Hi everyone, started realizing that people have important online credentials/docs that should be accessible to their family in case the someone passes away.
I’m using an individual 1P plan right now, so sharing the emergency kit (with the password on it) is probably one step of the process. Because all accounts are secured with 2FA via Authy. Couldn’t figure out how to share Authy, which makes the 1st step useless.
Wanted to hear how have you all set up for something like this?
PS: Don’t use 2FA via the password manager, to avoid putting all eggs in one basket
That’s a really good question - regarding your PS comment, I think you are saying don’t have a single point of failure and that storing everything in the password manager is a single point of failure. However, if you have a password manager with your passwords and Authy (on a single device) then you do have two single points of failure (Authy and the emergency kit)
I think the 1P subscription model (relying on 1P to ensure your account data is backed up and not subject to a single point of failure in their systems) and/or a local vault (which sounds like support is disappearing) with multiple backups would be possible.
One possibility would be to somehow get the secret codes out of Authy and stored somewhere securely. I just checked 1P and the secret codes are there, so perhaps those codes would be sufficient to enable 2FA on another device with just the codes.
The problem with Authy is they don’t give you access to the “secret”, so the only way you can recover is to reset the 2FA and note the “secret” when you do it. A good watch:
For that reason I keep 2FA within 1Password, where you can recover the “secret” when you look at 2FA in URL mode. Using these secrets I have setup a backup 2FA code app using Microsoft Authenticator (which I need for work Office 365). The password for Authenticator again sits in 1Password (accessible via Emergency Kit)
Have a shared vault and put everything in there so spouse can access any day anytime. Put ONLY work related in non shared work vault. So your spouse cannot access it.
I’ve moved my 2FA into 1P as well.
Separate would be better, but at least now my wife has access to that as well in case of emergencies
She has ccess to everything already as part of the shared vaults btw.
I found that for non-techies it’s best to keep it simple, so why use 2 solutions when 1 would do.
@tjluoma Ha! that was exactly my setup until very recent (swap Authy with Microsoft Authenticator)
@JKoopmans +1 for shared vault with immediate family (but only for essentials (incl my 1Password OTP). I would not like to bother my wife with 900+ records she would not touch in a lifetime).
I also have other vaults for travel, work, clients, with my assistant, clubs and with 3rd parties/wider family, that I would like to keep separate for obvious reasons.
The current 1Password saga just shows things do not always go the way you would like, also the 2FA video I posted above made me rethink my strategy, so I started exploring options a bit.
I now have a copy of my setup in 2nd PW manager. Was an easy export/import exercise. I chose Minimalist as it works well in the Apple ecosystem MacOS, iOS + iCloud sync.
Only one week in now, but well worth the lifetime purchase (no subscription needed). Tested with 10 passwords for free and then jumped in. Not saying I will leave 1Password, as it served and serves me well, but I won’t be upgrading to version 8 soon.
Then decided to have a copy of 2FA codes in Authenticator, which was a on-time setup of copying secrets. Bit of a hassle, but MacOS handoff worked well.
Another simple strategy I’m thinking is to just configure my email account to be accessible to my family via google’s inactive account manager. That way, they can reset password to all my accounts.
@andy4222 the problem with Authy is that you can’t retrieve the secret. It’s with them and you can’t get it out. You will have to disable and re-enable 2FA on the website and manually capture the secret if you want to get hold of it.
What I did is a 1PW export and Minimalist import. Secrets are available in 1PW by editing the record and change the 2FA field into the URL from which you can extract the secret to use in your alternative 2FA manager.
Call it a professional quirk, but I think in redundancies for critical things like secret management, data backup, access control etc. I just want to have an alternative solution I control in case any of the critical apps using my data gets compromised or goes in a direction I don’t like. By having a spare setup I can pull the plug and nuke it and move on with little impact. Only inconvenience is to once in a while sync the accounts.
