> I don't trust password wallet services ass they all seem to want to do the enryption server side with a reset-able password which really means they have the master password not you
None of the popular password managers work this way.
> Recovery Groups
One of the most powerful capabilities that a team administrator has is
the power to assign members to the team’s Recovery Group. In most
configurations the assignment is automatic and Owners, Organizers, and Administrators will automatically be made members of the Recovery Group. In 1Password Families there is no ability to separate the roles of Owner, Administrator, and Recovery Group member; they are all wrapped up as “Organizer.” With 1Password Teams Administrators are given more control, but not all of the underlying flexibility may be exposed to the user.17 17We discovered during our beta testing that it was difficult to make the distinction between Owners, Administrators, vault Managers, and Recovery Group members clear enough for those distinctions to be sufficiently useful. This document describes recovery in terms of the Recovery Group even when the group is not exposed to the Team administrator in those terms.
> Implicit sharing
When a vault is created, a copy of the vault key is encrypted with the
public key of the Recovery Group. The members of the Recovery Group
are able to decrypt the private key of the Recovery Group. Thus from an
exclusively cryptographic point of view the members of the Recovery
Group have access to all of the vaults. Recovery Group members never have the ability to learn anyone’s account password, Secret Key, Account Unlock Key (AUK), or SRP-𝑥. Recovery is recovery of the vault keys; it is not recovery of account passwords nor Secret Keys.
Exactly: 1Password doesn’t have the keys. Recovery works because the vaults are encrypted with the keys of everyone in the recovery group. No “server side” encryption instead of end-to-end.
None of the popular password managers work this way.