How to set up emergency access

2

Comments

  • Manaburner
    Manaburner
    Community Member

    @hanspaint that sounds like a good idea. Is that a special USB stick that has the password protection in its firmware? Or how is the deletion of the data enforced when you enter the passwords wrong?

  • Lars
    Lars
    1Password Alumni

    @Manaburner - kinda curious about that myself. :)

  • hanspaint
    hanspaint
    Community Member

    @Manaburner This is the secured USB stick I use

  • Manaburner
    Manaburner
    Community Member

    @hanspaint Interesting, thanks for sharing. I will have a look :)

  • AGAlumB
    AGAlumB
    1Password Alumni

    Ah interesting. Hopefully "Reset to factory default" requires confirmation of some kind though. That big button makes me nervous. :lol:

  • ccboth
    ccboth
    Community Member
    edited July 2018

    Very interesting discussions going on here. I keep re-reading this thread and comparing it against the "emergency" features of LastPass and Dashlane. I really love 1Password, been using it for years and also have some "local love" for it being Canadian. I really hope a creative and secure solution can be implemented within the 1Password platform.
    Until then, I've given a copy of my emergency kit to a trusted family member that lives in a different city. The question I have about that is:

    • What happens if they get sneaky and try to log in to my account before I want them to or need them to? Is there any prevention to that?

    I certainly don't expect them to, but I'm curious what your response would be in this "what if" scenario.

    Thanks.

  • Lars
    Lars
    1Password Alumni
    edited July 2018

    @ccboth - we don't really have an "official position" on such kinds of questions, because they're dependent on a whole host of factors that are outside of the range of what we can account for within 1Password itself. However, if you're genuinely worried about something like that, then I'd recommend the lawyer method suggested earlier in this thread and elsewhere. Instead of being a family member with potentially conflicting interests and/or varying degrees of competence and trustworthiness (?), a lawyer is someone you pay to carry out exactly such measures for you, and their professional reputation is built on how well they actually do so. They've got experience in handling sensitive documentation of all kinds, and they even enjoy some legal protection from having to disclose any arrangements with you. Yes, a lawyer could be "crooked," too, I suppose...but once we're getting into that kind of territory, we're pretty far afield from a) the realm of likelihood and b) the scope of what a password manager's code can affect.

  • fourwheelcycle
    fourwheelcycle
    Community Member

    This is a very long thread! However, the topic is very important to me and I would love to see 1Password offer a secure emergency access feature.

    To start, I am a long time 1Password user and I don't plan to change.

    I realize AgileBits is very big on secure physical storage, in a safety deposit box or at an attorney's office, as the best way to provide emergency access. However, I am only interested in providing emergency access for our two adult children, one of whom is our executor and DPOA, and neither of whom are likely to hold us hostage so we can't access our email. They already know how to gain physical access to our 1Password credentials in our safety deposit box, and to our estate documents at our attorney's office. However, they do not live near us and gaining physical access would require delays if we ever died or became incapacitated. Another concern I have is that I might be the one to die first, or that my mental capacity might fail, and our DPOA child might need to assist my spouse with our finances - and with the finer points of how to use 1Password!

    AgileBits has also noted the risk of domestic abuse. I doubt an at-risk person would extend emergency access to someone they realized might abuse them, and a domestic abuser could just as easily gain access to their 1P credentials directly, through snooping or physical threat, without needing to use an emergency access feature.

    I recently learned about Dashlane's emergency access feature and I set up an account exclusively to use that feature. My Dashlane account has no login items and only one secure note. The secure note says "Here is my emergency access information: 1Jy56$UWp, eRI89$gher, 465$EHMovw." The info is worthless to anyone who might get into my Dashlane account, but I have separately given our adult children a "What to do if we die or become incapacitated" letter that tells them what these passwords are for. One is for our 1Password account (we use the licensed version, which only needs one password). The other two are for my email account, so they can access 2FA security codes, and my Sync.com account, where I have stored copies of our estate documents and a comprehensive spreadsheet of all our finances.

    Since I have figured out this work-around using a Dashlane account I guess I really don't need a 1Password emergency access feature, but if AgileBits ever develops one I will switch to it immediately and close my Dashlane account!

    Ideally, people who prefer 1Password should not have to open Dashlane accounts.

  • Lars
    Lars
    1Password Alumni

    @fourwheelcycle - thanks for the thoughts/ideas. First off, I sincerely hope you did not just post your actual passwords here 😳. Assuming you didn't, regarding the rest of your post, I'm a little bit at a loss: although a more-comprehensive legacy solution is something we'd like to implement in 1Password, like certain other thorny issues in the past, we want to make sure we do it right, which, when it comes to something like sharing the keys to your most sensitive data in a way that is both reliable in the event of your death or incapacitation and not subject to tampering/easy to hack/phish under normal circumstances and isn't overly complicated to use, is not as easy as it might seem.

    Until such time as we're ready to roll out a comprehensive strategy for legacy management of 1Password data, our recommendation is to use a trusted physical solution such as the safety deposit box solution, or a family attorney, but we appreciate the ideas around this matter. :)

  • nikolaimih
    nikolaimih
    Community Member

    I miss having a digital will in Lastpass - please think of a good solution. In Lastpass I add the email of my girlfriend and parents. So how is being incapacitated a problem. These terrorists would have to take a hold of my parents' emails and kidnap me. By that time i'd be willing to give them the information on my own so they don't torture me...

  • Lars
    Lars
    1Password Alumni

    @nikolaimih - I certainly hope you're not in a position for any of that to be a possibility for you! The issues involved in making sure this is done right, in a way that can't be abused by vengeful ex-spouses and the like, are not insignificant. It's something we'd like to take on in the future, and probably will. But I have nothing to announce on it just yet.

  • AGAlumB
    AGAlumB
    1Password Alumni

    Indeed. I don't think my threat model includes a risk of targeted terrorism or other high-severity stuff, but we do want 1Password to work for as wide a cross section of people as possible, without introducing features which are only safe to use if a person meets X and Y criteria. We want to eliminate the confusion and guesswork often needed to remain secure, not add to it. Cheers! :)

  • JohnReel
    JohnReel
    Community Member

    I also would like this feature. My parents are in their 80's and we use LastPass so that when they die, I'm able to access their finances, etc. Similarly, they have access to mine if I die first. This gives us all a lot of piece of mind and it's only setup with trusted family members. Yes, we can put the key in safety deposit box, but that's kind of what 1Password is already, and doing it all online is much easier.

  • AGAlumB
    AGAlumB
    1Password Alumni
    edited January 2019

    I agree it would be nice to have. And certainly I also like to do things digitally wherever possible...

    However, there's something to be said for the "old fashioned" way. A safe deposit box is something that could be relinquished to someone other than the specific person/people you have the foresight to make some digital arrangements for beforehand, so that there are contingencies for other situations -- for example, if something happens to you and your family while traveling together. The law can be slow to adapt, but it has checks and balances and an infrastructure in place that can survive unanticipated outcomes. Food for thought.

  • mohittater
    mohittater
    Community Member

    So are you guys planning to incorporate the emergency access (just like LastPass has) in the near future? I am a long time paid customer of LastPass and would love to try 1Password premium. But the only feature because of which I am sticking to LastPass for now is the Emergency Access feature. Would love to see it on 1Password soon.

  • Hi @mohittater

    We don't have any such plans at the moment. There are other methods available to accomplish this, as outlined in this thread. We haven't ruled out the possibility, but we also haven't yet found a way to do this securely that we've been satisfied with.

    Ben

  • jonat
    jonat
    Community Member

    I'm another longtime LastPass Premium user trying out 1Password, and the discussion here touches on an important topic for me as I currently have LastPass Emergency Access enabled for my wife to use, should something happen to me (and vice versa).

    I get that 1P currently has no equivalent functionality, which could be blocking for me. The biggest problem I see with the suggestion of giving the "emergency kit" (with password filled in) to an attorney or putting it in a safe deposit box is that I have to remember to do this again should I ever change my master password. The safe deposit box has the additional issue that it is usually inaccessible until AFTER probate clears. None of the other suggestions in this thread, so far, deal successfully with changes to the master password.

    The news has a recent item that is somewhat relevant - the keeper of a cryptocurrency vault who died without anyone having access to the password, leaving more than a hundred million dollars worth of the currency inaccessible. 1Password currently has no protection against that scenario.

    I think the suggested risks of "denied access" are unreasonable. With the LastPass implementation, only someone (with a LastPass account) whom I have previously granted permission to use emergency access, can do so. If my wife locks me in the basement for a week to get at my passwords, I already am in serious trouble....

    I would urge AgileBits to put some additional thought into a "legacy recovery" feature - there is clearly a desire for it and more than one worked example among the competition. Let the users learn about the risk scenarios and decide whether they want to use it. If I understand correctly, the big issue here is that an implementation like that of LastPass requires that AgileBits hold onto some piece of information that, combined with a user key, can unlock a vault.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @jonat - and to 1Password! Thanks for taking the time to share your thoughts and observations on legacy management with us as it pertains to 1Password. It's indeed an issue we'd like to offer a comprehensive solution to in the future, it just hasn't been something we've had time to do as of yet (considering other priorities and demands on developer time). That's true mostly because such a thing would need to be done very carefully, both to meet the standards of security we have for your data but also to avoid some of the very pitfalls you're referring to.

    If my wife locks me in the basement for a week to get at my passwords, I already am in serious trouble....

    I'd question whether it's the job of a piece of software to protect someone against anyone else locking them in the basement for a week; for someone willing to do that, it's just as easy to imagine them hiring a thug to beat your Master Password out of you, which nothing we could do would protect you from. We want to concentrate on providing users reliable security increases in the areas we can actually do something about, instead of getting too far afield with "what ifs."

    The biggest problem I see with the suggestion of giving the "emergency kit" (with password filled in) to an attorney[...]is that I have to remember to do this again should I ever change my master password.

    Yes. Just as you would have to remember (and practice) to memorize the new Master Password in such a case as well. I won't attempt to suggest there aren't risks to encrypting all of your most-important data, but here again, there are limits to how much can be done by us or any password manager to mitigate these risks or prevent you from experiencing them. Your Master Password is your portion of what protects you, but that does indeed mean you can be on the wrong end of the very protection that keeps your data secure and private, if you forget your Master Password. A trusted attorney is bound both by payment (contract) and attorney-client privilege to keep your Emergency Kit secure and private and to disclose it to only those whom you specify under circumstances you specify.

    I would urge AgileBits to put some additional thought into a "legacy recovery" feature - there is clearly a desire for it.

    Indeed! You're not the only person who's approached us about this, and I suspect you won't be the last. And the reason a more-programmatic solution doesn't exist currently isn't that we're opposed to the concept, not at all. What we're opposed to is what we sometimes refer to as "security theater": spending time and resources developing anything which gives only the appearance of actually improving users' security while either not actually increasing it or (even worse) actually making them less secure, perhaps by virtue of the false reassurance that comes with thinking something is protecting them when it is not, or not to the degree (or in the manner) they believe it is.

    Long story short, a truly secure digital legacy feature that does not introduce undue complexity or risks of locking users or heirs out of data is indeed something we'd like to add to 1Password, but as of right now, I don't have anything specific to announce on the topic. I do sincerely appreciate the interest in this, however, and I'd urge you to keep an eye on our blog as well as the release notes for 1Password updates themselves, to check on this issue. Thanks! :)

  • jonat
    jonat
    Community Member

    Lars, thanks for the detailed response, but I feel that you misunderstood/misrepresented several of the points I made.

    Nobody is claiming that a "legacy" feature improves security. Instead, what it improves is "peace of mind". Security is all about risk analysis; we should focus on the risks that are more probable and not tie ourselves into knots over the improbable ones. I never suggested that software should protect me against my wife locking me in the basement - I made that comment in response to your earlier posts about kidnapping and "vengeful ex-spouses". I am far less worried about those things than I am about being hit by a bus and my wife not having access to accounts she will need to deal with. Sure, I could share all those accounts with her now, and maybe that's a solution that is viable for me, but it isn't a general solution for people who wouldn't want to give unrestricted access to others until such time as that's necessary.

    You also seemed to dismiss the real-world risk of a filed letter being out of date because I decided to change the vault password and hadn't gotten around to updating the various documents. Issues like this happen all the time with wills.

    To be honest, the issue may soon be moot for me as I'm finding that 1Password doesn't work well enough for me as a basic password manager to replace LastPass, despite issues the latter has (including poor support.) I am going to give it another couple of weeks to see how I feel about it. (It would REALLY help if there was an index to all your support articles, rather than forcing me to guess at keywords in a search. I keep running into links to articles on topics I was unaware of, making me wonder what else I've missed. If there is such an index, I haven't located it.)

  • Lars
    Lars
    1Password Alumni

    @jonat - my apologies if I misunderstood some of what you said in your earlier post.

    You also seemed to dismiss the real-world risk of a filed letter being out of date because I decided to change the vault password and hadn't gotten around to updating the various documents. Issues like this happen all the time with wills.

    Not dismissing it at all -- they do indeed happen. But like anything else, security (and legacy planning) is a process, not a product -- the end-user needs to ultimately be responsible for making sure these things are properly handled. Various well-designed tools can help a great deal with this, but at the end of the day, no tool can act as a fail-safe substitute for active involvement by the user -- and no setup is perfect or certain to avoid potential problems. In the example I mentioned, changing Master Passwords would require the user to memorize the new one. There isn't any tool or method we can offer that's certain to prevent people from forgetting a Master Password. These aren't attempts to be glib or dismissive, it's relating the experience of seeing both what works and what doesn't, as well as what's worth spending time on relative to other things.

    As I mentioned earlier, we would like to address the legacy management issue in a robust and comprehensive way that doesn't reduce overall security, but until such time as we're able to devote the resources necessary to do that, we recommend the use of a trusted lawyer or a safety deposit box. I really do appreciate you taking the time to share your thoughts with us on the subject and I hope I've communicated that it's not one we're content to let stay as-is indefinitely, only that we're uninterested in doing a half-measure just to keep up a feature checklist battle with various competitors.

    With regard to our support articles, there's no single index because our support site isn't structured that way. It used to be structured in more of an old-school, indexed owner's manual style once upon a time, but hasn't been for a few years now. The search feature works remarkably well with just two or three words about what you're trying to do or find out about. And we're always here if you have specific questions. You can also send private questions or issues to support@1password.com if they're things you'd rather not have in this public forum. Hope that helps. :)

  • jegra
    jegra
    Community Member

    I realize this thread is a bit dated, but just wanted to chime in on this issue. I'm currently trying to decide on a password management system for my family, and find that I like 1password the best of the services I've tested -- however, the glaring exception of an emergency access feature is making this a difficult decision. The idea that I need to secure an attorney or rent a safe deposit box seems excessive to me. I understand your abundance of caution, and the scenario of a domestic abuse situation is certainly a concern, but keep in mind that this feature would be optional - no one is being forced to use it. Someone who doesn't trust their partner or family members could simply not activate the feature. For those of us that DO trust our family members, this is a critically valuable feature that would put our minds at ease. I hate the idea that a printout with my key and master password could exist in the world. At the very least, even with this, you should add a timeout period where access could be blocked by me if someone tries to utilize the credentials on that printout (perhaps it's an alternate (emergency) master password that's used that triggers this behavior?). Having that sheet of paper exist, where it could fall into someone else's hands (outside of my immediate family group) seems like a far greater threat than the idea that one of my immediate family members would tie me up in the basement for 48 hours. This should be an optional feature that families can choose to use if they so desire, and choose to ignore otherwise. All other systems I've been reviewing offer this -- I really think 1password should offer this as well.

  • Thanks @jegra. I can certainly understand the use case and the desire for a system that doesn't rely on an attorney or safe deposit box. Perhaps as we continue to grow this is something we can take another look at. That said, I wouldn't anticipate any change here in the immediate future, and so I would be remiss if I didn't recommend that you make your decision based on what is currently available. I wouldn't want to be responsible for giving false hope that a feature is coming, when we have a policy of not pre-announcing such things. I honestly don't know that this is something the team will choose to pursue, and even if I did I couldn't share it at this stage.

    Thanks for taking the time to chime in with your thoughts on the situation.

    Ben

  • jegra
    jegra
    Community Member

    Thanks, @Ben -- I appreciate the response. And just to reiterate, aside from this one feature, I found your product to be the best of the pack. Wishing you continued growth and success in 2020! :)

  • Many thanks for the kind words. :) Happy new year.

    Ben

  • EmergencyAccess
    EmergencyAccess
    Community Member

    Just wanted to echo what Jegra said - we use 1Password and love it, however I am setting up a legacy binder for our family and agree, I'm very saddened by the lack of an emergency access link or electronic means of passing along information to families. It's somewhat archaic and annoying to have to update a piece of paper with a password written on it for family (and we update our passwords often as my husband works in security). I'd really appreciate an emergency access similar to this: https://support.logmeininc.com/lastpass/help/set-up-and-manage-emergency-access-lp030013 or this: https://support.passwordboss.com/hc/en-us/articles/115001354387-Setting-up-Emergency-Access
    And the lack of one makes me seriously consider switching password vaults.

  • Lars
    Lars
    1Password Alumni

    Welcome to the forum, @EmergencyAccess! Thanks for adding your voice. To be clear, we don't recommend regular password changes, and for whatever it's worth, neither does NIST, any longer. We never agreed that scheduled password changes (especially on a short schedule) did much to increase security, and we were gratified to see one of the original sources of such advice reversing themselves.

    As Ben mentioned above, we'll continue looking into a secure way to do legacy management, but for the present, nothing is actively in the works, so I'd suggest taking that into account if this is a critical feature for you. Thanks again for taking the time to let us know this is important to you.

  • Zaka7
    Zaka7
    Community Member
    edited January 2020

    @EmergencyAccess It doesn't have to be "Archaic " If you use a family account,

    You can simply set up a recovery vault as I have done with my family. This contains our email accounts, and as more than 1 of us are Family Organisers, recovery can be initiated and completed.

    Failing that, you could just have a copy of your 1Password log in in this vault if you didn't want to make anyone else a family organiser.

    Just a thought, it isn't a one case fits all. But from some of what I have read there are security risks with the access methods others use, and this is one of the reasons I chose 1Password. They don't just add nifty features because people want them, they think about and implement the security model of them first.

    On this note it has got me thinking, what would 1Password suggest is the safest of the two methods I propose.

    My current emergency method is having 2 family organisers and a shared recovery vault with email accounts and recovery instructions. Which I share with the other organiser.
    Should I keep this method or should I just 'cut out the middle man' have 1 organiser (Myself) and share the Recovery vault with another family member containing my 1Password log in entry? That way if anyone locks themselves out or passes on, I can recovery their account, but if I myself do it, other members can see my details in their shared vault,

    Thoughts? @Ben @Lars @brenty @ag_ana

  • @Zaka_7

    As you say there isn't a "one case fits all" situation here, and as such I'm not sure I'm in a position to recommend one over the other to you. Both sound like valid possibilities. Which will be more appropriate depends on your family dynamics, etc. :)

    Ben

  • Zaka7
    Zaka7
    Community Member

    Thanks @Ben I've decided to go for the latter, so I now have 1 family organiser and a recovery vault with 2 sets of credentials :)

  • ag_ana
    ag_ana
    1Password Alumni

    Thank you for the update! And on behalf of Ben, you are welcome!

    If you have any other questions, please feel free to reach out anytime.

    Have a wonderful day :)

This discussion has been closed.