Last week, the LastPass password-manager service added a feature you don’t want to have to use: an “emergency access” option that lets you designate a trusted person to have access to your saved logins. That way, if you’re on a long (or permanent) offline vacation, refuse to leave the holodeck, or are otherwise unable to get at your data, your trusted person can.
By adding this kind of worst-case-scenario option, LastPass is catching up to its competitor, Dashlane, which added its own “emergency contacts” feature in July of 2014. But I will bet that most users of these services have yet to implement these new tools.
Neither of these emergency-access features exposes your master password to your backup person or to anybody else. Instead, each uses public-key cryptography to generate an extra key exclusively for your emergency contact — even LastPass and Dashlane themselves won’t know it (just as they don’t know your primary password).
By providing an extra route into your data, emergency access does slightly weaken your account’s security; Edward Snowden might not approve. At the same time, it’s not as bad as just handing out your password to other people. Both sites let you set a waiting period before emergency access activates, during which you can revoke this permission. And Dashlane lets emergency contacts only read saved passwords; they can’t edit them. Unless a state-level entity is after your data, adding an emergency contact seems a reasonable compromise.