1Password Access after Death, Legacy Contacts

Having skimmed through the white paper I don’t understand what is the problem with implementing the following scheme:

Assigning an inactivity period to a vault and a next of kin assignee who is part of the team/family.

Example of work flow:

1) Alice creates a family and shares with Bob their every day activities in a shared Vault
2) Either Alice or Bob invite their executor and lawyer Lawrence to their family. Perhaps even as a guest.
3) Lawrence signs up and creates his own profile along with secret key and account password
4) Lawrence is initially not given access to any vaults.
5) Alice assigns Lawrence as the next of kin on the “Shared” vault she and Bon share.
6) Alice chooses an inactivity period on that vault of 180 days. Thinking even a prolonged hospital visit of her’s where Bob is still alive and functioning and caring for her needs shouldn’t have him out of his 1Password daily activities for more than 180 days.

… after 180 days of inactivity
7) 1Password service does the same thing it would normally do to share the vault with Lawrence. The vault key is encrypted with Lawrence’s public key and he is granted access to the items in it.

Why is such a scheme so hard to implement? There is definitely no lack of interest and need for this feature.

EDIT: mildly infuriating is that this scheme is available today with a business account (for the event logs feature) and a kiddy script using 1Password CLI running on any cloud server or a few of them as the action itself is idempotent.

That's exactly what I did Djeross. Eventually, I just moved to BW

I may add, this has been requested for many many many many many... years now.
It's really disappointing and hard to believe that nothing has been done to definitely solve this matter.
I'm even considering to pay for a premium bitwarden account, just to store credentials for my 1P account and take advantage of their "Trusted emergency contacts".
Or maybe I should just pay this premium account to... use it instead of 1P completely ?
Let's see what happens in the next months.

Yes... Completely agree with Djeross. As morbid as it may sound, I have moved everything over to Bitwarden mostly for this reason.

This is one of the most critical features to add. I don't want to store my password anywhere, or entrust anyone.
The bitwarden way of doing things is, for now, the best way I've seen.
Hope this will get implemented soon.
Regards.

dragon1

1Password does not have such an option at this time. Who knows in time we may. It is something I would like to see. Recovery codes are the best suggestion at this time. That's in addition to the account recovery option from the family organizer.

After reading all the posts I'm asking myself what all the answers and the 'recovery code for familiy members' has to do with the topic???

Isn't he asking for something easy Bitwarden is offering for a long time...

A family member dies > I will request to access his data (if he allowed it) > I do get the chance to by waiting an amount of time > if he does not refuse the request (death, serious illness or something else) I do get access.

This is something different than a recovery code you're talking about.

Thanks folks I submitted the feature request. I really hope this is something we can excel at at after all passwords are very much a digital legacy.

Former Member I understand your point, but I would argue that printing all that information is insecure in its own right, especially if a recovery code now negates the need for the combined 1P password+security key. Any future LP breach can be mitigated by changing the # of rounds of encryption cyphers used to a high and random 6-7 digit number, which I've done, as well as change all of the passwords contained within it (which I would have had to do anyway whether I moved to 1P or not). At this point, my encrypted LP vault is more secure out in the open than all those codes put on paper, and I get the benefit of true emergency access. Pro's and con's and to each their own.

But again, the whole point of this is that all 1P has to do to win my business is to implement a feature that apparently many people are asking for and their competition already has. Their move.

lopinc

Well my solution is to use LP until 1P implements it. :)
The history of security breaches of LastPass is a knockout criterion for LastPass. Even if it provides some very valuable feature, the service is simply not secure. It cannot be used, if you really value security. If I had been an LP customer, I would have canceled and deleted my account the day their last big breach became public a year and a half ago. No matter their shiny user interface.

The two workarounds 1Password provides by either printing emergency kit, password and mfa qr code or printing the recovery code and ensure you're not losing email access by also printing the email password and email mfa QR code of that might seem tedious, but this will work.

The problem is that the password service must distinguish the rightful owner of an account from an attacker who attempts account recovery using stolen information to gain access to the account. Today, common account recovery is performed by still having some secret, while other secrets have been lost or compromised. Legacy access for your heirs is no different. It's required the service distinguishes your heirs from some attacker who gained the same information that's available to your heirs.