I am not planning to die anytime soon, but sometimes things happen. Beyond securing my 1Password details in an Escrow account, or with a lawyer, or in a bank lockbox, does 1Password offer any means of allowing one or more designated member of the 1Password Families account to access the 1Password account in case of the primary owner's passing? Apple now offers the ability to add one or more https://support.apple.com/en-us/102631 so that in case of your untimely demise, an Access Key and a Death Certificate allows Apple to grant the holder of both of these to get a new Apple ID that has access to your Apple ID Account. It may be something 1Password wants to consider, though I realize that reviewing Death Certificates may not be on the high list of priorities for the team! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided

As I age and see the disarray some family members have left for others, I want more and more not to leave a mess for my survivors. This is really, really important. If 1PW is not yet ready to implement a specific purpose-built program for this, I would really appreciate a comprehensive discussion on the website (not abbreviated in the Community) as to all the potential work-arounds we could use. It should be written for laypeople, and not laden with shoptalk.

@ooglek We do not have any available options like what you're seeking. Well, short of sharing the Emergency Kit and password. I hope that will change. For now, I've shared my Emergency Kit with my adult children, and I keep my password secured in a safe (inside a sealed envelope), which will be opened when I pass. It's a grim subject, but you are 100% correct. It is one that needs to be addressed beforehand. I recommend ensuring anyone in a family membership has a secondary organizer. 🚑 Recover accounts for family or team members I went through this several years ago with my wife. We prepared using the above method. We thought I would be the first to go. That didn't happen. Life throws you those curveballs. I can let the team know this subject is also on your mind. ref: PB-37977565

Hello, Different companies take different approaches but I hope 1Password will develop a solution for access sharing that covers three cases: Death Accident that prohibits a victim to share a password Memory loss (eg. Alzheimer disease) I would prefer is simple solution that requires no intervention form 1Password: it can be as easy as a mail that's send to several addresses with instructions and a link to one or more secured passwords when I have not used the 1PW client for a couple of weeks. For what's it worth: we now use the Password Recovery Code functionality from 1Password. We don't want a burglar to have full access to all passwords because he stole one paper document so our sisters and brothers have part of the recovery key and part of a LUKS encryption key in a closed envelope and a LUKS encrypted SD card with an export of the password manager, an export of all 2FA codes, recovery codes, recovery files etc. etc. Thanks. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided

Hi, I'm also interested a lot in this legacy/emergency access. Bitwarden and Ente have it. For now I'm forced to have this convoluted setup: - print the Emergency Kit, give it to family members - I use an open-source third party emergency access service (https://weexpire.org/) to E2EE encrypt a note with my 1Password master passphrase. With a 7 days wait time - it gives me a link (containing the encrypted note) and an access code that I put in an item "in case of emergency" in a shared vault with my family member/emergency contact When needed they open the link, provide the access code on the website, wait 7 days, re-open the link, get my master passphrase, use this with my emergency kit they already have to connect to my account. Clearly not ideal for ease of use

I’ve been actually working on this whole project when I stumbled over this discussion. Everything I’ve been trying to do would be cured with a proper and secure legacy access person assigned. I sure hope someone gets this project evolving as soon as possible.!

1Password Access after Death, Legacy Contacts

130 Replies

1P_Tommy
Moderator
2 years ago
You're most welcome and I'd be happy to add your voice. It'll be there with with my own. :)
thedean
Frequent Contributor
2 years ago
lopinc

Please scroll up and read my post dated May 16. I discussed how to provide email access in the process I designed for to allow for legacy access to my 1Password account. For a family account, the process is pretty simple. Just set up a shared vault with your trusted family organizer that contains only my email address and password. That way, in an emergency, through the standard family recovery process he/she can easily gain access to all my vaults if necessary. Since my family organizer is a trusted friend, I do not lose sleep over them abusing my email account.

The process becomes a little more complicated if you have a individual account and a recovery key (and no shared vault). But in that case, you can provide your recovery key, email address and password to your executor, trustee or power of attorney in a legal document (like your will or trust) only to be used in the event of your demise.

In either case, no one else has access to your master password or secret key unless you become incapacitated. Neither process is totally perfect, but I don't believe in making the perfect the enemy of the good. I feel these two options are good enough until such time as 1Password provides a completely automated process.

I hope this helps,
Dean
lopinc
Occasional Contributor
2 years ago
1P_Tommy got it, and yes please add me to the list of people who want a true "Emergency Recovery" type feature, which is hopefully even easier to implement now, thanks.
1P_Tommy
Moderator
2 years ago
No worries! It can get confusing especially around recovery and adding a new method. Recovery is one thing we want to ensure everyone understands vs. being in a very bad situation.

The statement above would have been from the viewpoint of a user self-recovering their account with a recovery code. The recovery code would take the organizer out of the picture (using the code). They (the organizer) would never know a recovery took place. Again, with the code. To be clear with a recovery code you would not need to provide it to an organizer expect in legacy type situation. At least, that is the only time I can think of you'd provide it to them. Even then, the organizer may not be the heir/executor in charge of your estate. In such a situation, the organizer would likely not need to know the code. Only the executor or some other person you feel comfortable leaving the details to would need to access it.

In an estate-type situation, the executor would likely receive the code with the will and other essential papers. They would also need to know the password to the email account to complete the recovery process.

I would summarize it like this (My description as I might relay it to my children, who are my heirs.)

Recovery code - Self-recover or estate situation.
Recovery from a Family Organizer - assisted recovery or estate situation.

Both recovery options would require access to the email address/account.
lopinc
Occasional Contributor
2 years ago
1P_Tommy That's unfortunate, so even in the Family account context it doesn't eliminate the catch-22 of needing access to the family members email password that's in their vault which is inaccessible without the email password. :)

I was confused by the statement here: https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest which said under the "Multiple Recovery Methods" section, "1. They won't need to wait on someone else to confirm their recovery" - I thought that could mean that as long as the family organizer doing the recovering verified the process, the family member being recovered wouldn't have to themselves verify. Thanks.
1P_Tommy
Moderator
2 years ago
Yes, you need to know the email account password and or have access to it no matter the method used. The email is one of the key details for the account.

https://support.1password.com/recovery-codes

When you use a recovery code:

You’ll need access to the email address associated with your 1Password account to verify it’s you.
...

https://1password.community/discussion/comment/711218/#Comment_711218

Both require access to the users email.
lopinc
Occasional Contributor
2 years ago
1P_Tommy No I realize the individual user is creating a recovery code for themselves, but I guess what isn't clear is if the family organizer can use that code without access to that family members email. According to https://support.1password.com/recovery-codes a verification email is part of the recovery flow, so that won't work if the family member is unavailable/incapacitated/etc.

Are you saying the recovery code process for families doesn't require email verification? If so is that recovery flow documented anywhere? Thanks!
1P_Tommy
Moderator
2 years ago
The recovery code would allow anyone to access the data in the users account. It is a way for you or anyone to recover the account. Typically the recovery code would be used by you.

Using a recovery code allows Family Organizers and Family Members to self-recover their accounts in case they forget their account password or lose their Secret Key/trusted devices.

Perhaps you're thinking the Organizer is creating a code for the family member? That is not the case, each member would need to to create their own from inside their account. When I create the code I am doing so for my account as the Family Organizer. You or the family member would need to print their own and keep it safe.

tl;dr Yes the Private/Personal vault woud be accessible using this method. The key is self-recover
lopinc
Occasional Contributor
2 years ago
1P_Tommy I'm talking about the new beta feature for 1P families that you posted about: https://1password.community/discussion/145903/recovery-codes-for-families-beta#latest

Nowhere on that page does it say if the family organizer would then have access to the other persons vault if the new recovery code method is used, that's what I'm trying to confirm.

The issue with the existing assisted recovery for Families is it requires the other persons involvement as you noted, which in an emergency situation (like death), may not be possible.
1P_Tommy
Moderator
2 years ago
lopinc

A recovery code would/could be used by you or your heir in that situation. Assisted recovery from a Family organizer would not need the code and would be one in which you or your heir actively participate. Both require access to the users email. The following may help.

Generate and use recovery codes

Forum Discussion

1Password Access after Death, Legacy Contacts

130 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

I didn't reset nightly version

Multiple login parameters in android app

How do I transition from 1:1 mapping of authentication and authorization to simpler options?

Safe Operations ?

Ongoing Autofill Issues on Android