I’m confused about this new “recovery key” feature of 1PW.
I already have a Master Password, and an access key that I need to set up a new device. By my understanding, that gets me into everything.
Now they have Recovery Keys, which apparently allow me to (with the key and email) get into my account if I get locked out somehow.
Isn’t that why I have my MPW and the access key? Is there some risk of the MPW/access key combo NOT working?
The recovery key can be used in case you have forgotten your Master Password or your Secret Key.
It is a feature that previously already had been available for families or teams. If somebody forgot his / her Master Password or the Secret Key, the family organizer or team owner/administrator was able to recover the account in question or create a recovery code for his/her own account.
But you could not create a code for yourself, if it was no family or team account. Now, you can. If you make sure not to forget the Master Password and the Secret Key, the Recovery Key is not needed. There is no risk of the MPW/Secret Key not working. The Recovery Key is a feature to mitigate the user risk of forgetting his/her MPW/Secret Key. Then again: if you forget the MPW/Secret Key AND your Recovery Key, you are still lost. I have created a Recovery Key, but I am pondering about deleting it again.
My understanding is that the recovery keys are a backup in the event that you forget your password. After all, the password to get into your password manager is the one password the password manager can’t help you remember.
Exactly.
I am starting to think that the “old” option of just using the Emergency Kit and to “store” it on paper may be the better option.
Seems like a potentially smart option from a behavioral perspective. After years of many services’ mandatory 2FA, recovery codes should be a more familiar concept than emergency kits.
And coming next year, a special key to help you if you recover your Recovery Key in case you misplace it, your Secret Key, and your MPW. 
I get the potential utility, but I find myself wondering how many levels of indirection we really need for this stuff.
I think I read somewhere that one of the benefits is that the Recovery Key only works if you (already) have access to your email, which makes it a little bit safer to print this key and store it somewhere (compared to your Recovery Kit, which contains all the info to get into your account).
A bad actor can get into your 1Password account if he gets (physical) access to your Recovery Kit, but not with only the Recovery Key (unless he can also access your email).
Of course that cuts both ways, since at the point where you don’t have access to 1PW on ANY device there’s a good chance you don’t have access to your email as well.
Indeed; if you don’t know your email password and need 1Password to get it, a Recovery Code won’t help.
Actually, it is quite good at helping you remember because it makes you type it in every two weeks.
And if it generates 2FA codes, it’s the one app it can’t generate them for.
Maybe I should have said ‘…can’t remember for you’. Although, one technically could save the password within, but it would be rather useless if you can’t remember it to access it.
Regardless, another potential use-case for the recovery keys is in the event of your untimely demise. With the recovery keys printed and locked in a secure location, your loved ones could potentially use them to get access to your passwords and then get access to your various digital assets/accounts to cancel and/or close them. Presumably, this copy of the recovery keys would include instructions so they are not left to figure things out on their own. And the instructions would also need to include specifics on how to access your email account as that would be required to use the recovery keys.
Actually, the good old Emergency Kit may be a better option also for that.
With the recovery key your loved ones would still need access to your email account. The Emergency Kit on the other hand would provide them with everything they need. Without the need to have access to your email account (which in many cases they probably won’t have anyway).
I was thinking about that scenario but…
…then I thought that’s what this was for.
In other words… I don’t understand what all the options are for. I have a recovery kit, but don’t yet understand whether I will benefit from recovery codes.
One thing I keep meaning to do, now that my wife is finally using 1P, is to store my master password in her vault and vice-versa. I think that protects against either one of us simply forgetting our password. If we then also record the secret key in a shared vault, I think that would be total protection against forgetfulness?
The failure scenario there would be that, somehow, all of your 1PW devices disappeared. That’s far less likely to happen when it’s you and your wife’s shared account though.
As far as I know, 1PW does store the Secret Key within your iCloud profile.
Encrypted copies of your Secret Key are stored in your device backups and keychains to provide data loss protection. If you have iCloud Keychain turned on and lose your Mac, iPhone, or iPad, you can restore from a backup and unlock 1Password with just your account password. It’s the same for Android backups.
I suspect the ultimate use-case is dependent on the set-up you have. A recovery code would be very handy if you were in a family set-up (multiple users) and someone lost all login details, since a new recovery code can be generated by another user.
Realistically the folks in this forum are probably not the target audience for this function on our personal accounts.
As others have noted in this thread, at my work we’ve definitely had to recover a couple of staff accounts because people had never saved their master key and weren’t using 1password frequently enough to remember their password (a whole other issue!). Extending this functionality to other types of 1password user is probably sensible.
I will not be setting one up for my account. I have no need since I know my password and have the master key saved in case something bad happens.