing time in setting up a system (including providing instructions and a safebox) for something that may not exist (this standalone 1password going forward, or even 1password at all).

I'm not sure I follow. If you setup an additional vault, it will be available so long as you don't lose it in a drive failure or something.

I think you guys should consider this application a feature you want to support in whatever flavor of the product.

Like many things, it just isn't something we can do with the standalone 1Password apps. We can't count on what sync method or vault format folks will be using. There's no server component — at least not one we have any control over — so assumptions that we can make with 1Password.com and features we can build on top of that just aren't an option. Heck, that's why we took the time to build 1Password.com in the first place, so we have an infrastructure in place we can use to enable things like simple and secure intra-account sharing and recovery. You can have those things, but they depend on all of that infrastructure. Conversely, you're free to keep using the standalone version, syncing, backing up, and sharing your own data, etc. Can't have it both ways though.

@woodenbrain

There's a lot here I don't understand...You can still offer your sync service and 1password.com access by charging a flat fee with a license. You could even say the license and the access are good for 3 years. Which is still a subscription model but not one of this nature.

Now I'm the one who doesn't understand what you're asking for that isn't already available. Or I guess more properly, I'm intrigued. Because what you've just described -- allowing users access to 1password.com, but via a 3-year "license" -- is definitely a subscription model, as you said. Why would you want to pay for three years of access up front? If you decided something was intolerable about the app or the service or our business practices or anything else in, say, month four or five, you'd lose the entire rest of that money you spent.

Our current service offers either monthly or annual payment options already. Are you saying you just don't like the lengths of time (monthly, annually) we offer? You'd prefer three years instead of one? If that's the case, you can actually do that right now as well if you want. Purchase a 1password.com gift card in a $125 denomination, then use that to sign up for 1password.com instead of a credit card. If you have an individual 1password.com membership, the $35.88/yr would last you almost three and a half years (and if it was a 1Password Families membership, it would last over two years). Done. :)

I could invest time and money in setting up a solution for a Digital Executor based on a standalone app, only to die and find that the standalone app – or 1password in any flavor – is no longer available.

If we were to vanish tomorrow, copies of 1Password app installers for various versions would be available in web archives, from other users, all over the place. We have no intention of going anywhere, but if you're trying to prepare for every eventuality, I'd recommend you download the installer for the version you have a license for, and keep multiple redundant copies of it, as well as of macOS (after all, who knows, Apple might go poof too, if we're entertaining a thought-exercise). That way, you and anyone with access to your computer or offsite data could re-install 1Password if necessary.

Then there'd be no way for a DE to open the vault. Or even worse, the app could still be run, but whoops, the license just expired, and the company no longer exists.

1Password licenses do not expire. They don't include free upgrades forever - they are instead for good for the version purchased - but we do not limit your ability to install the licensed version and "unlock" it with a license you purchased, no matter how old. You cannot license version 7 with a version 2 license, but if you have a license for version 5, you can use it to license version 5 forever.

Moreover, if you have a working copy of the 1Password app, and 1Password data, not being licensed means you cannot add to, change or delete any of your data. But it can be unlocked in the app with your Master Password, the data can be viewed, and you can even export it to a few different formats (including unencrypted), to take with you elsewhere. Your data is yours.