We created 1Password Teams to solve long-standing challenges faced by businesses who need to protect their sensitive information. In this series of posts we’ll be exploring 1Password Teams and features that make it uniquely suited to these challenges. This first entry is all about account recovery, how we use it, and how to make a recovery plan.
Everyone forgets their passwords
1Password Teams is protected by a suite of encryption methods, all of which are secured with your Master Password and your Secret Key.
We can’t reset your keys, and we’re proud of it. Any responsible password manager should be able to say the same. But it can be hard to appreciate this fact on the day your Senior Vice President gets locked out of 1Password because she forgot her password.
And there’s good chance she will. In fact, it’s not a matter of if, but when. A 2011 survey found that 41% of people forget at least one password each and every month. That’s a problem that no amount of encryption can solve.
Early on in the development of 1Password Teams, we gave ourselves a challenge: how can we help teams with forgotten passwords without offering an unsafe password reset feature? Our solution was the feature which we now call account recovery.
Zero knowledge, zero headache
Most services allow users to reset their own passwords. But if you can change your password just by visiting a website and typing in your email address, it means that someone else–the service provider–has access to your encryption keys. At that point, you’re no longer trusting encryption to safeguard your information; you’re trusting other people.
We have a zero knowledge policy, so we never have access to your encryption keys. It’s too risky when your confidential information is at stake. So instead of offering a password reset, our solution is to place the power of account recovery where it belongs: with your team.
With account recovery, if one of your team members gets locked out, you can restore their access within a matter of minutes. It all happens without ever sending encryption keys outside of your team.
Account recovery in action
After a hectic company getaway, Jeff tries to sign in to 1Password one morning but realizes he can’t remember his Master Password. Luckily, Dave is another admin on the AgileBits team. As long as Dave is able to access his own account, he can help out Jeff:
- Jeff sends a message to Dave in Slack and confesses his mistake.
- Dave signs in to 1Password, and initiates account recovery for Jeff.
- Seconds later, Jeff receives an email from 1Password. He follows a link to create a new Master Password receive a new Secret Key.
- Dave gets notified to complete the recovery process.
From that point forward, Jeff can access his account. All his data is still there, just as he left it. All he has to do is sign in to 1Password with his new Master Password and Secret Key. Jeff prints out his new Emergency Kit, and thanks his lucky stars that his team had the foresight to add a recovery process to 1Password.
Best practices for account recovery
Account recovery is a lifesaver, but only if you take some time to create a recovery plan in advance:
- Have multiple admins. If you’re the only person who can recover accounts, you’re the weak link. If you forget your own password, your whole team needs to start over. Avoid the embarrassment and add at least one other person to the Admin group as soon as possible. Learn how to edit member permissions and groups.
- Tell your team members who to contact if they ever lose access. Designate a channel outside of 1Password, like Slack or an email address, for making recovery requests.
- Upgrade to the Pro plan. With the Pro plan, you can give additional people recovery permissions without making them admins.
- Read our recovery guide. If a team member needs your help to recover their account, you can both follow our recovery guide.
And if you don’t have 1Password Teams, now’s a good time to get started. Encourage safer password habits in your workplace and sign up for a 30-day free trial today.