What happens to your passwords after you die?
We’re living in the password era. Our passwords unlock important parts of our lives that would have to be addressed if a disaster happens – access to family financial records, bill paying, shopping, online services, email, and so much more.
LastPass Emergency Access provides a safe way for you to give a trusted family member or friend access to your LastPass Vault if you become incapacitated or die. If you’re a LastPass user, you might also be storing other types of confidential information in Secure Notes that your family would need access to – insurance info, a safe combination, bank PINs, or medical records.
To get started, open your LastPass Vault, click on Emergency Access on the left, and click the + Plus button in the lower right.
When you offer emergency access to someone you trust, they can request access to your LastPass Vault at any time. That’s done from the Emergency Access panel in their own LastPass Vault. (They’ll be invited to set up a free LastPass account if they don’t already have one.)
This is the clever part. Later, when your trusted friend requests access, LastPass sends you an email. Your trusted friend only gets access if you don’t respond within a set amount of time. (You pick the waiting period – as short as 3 hours, as long as a month.) If you decline, your vault stays completely private. No one gets access unless the waiting period goes by and you don’t respond.
Now if you’re immediately concerned that this might expose your secrets, then you will want to choose wisely. This is opt-in and optional. You’re trusting the people you choose to allow access and you’re trusting that you will be alert to notifications if they’re trying to gain access at the wrong time. Spouse, parent, child, sibling, friend: you have to trust them not to abuse this privilege and rummage through your passwords while you’re on vacation and out of touch.
An interesting side effect is that the Emergency Access also gives you a back door into your Vault if you ever forget your master password. It’s not a perfect answer but if the worst happens you could obtain access through the trusted friend’s account and recover the data in your Vault. LastPass calls it an “alternative account recovery feature.”
As always, LastPass has implemented this in a way that never exposes your confidential data to any risk of loss or hacking. LastPass uses complex encryption tricks to ensure that the company never has access to your master password or the data in your Vault. Your data is safe from hackers and safe from government demands because LastPass can’t decrypt it – period, full stop, end of story. In the same way, encryption magic makes it possible to give you emergency access to someone else’s Vault without ever giving the company access to the same data. The company provides some details about the security here. Here’s an example:
“When setting up Emergency Access, you are using the recipient’s public key, encrypting your vault key with that public key, and then LastPass stores that RSA-2048 encrypted data until it’s released after the waiting period you specify. Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you’re sharing it with, which is encrypted with their master password key.”
I have no idea what that means but it makes me feel happy inside. I’ve read many analyses of LastPass security by smart people who all conclude that LastPass is truly secure.
Emergency Access is a wonderful bonus for LastPass users. It’s yet another reason to store your passwords and important information in LastPass. Set up Emergency Access today!