Emergency access
Many password managers offer an Emergency Access feature whereby in the event of something happening to you a family member/trusted friend can gain access to your password vaults. Once you set them up, they can request access. if you do not reject access in whatever number of days you specify, then they gain access. This is a nice assurance that a family member can access your info if something happens to you without having to share your login info with them now.
-
François commented
What about doing a Shamir Secret Sharing keys set to do an emergency recovery (or a legacy access :/ ) ? I know Cozy Cloud has done such research on legacy protocols using Shamir Secret Sharing ...
-
megaladon commented
This feature is very important. Bitwarden implements it but in not in a user friendly way. If you implement it please make it less clunky as it might be someone's 90 year old grandm setting it up with their grandson, for example.
-
Buzzeger5 commented
There could be a "heartbeat" functionality for E.A.:
But I also have another complementing idea: Emergency Contact.Where the owner of the account/vault, has to keep responding heartbeat prompts, to keep Emergency Contact / Access from being activated with the pre-configured trusted person/account.
The system could monitor hearbeat prompt response times and construct a graph.
This would be the basis to calculate gradual delays in response times.
The user could define conditions how when and how certain actions such as Emergency Contact and Emergency Access happen.
One of the conditions/rules would cover at what threshold or gradual fading of response times to heartbeat prompts moment E.C. is activated with the trusted person.
E.C. would let trusted person a headsup (email, notification, SMS, depending on config) to check up on the user, "are you okay?".
The user could then define conditions (within reason) how E.A. is activated, for example after how many missed heartbeat prompts, and/or the time after a missed heartbeat, and other sensible and practical, but with some hard limits to this configuration, eventually E.A. would be activated.However, I think this would just start the E.A. process, not yet activate it for the trusted person. I think for security/fraud/spam prevention, it may (though privacy?) perhaps first be alerted to Proton Staff or Systems, which would then continue to do various checks (for suspicious activity, security measures), perhaps send a final super-heartbeat prompt to the user (hardcoded, can't be disabled), email, sms, notifications, wait for a final ... hour, minutes? If no response then the trusted person would be attempted to establish contact, under which the trusted person would still need to go through yet more verification, 2FA, perhaps even phone call, and once the trusted user completes all of the (probably, or semi) automated procedures, Proton Staff would then perhaps manually verify all-checks-clear and trigger master confirmation to activate E.A. for the trusted person.
Question is whether Proton has staff on hand on sundays for this if some manual process is preferred, perhaps this would be only top tier function.
There could concieveably be many different such methods of how E.A. is activated if Proton wishes to implement.
-
Julian commented
Seems to be in the roadmap for Winter/Spring now!
https://proton.me/blog/proton-pass-roadmap-winter-spring
> Give family or friends emergency access to your vaults
> In the event that you’re not able to access Proton Pass or someone else needs to access your account, you’ll be able to grant emergency access to a specific, designated user. This can be helpful in an emergency situation where a loved one or friend needs access to the information you’ve stored in your Proton Pass account.
-
Andrew Young commented
Essential feature before I'd consider moving away from Bitwarden.
-
proton_evol commented
It is impossible for me to upgrade to Proton Pass without this feature. For now I will continue to use Bitwarden to secure access to my passwords.
-
Mark Garrett commented
Some are saying this isn't possible, but I think it could be done. This is how I see it working.
Setup:
1. Target user picks another Proton user be their Emergency Access user.
2. Target user picks enters the amount of time they want the delay period to override the access to last.
3. Target user enters their Proton password
4. Target user's Proton client downloads Emergency access user's public key
5. Target user's Proton client encrypts the Target user's password (or some other secret that can be used to decrypt the content of the Target users account) with Emergency access user's public key.
6. Cypher text of the Target user's Proton Password is uploaded to Proton's servers, but target user is not given authorization to access the password.Usage:
1. Emergency Access user requests access
2. Either Target user rejects the request, or the delay period elapses (and we stop here)
3. Emergency Access user is granted access to Target User's account
4. Emergency Access user's proton client downloads the cypher text of the Target user's password (or other secret)
5. Emergency Access user's proton client decrypts the Target user's password/secret locally
6. Target user's Proton login info is added to Emergency Access user's Proton PassCaveats:
* If Emergency Access obtains access to Protons servers by other means (They work at Proton or they hack Proton), they potentially could obtain access to Target user without the delay period elapsing.
* This doesn’t explain how to handle 2fa. -
Jo commented
It's primordial for me and my business if I pass away.
-
Rwd commented
A very important feature as nobody knows when his/her life ends.
A bit of planning ahead does not harm. -
sampling_trekker380 commented
I understand the idea but this will introduce a backdoor into Proton.
What could be a solution though is something like 1 Password is doing.
On the one hand they have something called emergency kit which is basically a PDF with your password and your recovery key.
This could be kept (printed form) in a safe at your home or maybe at the bank. https://support.1password.com/emergency-kit/On the other hand, they have "Family Managers" which can hold a recovery key of the family members. But those essentially become the Master accounts of multiple other accounts and this can create a vulnerability. It's not a very big deal for most people though.
https://support.1password.com/family-organizer/#add-or-remove-a-family-organizer
https://support.1password.com/family-recovery-plan/ -
Pharaoh commented
A legacy account that's only accessible through certain things like yubi key, authentication app or even something like an RSA SecurID. Two of these can be placed in a lock box and when used should either access specific allowed information or wipe all information from the account.
-
Roger Stube commented
For those of us not getting any younger this is a critical feature!
-
Zazuo commented
Yes. This + YubiKey support are the only critical missing features. There are other important things but this is essential!
-
gk23vj5 commented
This + Yubikey is why I'm still on Bitwarden. I think this is important.
-
Julio commented
The same way vaults can be share they can be delay-shared, just extra step to confirm/deny access, this feature would be amazing
-
Jamaladinho commented
Any updates on that one? I am not sure whether this would really undermine the security model, as I am not an expert. However, it seems other providers like Bitwarden, which I at least think are rather serious and reliable, are somehow able to offer this feature.
-
P commented
Essential feature for me, to fully adopt proton pass. With so many things only available digitally, a digital will becomes necessary, to ensure my family can access details if/when something happens.
-
A commented
Can't be done securely. This would require either proton to know your encryption keys, or you to encrypt the shared data to the recipient's keys ahead of time and have proton escrow that, neither of which are desirable under proton's security model.
-
JWF commented
This should not be a Proton Pass-specific feature, but instead something for Proton Accounts. I forget its exact name, but Google has a similar feature to designate a digital caretaker for your account in the event something happens to you unexpectedly. There are configurable choices about how someone could receive access and what data they would have access to.
Something like this for the entire Proton Account would be more useful than Proton Pass alone. I have the same concern for my passwords as I do my Calendar and my Drive.
-
Lance Moore commented
Secure shared access in case of emergency is hugely important. My trusted friends need to be able to access my accounts and pay my bills, etc., when the time comes. I really don't want to email my info to them. :-( or put it on a piece of paper.