Blog
Recent
bg
Tips And Tricks

[How-To] LastPass Emergency Access

Amber SteelJanuary 22, 2016
[How-To] LastPass Emergency Access
Preparing for the unexpected, or the inevitable, is never comfortable or easy. But for the sake of our loved ones and those who depend on us, thinking ahead to what they need should something happen to us is essential. And with all that we do online these days to manage our lives, it’s critical that we think ahead about the accounts and logins that others would need in order to carry out our final wishes and manage day-to-day life in our absence. If something were to happen to you, would the people who depend on you have the passwords they need? Do you worry about your partner, spouse, family or friends not having access to important accounts, like paying bills or the mortgage, and being able to manage your digital legacy?

Secure your digital will with Emergency Access

LastPass Emergency Access now provides you with an easy way to give others the passwords and logins they'd need to manage accounts on your behalf after an unexpected emergency or death. With Emergency Access, you can prepare for the unexpected and ensure your loved ones don't get locked out of important accounts. In the event of an emergency or crisis, your designated Emergency Access contact(s) can request access to your account and securely receive the passwords and notes stored in your vault. Emergency Access-1You decide how much time should pass before they're given access once they request it, and you can decline their request to access your vault if it's requested before it should be. Emergency Access can also be used as an alternative account recovery feature, if you worry about ever forgetting your master password and want to ensure you have a backup way of recovering your vault.

Enabling Emergency Access

Adding someone as an Emergency Access contact requires that they have a LastPass account. This is due to the way that the encryption and security work. LastPass never wants to have access to a user’s vault, so having your Emergency Access contact create an account allows the secure encryption keys to be generated without passing that data to LastPass. Emergency_Access-set_time If your contact does not yet have a LastPass account, we will help you send them an invitation for them to join LastPass, so that you can then add them as an Emergency Access contact. Open the LastPass Vault, and click the Emergency Access icon from the left-hand menu. In the Emergency Access center, under the "People I Trust" tab, you can designate a new Emergency Access contact. Enter their email address and select the wait period between when they request access and when they will be granted access to your vault. The status of their invitation will show next to their name.

Managing Emergency AccessPeople_I_Trust-revoke-576x1024

You can add or remove anyone in your Emergency Access contact(s) at any time from your vault, and adjust the waiting period if needed. You can also remove yourself as someone else's Emergency Access contact at any time. Open the LastPass Vault, and in the left-hand menu select the Emergency Access icon. In the Emergency Access center you can manage "People I Trust" and "People Who Trust Me". Under "People I Trust" are any contacts to whom you have granted Emergency Access to your vault, and the status of their invitation as well as their designated wait period. You can remove or add contacts at any time, or adjust their wait time settings. Under "People Who Trust Me" is any user who has designated you as an Emergency Access contact for their LastPass account. You can remove yourself as an Emergency Access contact at any time.

Requesting Emergency Access

Requesting Emergency Access is straightforward, but should only be done in the case of a true emergency. If you simply want to share logins with another user, check out our Shared Family Folder feature instead. Emergency Access is only intended to be used after an unexpected event that would require you to actually manage and control someone’s vault, rather than just share passwords, so it merits careful consideration before being activated. Emergency_Access-Request Currently, Emergency Access must be requested from your LastPass vault. You can only request Emergency Access if you've been invited as a trusted Emergency Access contact and have accepted the invite. Access will only be granted once access is requested and the pre-designated waiting time period has passed. This time period cannot be changed except by the original account owner, and cannot be adjusted once Emergency Access has been requested. Open the LastPass Vault, and in the left-hand menu select the Emergency Access icon. In "People Who Trust Me", hover over the name of the user who's vault you need to request access to. Tap the "Request Access" option and the process will be initiated. Once access is granted, their vault will appear as a folder in your own vault, labeled with their account email address.

How is Emergency Access secure?

When you set up Emergency Access, your vault is encrypted locally and then synced with LastPass. LastPass stores the encrypted data until it’s released after the waiting period you specify, and only the Emergency Access contact has the key to be able to decrypt and access your vault. It’s inaccessible to LastPass, and to other outside parties. LastPass uses public-private key cryptography with RSA-2048 to allow users to share the key to their vault with trusted parties, without ever passing that information in an unencrypted format to LastPass. When Emergency Access is activated, each user has a pair of cryptographic keys – a public key to allow others to encrypt data for the user, and a private key that allows the user to decrypt the data that others have encrypted for them. On user A's device, we create a public/private key pair. User A's device encrypts the private key before sending it to the server, which means we can't get to that data. So we have the encrypted private key, but not the key itself. Then, when you set up user B as your Emergency Access contact, you are sent user B's public key, and encrypt user A's data with user B's public key. LastPass stores that RSA-2048 encrypted data until it’s released after the waiting period you specify. User B then needs to decrypt the private key to use it to access the info. This is how we are able to maintain our zero-knowledge paradigm for Emergency Access and keep it completely secure. Only the recipient can decrypt the data, so no one else can decrypt it without access to the private key of the recipient you’re sharing it with, which is encrypted with their master password key. This process is completely automated, with no action required by the end user, and ensures that the data is inaccessible by LastPass or outside parties.

Take action today!

The 30 seconds it takes to set up Emergency Access is more than worth the pain and headache it will spare your loved ones. By thinking through who would need access to your vault should something happen to you and setting up Emergency Access in advance, you’re taking a critical step to ensure that your loved ones can not only carry out your final wishes, but can also manage day-to-day life in your absence.