I am not planning to die anytime soon, but sometimes things happen. Beyond securing my 1Password details in an Escrow account, or with a lawyer, or in a bank lockbox, does 1Password offer any means of allowing one or more designated member of the 1Password Families account to access the 1Password account in case of the primary owner's passing? Apple now offers the ability to add one or more https://support.apple.com/en-us/102631 so that in case of your untimely demise, an Access Key and a Death Certificate allows Apple to grant the holder of both of these to get a new Apple ID that has access to your Apple ID Account. It may be something 1Password wants to consider, though I realize that reviewing Death Certificates may not be on the high list of priorities for the team! 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided

As I age and see the disarray some family members have left for others, I want more and more not to leave a mess for my survivors. This is really, really important. If 1PW is not yet ready to implement a specific purpose-built program for this, I would really appreciate a comprehensive discussion on the website (not abbreviated in the Community) as to all the potential work-arounds we could use. It should be written for laypeople, and not laden with shoptalk.

@ooglek We do not have any available options like what you're seeking. Well, short of sharing the Emergency Kit and password. I hope that will change. For now, I've shared my Emergency Kit with my adult children, and I keep my password secured in a safe (inside a sealed envelope), which will be opened when I pass. It's a grim subject, but you are 100% correct. It is one that needs to be addressed beforehand. I recommend ensuring anyone in a family membership has a secondary organizer. 🚑 Recover accounts for family or team members I went through this several years ago with my wife. We prepared using the above method. We thought I would be the first to go. That didn't happen. Life throws you those curveballs. I can let the team know this subject is also on your mind. ref: PB-37977565

Hello, Different companies take different approaches but I hope 1Password will develop a solution for access sharing that covers three cases: Death Accident that prohibits a victim to share a password Memory loss (eg. Alzheimer disease) I would prefer is simple solution that requires no intervention form 1Password: it can be as easy as a mail that's send to several addresses with instructions and a link to one or more secured passwords when I have not used the 1PW client for a couple of weeks. For what's it worth: we now use the Password Recovery Code functionality from 1Password. We don't want a burglar to have full access to all passwords because he stole one paper document so our sisters and brothers have part of the recovery key and part of a LUKS encryption key in a closed envelope and a LUKS encrypted SD card with an export of the password manager, an export of all 2FA codes, recovery codes, recovery files etc. etc. Thanks. 1Password Version: Not Provided Extension Version: Not Provided OS Version: Not Provided Browser: Not Provided

Hi, I'm also interested a lot in this legacy/emergency access. Bitwarden and Ente have it. For now I'm forced to have this convoluted setup: - print the Emergency Kit, give it to family members - I use an open-source third party emergency access service (https://weexpire.org/) to E2EE encrypt a note with my 1Password master passphrase. With a 7 days wait time - it gives me a link (containing the encrypted note) and an access code that I put in an item "in case of emergency" in a shared vault with my family member/emergency contact When needed they open the link, provide the access code on the website, wait 7 days, re-open the link, get my master passphrase, use this with my emergency kit they already have to connect to my account. Clearly not ideal for ease of use

I’ve been actually working on this whole project when I stumbled over this discussion. Everything I’ve been trying to do would be cured with a proper and secure legacy access person assigned. I sure hope someone gets this project evolving as soon as possible.!

1Password Access after Death, Legacy Contacts

130 Replies

Djeross
New Contributor
2 years ago
This is one of the most critical features to add. I don't want to store my password anywhere, or entrust anyone.
The bitwarden way of doing things is, for now, the best way I've seen.
Hope this will get implemented soon.
Regards.
1P_Tommy
Moderator
2 years ago
dragon1

1Password does not have such an option at this time. Who knows in time we may. It is something I would like to see. Recovery codes are the best suggestion at this time. That's in addition to the account recovery option from the family organizer.
dragon1
Dedicated Contributor
2 years ago
After reading all the posts I'm asking myself what all the answers and the 'recovery code for familiy members' has to do with the topic???

Isn't he asking for something easy Bitwarden is offering for a long time...

A family member dies > I will request to access his data (if he allowed it) > I do get the chance to by waiting an amount of time > if he does not refuse the request (death, serious illness or something else) I do get access.

This is something different than a recovery code you're talking about.
1P_Tommy
Moderator
2 years ago
Thanks folks I submitted the feature request. I really hope this is something we can excel at at after all passwords are very much a digital legacy.
lopinc
Occasional Contributor
2 years ago
Former Member I understand your point, but I would argue that printing all that information is insecure in its own right, especially if a recovery code now negates the need for the combined 1P password+security key. Any future LP breach can be mitigated by changing the # of rounds of encryption cyphers used to a high and random 6-7 digit number, which I've done, as well as change all of the passwords contained within it (which I would have had to do anyway whether I moved to 1P or not). At this point, my encrypted LP vault is more secure out in the open than all those codes put on paper, and I get the benefit of true emergency access. Pro's and con's and to each their own.

But again, the whole point of this is that all 1P has to do to win my business is to implement a feature that apparently many people are asking for and their competition already has. Their move.
Anonymous
2 years ago
lopinc

Well my solution is to use LP until 1P implements it. :)
The history of security breaches of LastPass is a knockout criterion for LastPass. Even if it provides some very valuable feature, the service is simply not secure. It cannot be used, if you really value security. If I had been an LP customer, I would have canceled and deleted my account the day their last big breach became public a year and a half ago. No matter their shiny user interface.

The two workarounds 1Password provides by either printing emergency kit, password and mfa qr code or printing the recovery code and ensure you're not losing email access by also printing the email password and email mfa QR code of that might seem tedious, but this will work.

The problem is that the password service must distinguish the rightful owner of an account from an attacker who attempts account recovery using stolen information to gain access to the account. Today, common account recovery is performed by still having some secret, while other secrets have been lost or compromised. Legacy access for your heirs is no different. It's required the service distinguishes your heirs from some attacker who gained the same information that's available to your heirs.
thedean
Frequent Contributor
2 years ago
lopinc

Yes, you can put your current 2FA seed directly into 1Password and use it the same way you would use any other authenticator app (like Google, LastPass, Microsoft, etc.). I prefer it over other apps, because 1Password will auto-fill both my password and my 2FA code for me --- all hands free. You can find the documentation here: https://support.1password.com/one-time-passwords.

If LastPass works for you, that's great. I dropped LastPass when they got hacked. There is risk in every decision we make. We all have to make our own personal choice about where we land on the risk/reward curve.

Dean
lopinc
Occasional Contributor
2 years ago
thedean what do you mean by a "plug-compatible" authenticator? Do you mean you're putting the 2FA seed in the vault?

In the way that LP implements it, you have a pre-defined amount of time to deny the emergency access request (x hours/days/weeks) that you can set before access is granted so that if the request for access isn't legit, you can deny it, so trust isn't an issue.

Well my solution is to use LP until 1P implements it. :)
thedean
Frequent Contributor
2 years ago
lopinc:

I understand your concerns.

I too have 2FA on my email account. I use 1Password's plug-compatible authenticator in place of Google's authenticator. So, when I save my email address and password in a vault that my family organizer shares, she automatically get my email 2FA key as well. So 2FA is not an issue for me. And I actually prefer 1Password's authenticator over Google's because I think it is a lot easier to use.

I understand your concern about your trusted person's account getting hacked because of their carelessness with protecting their master password or secret key. But I would argue that if you are worried about that, then you have trusted the wrong person. Trusting a person means more than just trusting their honesty. It also means trusting that they have the capacity to properly safeguard the secrets with which you entrust them. If you don't have that confidence, then you should find another person who embodies both those qualities. Also, even if 1Password were to implement a perfect fully automated legacy system today based around the recovery key, you would still have the same problem if you didn't trust that person to properly care for the recovery key.

Finally, yes you are correct that the larger issue is that 1Password should provide an automatic emergency access feature. And as I said before, my short-term solution is not perfect. But I refuse to be paralyzed by inaction and not implement a good solution today because I don't have a promised perfect solution right now.

I hope this helps.
Dean
lopinc
Occasional Contributor
2 years ago
thedean thanks but my email is protected by 2FA so just the password wouldn't be enough (can't assume they'd have access to my authenticator app, what if my phone is lost with me). Also, what happens if the trusted person's 1P account gets hacked for some reason (trusting them doesn't mean they chose a good password and/or kept their secret/recovery key safe, etc).

The larger issue is that we shouldn't need these convoluted work arounds, 1P should ideally provide a true emergency-access-if-something-happens-to-me solution the same way LastPass does, and since recovery keys are now a thing, it's technically possible, it just has to be implemented. Hopefully they'll get around to it.

Forum Discussion

1Password Access after Death, Legacy Contacts

130 Replies

Featured discussions

November at 1Password: the Access-Trust gap, planning your estate, and an updated unlock experience

Recent discussions

Safe Operations ?

Ongoing Autofill Issues on Android

Support for Zen browser

Pixel 10 Pro Issues

1Password extension (Chrome/Edge) not integrating with desktop app.