Ensuring Digital Legacy Security with 1Password
Estimated 4 min read
How did I create impact?
I led the design of 1Password’s Legacy Access feature, enabling users to securely share wills and financial information with loved ones after death or incapacitation while preventing premature access.
This project drives product-led growth, expanding 1Password beyond password management and increasing family plan adoption.
My work helped our team win 1st place out of 40+ teams in a company-wide hackathon, securing a spot on the product roadmap.
What makes this case study unique?
This project stood out for its speed and impact—in just 3 days, I collaborated across time zones, rapidly designed a solution, and helped craft a winning pitch that earned 1st place and secured a spot on 1Password’s roadmap.
BACKGROUND
What is 1Password
1Password is a leading identity security platform that helps individuals, families, and businesses securely store and manage passwords, sensitive documents, and digital identities while ensuring secure and simplified access.
Problem Space
1Password lacks a solution for securely passing on critical information like wills and financial records after a user’s death or incapacitation, forcing families to rely on costly legal services or insecure sharing methods, often resulting in financial losses and unnecessary stress.
Key Insights
Without proper estate planning, families risk losing an average of $22,500 due to inaccessible assets.
Many 1Password users requested a secure way to share legacy information with loved ones, but feared premature access which could result in identity theft, financial losses and unnecessary stress
Some users avoided storing sensitive data in 1Password altogether, underutilizing its value as a security tool.
IDEATION
Design Questions
Legacy access is a complex, high-stakes problem—without a secure solution, users risk losing critical information or relying on unsafe alternatives. To build trust in 1Password and ensure users feel safe, here are the key design questions that guided our approach.
How might we balance security and usability to ensure that the a user's 1Password account is not prematurely accessed?
What safeguards can we put in place to ensure users feel safe using this feature?
DESIGN PROCESS
Designing for Cybersecurity
I collaborated closely with engineers and created this diagram to better understand how encrypted recovery keys could enable conditional access to sensitive information.
Key Terms
Encrypted Recovery Key: When Decrypted, used to unlock access to a 1Password Account
Legacy Key: Used to Decrypt a Recovery Key
Our Approach: A Three-Part Solution
We structured our design into three key areas to ensure security, usability, and peace of mind:
1. The Unlock Mechanism: Controlled, Conditional Access
New Legacy Key: A cryptographic key is shared with a designated person but remains inactive until unlock conditions are met.
Encrypted Recovery Key: This key is stored securely and is only released if the account remains inactive for a prolonged period.
Failsafes to Prevent Premature Access:
Owners receive multiple email notifications before access is granted.
The recovery process is only triggered if the owner does not respond.
2. Owner Experience: Giving Users Full Control
Designated Users Management: Account owners can add or remove trusted individuals anytime.
Flexible Inactivity Settings: Users can define and modify how long their account must remain inactive before recovery access is allowed.
Preemptive Alerts: Multiple email reminders notify owners before their inactivity period is reached.
3. Designated Person Experience: Secure, Step-by-Step Access
Clear Onboarding & Confirmation: The designated person is guided through the process to claim access only when criteria are met.
Time-locked Access: The designated person cannot access information before the inactivity period expires.
Final Ownership Check: If the owner is active, the request is denied to prevent unintended access.
Key Decisions
In response to the questions above, here's what we decided on.
Final Video Submission that won #1 in Hackathon!
The leadership team enjoyed this pitch so much that we officially secured a spot on the product roadmap~
~Learnings and Reflections
1. The Power of Technical Collaboration
Diving deep into encryption mechanics with engineers was crucial to designing a secure yet intuitive experience. Understanding how recovery keys function allowed me to create a solution that balances strong security measures with seamless usability, ensuring users feel both protected and in control.
2. Speed, Strategy, & Global Collaboration
Working across time zones in a fast-paced, 3-day hackathon pushed me to be proactive, aligning quickly with teammates to refine ideas and execute efficiently. Beyond design, I took the initiative to edit and coordinate the final video, leveraging AI tools to create a compelling pitch that ultimately secured 1st place.
3. Designing for High-Stakes, Complex Problems
Legacy access isn't just about sharing information—it's about trust, security, and peace of mind. Designing for such a sensitive topic required thoughtful UX decisions that prioritize control, transparency, and safeguards, ensuring users can pass on critical information with confidence.
That’s one win—let’s check out another!
