I was approached recently by friend requesting some help with a very difficult situation. A member of their family had sadly passed away. The deceased was a husband and father of two young children. My friend was trying to assist the wife of the deceased with various financial issues that arise when a someone passes away. The issue was they had no knowledge or access to any of the accounts and passwords for just about everything.
The husband was an IT Security professional and like all pro’s he used a password database with randomly generated separate passwords for all the accounts. The problem was he didn’t appear to have left the master key to his password database with any of the family members, it died with him. My friends request for help was to see if I could assist with cracking the password database or see if the developers of the application had a master secret or password recovery mechanism. Once I realized the application was 1password I knew it was game over.
I’ve been using 1password myself for a few years now. I chose it because I’ts a cross platform application database and can be stored locally and if you wish, synchronized with cloud storage like Dropbox and iCloud. Should you choose to sync with a cloud storage provider your database files are not internet accessible by anyone, only devices that you choose i.e an application on your computer, tablet or phone etc. The application that synchronizes with the cloud storage is usually also encrypted. In any case you always open the password vault locally so your password is entered into the application to open the vault.
The 1password database is encrypted with AES256 symmetric key encryption. Assuming you have a fairly long and complex password it would take an incomprehensible amount of time to brute force. Even with today’s super computers. 1Password does not have any ability to unlock your database should you loose your master key (password). Its not just difficult, its impossible. I’m sure that will also be the case for other password database applications.
It took the wife of the deceased many stressful weeks to gain access to critical accounts such as life insurance etc. She was listed on the policy’s and accounts but one of the challenges was trying to ascertain which organisations they were held with. It must have been an nightmare for her.
Plan for the worst
My wife also uses 1password, we have each others partial 1password key’s (we still have to manually enter additional characters to complete the key) stored in each of our own vault. Should something happen to either of us we would be able to gain access to each other’s vault.
If you use a password database / manager please be sure a family member knows how to access it, especially in an emergency. Its becoming more unusual these days to receive printed hard copy’s of insurance policies and bank accounts etc. We have a single page print out of the important accounts with the policy numbers. The credentials to access those accounts remain safely tucked away in our 1password databases that we both have access too.
Remember that if you use a cloud storage provider to sync your vault with be sure that you also share the credentials to access that too. Should a family member need access to your 1password database and its stored on cloud storage how will they access it? As 1password is cross platform I use it on my iphone, laptop and home workstation. My wife has the logon credentials to all of those devices in her own 1password database.
Interestingly 1password have released a new product called 1password or families. You can share password vaults with family members. I’ll be looking into possibly migrating to this product in the near future.