If you are preparing for accidents where memory loss might be an issue you might also want to consider that you could quickly be in a situation where:
* you forget that you have a clever password scheme
* you forget that you have data to decrypt
* your mental capacities are deteriorated enough that someone else takes over decisions making for you. This person may not know you or your data protection scheme.
* you are physically injured where biometrics are non functional
* you were in an incident that your friends/family were also affected by
In my opinion, the best way to protect against these is simply write stuff down in plaintext somewhere that relies on physical security, like with documents in your home. Also notate what they are and why someone would need to access them and how.
Start treating the Future-You like a Stranger. Write for that stranger, your Future-You will thank you. We think we will remember, but we won’t. So, don’t be too harsh on yourself and make it easier for your future-you. If that stranger finds it easier, it will also be for others; your relatives, kids, etc.
Unless your work and life need to be very secretive, or involve matters of national or international importance, I personally think a simpler printed/written format that works without electronics/Internet would be a better option. Of course, the printed details can have simple encryption, which your family/friends can break using day-to-day quirks you shared, such as the family secret codes, the name of that pet in the town you grew up in, or the middle name from the story of your great-grandfather, etc.
Some time ago, my mother-in-law (erstwhile teacher) and my godmother-aunty (businesswoman) began to forget many things. Their kids have tried quite a few phone apps and whatnot with electronics. Finally, I have suggested enforcing just two things: a lot of Valet bowls around the house (at common places in all the rooms) and pocket notebooks with pens attached. They just write anything and everything, from money to kitchen items to anything they want. If they forgot something, refer to the notebooks. If a key is lost, try the Valet Bowl. Now, my plan is to train their muscle memory to drop/pick from the bowl (don’t try to remember) and write things down.
The idea of Valet Bowls comes from something someone mentioned on Hacker News.
(Funny how I can remember this comment from many months ago after never implementing the bowls, but I currently can’t remember where my car keys are. Should have implemented the bowls…)
Oh God, Yes. Now, in my favorited posts and comments.
For keys, there is only one place: the Keyholder wall-mounted near the main door, while still visible from the main Hall. Not easy to pick and go by “guests” without being seen by someone, but easy for residents to just walk out with one. I got the exact same ones from Amazon and wall-mounted them in all the homes where I serve as Printer-Repair Guy. 10+ years, I kinda have trained every family member’s muscle memory, “Keys go there and only there.” ;-)
Add/Edit: I also have a sticker I printed stuck to the Keyholder, in Monica’s words from Friends, “Got the Keys?”
5 out of 7 means you cannot be in an eg. car accident with more than 2 of them at a time, if there is the possibility of all of them present in the car not surviving.
Im also quite more practical - there are responsabilities that may go beyond a simple memory loss - eg. If one is in a coma or just hospitalized for a long period of time; trusted third parties may require access to your accounts even for simple stuff like paying bills/rent/cloud services.
Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
This is what I do too, but be warned about “fire proof” - a fire that results in the total loss of your house will create enough heat for enough time that fireproof gun safes and smaller fireproof lockboxes will be destroyed, or even if not, their contents will get hot enough to combust anyway.
A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses.
It’s probably not practical to really be robust against fire without being buried several feet deep.
While the fire resulted in the total loss of the house it was actually the water from the fire department not the heat that did proportionally more damage.
As a mental model you shouldn’t think of it as “what if my house burns down?” so much as “what if nice strangers roll up to my windows and chainsaw through my roof and spray 50,000 gallons of water in here?”
Yes everything in the mechanical room melted but everything in the rest of the house got hot, smoky, soaked and then moldy.
For root of trust materiel like social security cards, cash, passports put in a ziplock bag in a fireproof, waterproof safe. But for other storage I use clear “Ezy Storage” brand stackable 50L tubs labeled with Homebox QR codes. In the US, Target and Home Depot frequently stock them. I am very anti black and yellow tubs.
The majority of work post-fire goes to itemizing your house inventory for insurance. Even cataloging all your bathroom’s soaps by brand name rather than generic can make $100 difference. Multiply that by 500x different things.
From a threat model perspective I look at rooms from a “what would be salvageable in here if I emptied a swimming pool’s worth of water from some fire sprinklers”. Furniture and TVs are easy to replace. Other stuff less so.
We did that with major hail damage a few years ago. I learned that in a disaster, you should count on everything being junk, and you're lucky if you can salvage anything. We also learned the value of itemized lists.
1500/piece for 20 junk windows I was building a greenhouse with that I dug out of the trash the year before. $250 for a bird feeder because they couldn't find one outside of specialty stores. $40k instead of 10k for a new roof on the shed because it was heavier gauge metal than standard.
Exact replacements can be expensive, but you need to make sure your insurance has 100% replacement instead of adjusted for age or like-kind replacements.
After that experience, we itemized EVERYTHING in the house with make, model, serial number, and color. It was a bitch to get set up, but took the value of our home contents from around 75k to over 250k for exact replacements.
Copies of these records along with our master password for our keepass database are in two bank deposit boxes about 45 minutes apart. For $50/year we can sleep easy.
We have keys. In the event those are lost or destroyed, they will provide access to an approved list of individuals and drill the lock for $40.
Also they're small town banks, so that makes it easier as well. We don't really need to worry about providing ID, but if we did and couldn't access ID or something like that, we have four other people listed with access, one of which lives hours away in case of a disaster impacting everyone else on the list. They don't have keys but could get into it for us. So for a few hundred dollars, we're set and insured for the declared value of the contents of the boxes (250k max for another $15/year) if the banks are both destroyed as well!
In general, identity (the bank checking who you are) is often involved in regular unlocking and there will be an identity-only recovery procedure that will work even if you lose your usual credential (key, passcode, card, whatever). This may involve drilling a lock and the bill for that.
Bank vault can be key+combination (eg three letters) or dual key or others. For example in a dual key: one key from the bank and one key being your own key.
If a key is lost, you go and prove your identity (easier if any bank employee is familiar with you) and ask for a new key. A date is set and a locksmith shall come, you are next to him and next to the bank employee while he uses the bank's key and lockpicks your lock. Then he configures it for a new key (or replace the lock).
It's cost you something like $300 or whatever.
Source: been next to locksmith opening a bank vault, twice, in two different countries. Once for a bank belonging to a deceased family member (we had the key but not the three-letters combination) and once not because I lost my key but because the bank's lock (on my vault) went defective.
So it's not "my key from the my vault at the bank melted during a housefire, so I can never access my vault at the bank anymore" nor is it "I forgot my three-letters combination, so until the end of the universe that bank vault shall stay locked".
My insurance agent has recommended that once a year or so I carefully walk through the house with a video recorder, opening every cabinet and drawer and tool box and so on. It's easier than constructing a detailed inventory, but gives you the raw data you need to construct one in the unlikely even that you need it.
As to why they're against them, I don't know their reason, but there used to be only one size of tote. There there was big and small. And then, for some fxcking reason, they decided to make ones that were roughly as big as the big ones. Just enough that you have to take half a second to re-eyeball-ruler measure them. But in isolation, if you've got one in front of you, you can't know if it'll tetris properly with another one until they're side-by-side and it turns out they're not.
Is there a better class of safe one could use that might be more successful even if not a guarantee? F/e even with a safe deposit box, one might still have some lower-tier items that would be impractical to store in one but you might want to do better than just out in the open.
In December 2025, items worth an estimated €30 million were stolen from a Sparkasse bank in the Gelsenkirchen suburb of Buer, Germany. The thieves used a large drill to break into the bank's underground vault and proceeded to crack over 3,000 safe deposit boxes.
Don’t need events that extreme. Regular branch banks have stuff go missing from the safety deposit boxes shockingly regularly. The locks aren’t particularly secure and various people are able to access them. It can be hard to find articles about them because they don’t make the news like the more remarkable incidents do. Examples of boring security box failures (but that were noteworthy in other ways so they did make the news): Jennifer Morsch, Roberta Glassman, Lianna Sarabekyan (multiple customers affected), Philip Poniz, Wells Fargo in Cape Coral FL, Wells Fargo Katy TX (many customers affected, blamed on road construction down the street), lots of individual stories where banks just totally stopped following their own procedures on ID checking and logging.
The vast majority of these don’t make the news because there’s no proof there was even anything inside the box in the first place so anyone could be lying.
> Mr. Pluard, who tracks legal filings and news reports, estimates that around 33,000 boxes a year are harmed by accidents, natural disasters and thefts.
> Oddly, the bank returned to him five watches that weren’t his. “They were the wrong color, the wrong size — totally different than what I had,” Mr. Poniz said. “I had no idea where they came from.”
> Regular branch banks have stuff go missing from the safety deposit boxes shockingly regularly. The locks aren’t particularly secure and various people are able to access them.
My late wife had a safe deposit box in the Almaden Valley (San Jose) branch of US Bank. Her key to the box was nowhere to be found. So I had to get the box drilled open.
This would normally require a hefty fee. But the branch was moving to a new location, so they invited customers to make an appointment to show up a Saturday with proper ID for a lock drilling party.
I showed my ID and the death certificate, and we went into the safe to have the lock drilled.
But there was no real drilling involved. The locksmith had a little handheld gadget that she pushed into the lock, gave it a little twist, and the door came right open.
The ironic part? All that was in there were a few pieces of costume jewelry, worth maybe $50 in total.
She was paying more than that per year for the box rental, and if I'd had to pay for the "drilling" it would probably be more than that.
Sure... if you don't have a spouse, leave it with a sibling. I put my Bitcoin key in my brother's safe. And if you don't have a sibling or parent or best friend, you can usually rent a locker at a bank.
Only thing about safe deposit boxes - make sure that things needed in the event of your death, especially your will, are not there.
The bank will seal the box as soon as they discover you are dead, and require a court order. Without a will, the executor will be whatever statutory person your state calls for.
A real innovation from the Bitcoin world! There are several physical password store systems that they have suggested for this kind of use case. The simplest is basically using a nail to punch out a password onto a piece of sheet metal.
do you store stuff in a bank? could you tell me more about it? my account gives me access to one for free and been meaning to put a yubikey there for a while but never have
What if you RAID01 it, so you have four safety deposit boxes, two with the first half of your password, two with the second half of your password? Then no snoop at a particular bank would be able to get your password, but also if one or two go missing, the password won't be lost. And you just check all four boxes once or twice a year to make sure everything is good.
My (large) bank is yanking their safety deposit boxes out. They let subscribers know that they have, like, 1 or 2 years to go. They're doing it across the branches. They basically feel it's not worth the liability any more, and the way it was presented to me, it's not just them, but other banks are also doing (or at least considering) this.
Things we take for granted. When my father passed, I was digging stuff out of SDBs that he had for decades.
Maybe not safe for valuables. What about stuff that has no value to anyone else? I'm not a villain from Ocean's Eleven, no one is stealing my passwords to break into my elaborate safe.
What I found out when I was burgled, was that they don't care. I had nothing valuable in my firesafe but they still took it wholesale. I found some papers from it drifting around outside afterwards like they had dumped it out. But not my passport or SSN card. The lock was even broken so they could have just opened it to see that and saved themselves the lift. But again, they don't care.
I do. I have a small safe deposit box in my local branch for about $1 a year.
It's great if you want to store some documents. But don't expect _real_ security. It's guarded by a minimum-wage employee, and the keys are usually laughably insecure. Banks know this, so they cap their liability for the loss of the deposit box at around $1000.
So don't even think about storing gold bars there, like they do in movies.
There _are_ companies that provide safe storage for high-value items, but they are pretty exotic.
Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)
Apple has this thing called Legacy Contact which allows the same but then built in to the whole Apple account. This includes devices as well as the iCloud ~~and attached keychains. Granted, it is another hoop to jump through compared to presharing keys with each other.~~
It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”.
Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain…
I didn't know about bit warden doing this until today! I definitely have to look closer into it, been using 1password for more than a decade and I keep being disappointed. I'd definitely like off-sourcing this to someone instead of building it myself
this is honestly a very pragmatic solution. the amount of life-long relationships i've seen vanish overnight has got me to reconsider my choices when it comes to single points of failure.
I like the idea of the lawyer, unlike normal people, they like sticking to their promises.
I've broken into Physical Safes using nothing more than a drill with a half inch bit (I was young and didn't want to drag myself to harbor freight to sacrifice a more suitable tool). Enough boreholes and I had access.
In hindsight, looking harder for the key would probably have been fruitful.
Nothing says you cannot trivially encode the paper password. Those in the know understand that you need to append “BoomShakalaka”, replace “A” with “Q”, or some other super simple modification to what is recorded.
Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.
If you add an explicit reminder to check the email where you explained the modification, then the idea seems solid. Tough at that point put half the password on paper and send the other half to a whole bunch of trusted people.
I've thought about making a "word search" and embedding the passphrase in it using a pattern (e.g., a subset of a Knight's tour, a space-filling curve overlay, or some other sampling algorithm).
In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.
sometimes simpler is the best. I am always on the move so vaults don't jive well with me. my concern would be for something to still happen to it, too. I'm trying to go by the principle of not putting all my eggs on one basket.
The "lost my memory" scenario differs a bit from death/succession planning in that you can use biometrics... but IMO it's better to jump straight to the latter and concuss two birds with one stone.
Interesting approach. I like that this is explicit about human recovery rather than pretending crypto alone solves catastrophe.
That said, this design and fully stateless systems like mine (deterministic derivation, no escrow) are solving opposite failure modes. Shamir-based social recovery assumes:
trusted third parties remain reachable,
they are willing and able to cooperate,
and that recovery is an exceptional event.
Stateless systems assume the inverse:
no one can be relied on,
recovery is impossible by design,
and the primary threat is silent compromise rather than lockout.
Neither is “better” universally; they’re value judgments. What I appreciate here is that the tradeoffs are made explicit instead of buried behind UX.
One open question I’d be curious about: how you reason about coercion risk over time (friends change, incentives change), and whether you see this as something users should periodically re-shard as relationships evolve.
thanks for your thorough review and congrats on your launch!
for my personal use case, I'm not worried about coercion, but many have highlighted it as a real risk. my answer to that is to do what you suggest: update my contact list yearly, send new ZIP files with bundles, and ask them to delete the previous ones.
no way!!!! I searched for a long time for a solution like this, many could encrypt using shamir but none took an actual file with browser upload and easy UX. and like, 14 years ago? my hats down to you my friend.
my zip bundles are 1-2 megabytes due to all the wasm, and you achieved this on so little. impressive job!
I'd love to hear what you think about mine, one of the differences is that it creates a ZIP file containing the recovery app in it, as well as a PDF with instructions for non-technical friends. Overall trying to make the recovery experience as smooth as possible.
but cheers, your version is the only one that I found that does basically what mine does, all the others fall short one way or another!
I agree with the sentiment, and the specific wording of your comment made me want to link to the classic bash.org quote[0] which has consistently been in the top 5 for a long time, but I just learned that we lost bash.org... :(
Ah, I actually did something similar years ago. I basically hashed individual pages of my wiki and I think I published the hash of hashes on the Blockchain. Anyway I didn't need it and stop maintaining that system but definitely interesting explorations.
To clarify the hashing was to verify that the pages were indeed modified by me, to prevent tempering.
FWIW as I commented just earlier if you have to verify without relying on memory nor a public note (e.g. sticker on screen) that others could use to pollute your data then use a biometric mechanism, e.g. YubiKey Bio.
In am just thinking about the number of 5, who these times has really five trustable friends not just acquaintances or people bound by some specific activity perishing over time. I am afraid, for most people in the digital era this number is much lower (and I am certainly not speaking for myself now).
I like it. Perhaps you can use a weird idea of mine.
You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.
One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.
The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.
This makes little sense, IMO. Information is information. There is no difference between this and just having a short/simple passphrase with the PKBDF iterations turned very high. You might as well shard secrets using Shamir and encode it via a modified version of BIP32 words.
The security questions are like extra shares of lower value.
My mental model is something like burying the password in your 100x100 yard. You give one friend the X and a different friend the Y coordinates both rounded down to a multiple of 10 meters. The security questions can be added to the X and Y coordinates.
I wonder if they even need a file. They could pick some question and type their secret into the app, something like the name of their first date etc
If you are to hand out files maybe it is wonderful to write them a letter that serves as their shard? They might actually store it some place safe and it wouldn't scream I'M A SECRET!
I think you'd have to plot a curve based on the potential reward of betrayal... I suspect that many Americans* would have their 5th closest friends committed or worse for low 6 figures. If in ~dire straits, as about half all Americans are, that number could get much lower.
* If my use of the word 'Americans' above is triggering, feel free to substitute it with 'people'.
Yea, this project gives less "my contract partners will benevolently read my diary after I die" than "enabling and incentivizing my closest friends to hold a vote to redistribute all my assets amongst themselves"
We need a standard or reference for an SSS combined encryption mechanism. It definitely has value, but I don't think anyone will trust a single lonesome implementation no matter how good it is.
Other than passwords though, I also have stuff installed at home on a Synology NAS, a mail server, a VPS running some websites (my own, family, my wife's), Home Assistant, Family photos with backups etc etc.
I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...
If you want someone to be able to access it after you’re gone, either put 1000 BTC in it or leave instructions. Paper instructions in a physical fireproof safe is way easier to deal with than any digital encryption with no hints.
you're completely right! the app actually guides you on some of that, it generates a readme that gives you advise on what to document, but I agree you can't be too careful here, the passwords IS NOT ENOUGH.
Me too. I'm starting to self-host more and more services for both me and my family, and I wonder what would happen should I meet a bus in a front-facing way.
I personally do not really care if my relatives are able to access everything I was able to access once I am dead or forget everything. But they should be able to access anything of monetary worth.
So, without any crypto my belongings are either real estate or depots and accounts at banks. Both can easily be discovered in case of my death. I think there is a similar discovery process if I am subject to guardianship (permanently).
A lower tech version would be to pick a very long recovery passphrase, cut it in two or three and give it to two or three friends. It doesn't give you N out of M, but it will be good enough for a lot of real world scenarios
I don’t know. Depending on how much time passes between now and the moment you try to recover the key I bet at least one of your friends will have misplaced or lost that piece of paper.
This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...
Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret.
(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)
Don't worry even if your heirs have the password, it's extremely likely that Google will find the login attempts "suspicious" and try to verify your identity by sending SMS codes to a phone number you last had in 2005, despite your best attempts to prevent it.
There are much better systems for splitting data than just chunking it into N chunks, the most common is Shamir Secret Sharing[1] (the main benefit being that you can construct an M-of-N scheme easily and having N-1 shards provides you zero information about the secret). One word of caution -- a lot of software developers get enamored by the idea of information-theoretic security when they first run into it, but you eventually realise that useful applications of tools like SSS are actually quite rare.
Shameless plug: I wrote a project a few years ago to create PDF-based backups with sharded keys which would do exactly what I suspect you want[2], unfortunately I got stuck at the "make a nice UI for it" stage (everything works but it's just a CLI tool at the moment). I guess I should take a look at using an LLM for that these days... (I used this to store my password manager root password and necessary keys to pull and decrypt the encrypted backups of my server.)
A quarter of your password manager's password means it needs to be really long for it to not be bruteforceable if one or two quarters are recovered (on the order of at least 24 completely random alphanumeric characters)
Shamir's secret sharing scheme does not allow anyone to bruteforce it, no matter if they have 99 out of the 100 required pieces that unlock a 10-character password. If you want to do this sort of thing, I would recommend using a secret sharing scheme instead
Something along the lines of reed-solomon codes could work for you:
If you want to share your password with M family members such that you only need N to agree to recover the original:
Split your password into ordered chunks.
Make a polynomial p, of power N where the p(1) = chunk1, p(2) = chunk2, ...
Evaluate the polynomial at M other points: p(N+1),p(N+2)...
Gives those M new points to your family along with their index (+1,+2,...).
If less than N family members get together, they will not be able to figure out the password much better than guessing. If N get together, they can interpolate their points to form the unique polynomial which will match p. Then evaluate p at p(1),p(2),... to get your original password.
If you put the whole password into 1 chunk, and pad the polynomial with random extra coefficients or points to make the polynomial of sufficient degree, then they get literally no information on the password without having at least N cooperate. If you make multiple chunks then they can do a little correlation between the chunks without knowing the whole thing.
This is sufficiently simple you can even work this out by hand without a computer, though it would be somewhat tedious.
You can give your password, or part of it, to your estate lawyer to attach to your will.
This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.
services going offline is a big concern for me! that's why my solution is offline first, I like the idea of the encrypted backup living in my friend's email inbox and working entirely without internet. a true hard copy.
for the time lock mechanism, how do you go about it? I'm interested in exploring using drand time lock, but that also relies on the service continuing to run (which is admittedly very likely) https://github.com/drand/tlock
yes! I am starting to do some planning on that myself, that's why I'm in that kind of mindset. If you know more people in this space, please share this with them! would love to get feedback
I wrote a project to do this a few years ago[1], it's mainly missing an automated mechanism to scan the PDFs and a GUI. Maybe you'll find it interesting.
hey, this is a great idea! I'll link into your app from my readme.
I really like that the PDF contains the entire dataset, not just the keys. I see lots of little details around organizing the PDFs, like document hashes, etc, very nice job!
Since you wrote it in Rust, I'd suggest compiling it to wasm and releasing a browser-based version
Set up a Github action to send out the secret if you don't commit to a repo every x days? You could even combine it with secret sharing to make sure your friends can't access it unless you're really in trouble.
I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
Wow, it both surprises me but also makes me feel justified in that I keep telling people to make backups of things they care about including something like a Spotify account (if your song lists are dear to them, at least the titles and other metadata that they could rebuild from) and other "cloud" or SaaS services. Anything one cares about, back it up! (Not to you but as a PSA)
Still, it's weird that Google doesn't accept a recovery code. Then again, I had a similar issue where I had nothing set up but a recovery email address and password (back when 2FA was rare), and after confirming both, Google said "well, we still think it's suspicious, why don't you use a device where you're already logged in" (my account had no active sessions that I knew of, besides that I was traveling). Luckily I didn't need it for anything as I had my email moved away already at that time. I still can't access that account today and I switched to throwaway accounts for things like youtube comments or app downloads from the play store (need to download that government authentication software somehow...)
Did Google specifically reject the recovery code as invalid, or did it accept all entries and then their algorithm rejected the login outright?
It accepted the backup code and my correct password and then wanted to verify more stuff, which there was nothing, and just said "Sorry, we can't give you access to your account right now".
Ah, yes okay that sounds precisely like my situation as well. Not so much the backup codes not working as Google's auth gatekeeper being moody, the last thing you want from a login system
Long-term access recovery typically requires rituals like annual check-ins, media rotation, and human drills. We already do this with annual fire-drills.
My password manager has, *checks*, precisely 900 entries. Say that I care about maybe ten percent, that's still doing a "drill" on every single weekend day of the year
Security aspects of software should just work properly. Google should test this and, imo, people should make backups of data they care about. Google might ban you for any reason, no matter if the recovery drill worked 2 hours ago it might not work anymore now. Seems like a fool's errand to keep chasing it instead of making routine (or automated) backups of data when you update it
I have (had?) a Google account tied to my email (which is on a domain I own). Not sure if I ever gave them my phone number, initially. Tried to login a few years back, correct password, but they insisted on me entering my phone. Finally I did - and they can't let me in because my "provider is not supported" and they can't send an SMS with the code, so I'm locked out. Tried every few months since then, no go. Fortunately I didn't lose much (except some family photos), but it is annoying as hell. I wouldn't trust Google with anything important. And yes, I tried with an brand new number on a new phone, unrelated provider. No dice. According to reddit I'm far from alone in this. So if you rely on a Google account for anything... Well, good luck!
my stomach turned into a knot just reading your story. I know that feel of waking up surrounded by nurses not knowing what happened. I'm so glad you had proper backups!!!!!!!!!!
this exact story is why i built my app, thank you so much for sharing.
my hope is to basically make a next version of your plan that's distributed among friends.
If you're not encrypting your hard drive, cracking a local Windows password is easy... Linux is even easier, but you just need a livecd to get back in either way...
Online accounts on the other hand... I hope you used something like lastpass. :)
Honestly, anything more than this is completely overkill.
Honest question: what is the benefit of such a specialized service compared to just an encrypted file with all your passwords that you share via some common file sharing service (hosted or self-hosted)
TouchID is a good starting point... though it does confirm your password weekly.
Somewhat tongue-in-cheek, but if I lose my memory, how am I supposed to remember the 7 (or 5) friends who have my password...?
Somewhat less tongue-in-cheek, if you really wanted to be serious about your friends not being able to produce your password now for the lolz, then you'd actually want to ensure they were merely acquaintances who didn't know each other and couldn't find each other, e.g. not all Facebook friends. In which case the list of friends becomes essentially as important as the password, and then how do you remember where you've stored that list?
In reality, hopefully you can just entrust your master password with your closest family (spouse, parent, adult children), assuming they're not going to drain your bank account or read your private digital journal.
> Trusted emergency contacts must be existing Bitwarden users
While the motivation is similar this basically kills the feature. It requires that your friends not only use but continue to maintain their accounts.
From my understanding of OP's implementation, being completely offline they can basically just keep the key on a USB or file store of any kind.
Personally I think the most robust solution is single key access (a la emergency kit), distributed in one or more secure bank vaults for redundancy (many still do offer these for free or cheaply for small boxes). Put instructions in your (living) will and done.
This could be a useful tool for putting self hosted Bitcoin in a will.
If you self host then die no one can access your coins. Lawyers don’t want to be trusted with copies of secret phrases because of liability if the bitcoin gets stolen. If you encrypt the bitcoin recovery info across several files you can give part to the lawyer and part to different beneficiaries.
I like that more people are thinking solving some of the problems of digital inheritance we face. These are problems that are so important now that so much of our lives are digital and tapping into ones actual social circle seems the best way to do this.
Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.
As someone who still plays Windows games from 30 years ago and Flash games from ~20 years ago, I'd not be so pessimistic about other platforms, at least when there is no negative sentiment towards it and a good track record of stability. Not to say that the web is not among the best choices
Thank you for this tool. We have been looking at shamir schemes in our org for encrypting backup, and decided against it for the reasons of being too complicated. Maybe it is time to revisit it again.
For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.
I've been so tempted to try out the apple password manager, I'm fully vested in their ecosystem, but the lock in is too big for me to feel comfortable with.
Despite the convenience factor, it isn't great to use a manager tied into your own ecosystem. It should exist outside, with the minor factor of lesser convenience.
I've been searching for a solution to let my wife have access to my master password if I die someday. This is definitely something that could work, thank you!
Very cool, but I must say the best way is still a paper with master password in a bank locker. May be distributed it if needed gor additional security.
That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it.
As our identities get more fragmented across devices, clouds, and cranial volatility, I expect digital wills that withstand real-world decay to become the norm.
I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty.
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
I agree in broad strokes. If I am incapacitated, that is when things like durable power-of-attorney, medical advance directives, and living trusts come into play.
The important thing is to ensuring your computer is not a single point of failure. Instead of losing a password, you could have theft, flood, fire, etc. Or for online accounts, you are one vendor move away from losing things. None of these should be precious and impossible to replace. I've been on the other side of this, and I think the better flow is to terminate or transfer accounts, and wipe and recycle personal devices.
A better use of your time is to set up a disaster-recovery plan you can write down and share with people you trust. Distribute copies of important data to make a resilient archive. This could include confidential records, but shouldn't really need to include authentication "secrets".
Don't expect others to "impersonate" you. Delegate them proper access via technical and/or legal methods, as appropriate. Get some basic legal advice and put your affairs in order. Write down instructions for your wishes and the "treasure map" to help your survivors or caregivers figure out how to use the properly delegated authority.
Well see, that's why I keep my "password" memory stored snugly next to "breathing" and other such. If I'm walking around conscious, then I must still know my password.
I must have missed that option in the character creation part of being born (along with choosing my parents). For the record, human memory doesn't actually work in practice. It's unbelievably uncommon, but TBI have weird effects.
Edit: wait, sticky notes maybe? I thought they were a tape company (I'm not sure they're active in my country) but it just occurred to me that maybe they sell other office supplies as well
not just illness but age too will "bitrot" your brain
fifteen years ago I decided to fiddle around one winter and learn a newfangled thing called "bitcoin" and setup my computer to run 24/7 and heat my apartment as a benefit
after mining a dozen coins which were worth next to nothing then, I gave up and took apart the PC and put it away
fast-forward to 2020 and covid/long-covid has now rotted my brain, swiss-cheesed my mind to the point I cannot remember the password for the life of me
I was too clever then for future me, and used a long passphrase that made funny sense then but beyond me now
(they are worth over a million dollars at times now)
In hindsight:
go find a book in your library and pick a random page and write the password or a significant hint to the password on that page and then put it away (don't put any other indication on that paper)
I think this is when you need to evaluate your thread scenario.
A) self-made crypto accessible through web or browser that any cracker can find through www and use machine clusters to run on or AI to work on etc.
B) physical home invasion that are interested in one of your A4 papers with some random words that have only meaning to you and few trustees.
Well, there's power of attorney, which centralizes massive authority over your life with someone else, and yet people do so because when you pick right, it's a useful system.
I'm trying to think of how this survives friends (who come and go in your life) having to coordinate. Then again, some people really did have PGP key signing parties...
Nice! Good to see some tooling in this space explicitly designed for simplicity and user-friendliness.
One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers.
Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new).
Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills.
I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc).
The rest of my comments are overkill but maybe fun to discuss from an academic perspective.
Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gain access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery).
Auditing to detect collusion is also something to think about in schemes like these (eg. somehow watermark the decrypted output to indicate which friends' shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). And timelocks to make wrench attacks less practical (likely requires some external process).
Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings.
Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform?
Again, thanks for sharing and best of luck with your project!
* you forget that you have a clever password scheme
* you forget that you have data to decrypt
* your mental capacities are deteriorated enough that someone else takes over decisions making for you. This person may not know you or your data protection scheme.
* you are physically injured where biometrics are non functional
* you were in an incident that your friends/family were also affected by
In my opinion, the best way to protect against these is simply write stuff down in plaintext somewhere that relies on physical security, like with documents in your home. Also notate what they are and why someone would need to access them and how.
Unless your work and life need to be very secretive, or involve matters of national or international importance, I personally think a simpler printed/written format that works without electronics/Internet would be a better option. Of course, the printed details can have simple encryption, which your family/friends can break using day-to-day quirks you shared, such as the family secret codes, the name of that pet in the town you grew up in, or the middle name from the story of your great-grandfather, etc.
Some time ago, my mother-in-law (erstwhile teacher) and my godmother-aunty (businesswoman) began to forget many things. Their kids have tried quite a few phone apps and whatnot with electronics. Finally, I have suggested enforcing just two things: a lot of Valet bowls around the house (at common places in all the rooms) and pocket notebooks with pens attached. They just write anything and everything, from money to kitchen items to anything they want. If they forgot something, refer to the notebooks. If a key is lost, try the Valet Bowl. Now, my plan is to train their muscle memory to drop/pick from the bowl (don’t try to remember) and write things down.
The idea of Valet Bowls comes from something someone mentioned on Hacker News.
Thank you past me for thinking about future me. Present me happy.
(Funny how I can remember this comment from many months ago after never implementing the bowls, but I currently can’t remember where my car keys are. Should have implemented the bowls…)
For keys, there is only one place: the Keyholder wall-mounted near the main door, while still visible from the main Hall. Not easy to pick and go by “guests” without being seen by someone, but easy for residents to just walk out with one. I got the exact same ones from Amazon and wall-mounted them in all the homes where I serve as Printer-Repair Guy. 10+ years, I kinda have trained every family member’s muscle memory, “Keys go there and only there.” ;-)
Add/Edit: I also have a sticker I printed stuck to the Keyholder, in Monica’s words from Friends, “Got the Keys?”
Im also quite more practical - there are responsabilities that may go beyond a simple memory loss - eg. If one is in a coma or just hospitalized for a long period of time; trusted third parties may require access to your accounts even for simple stuff like paying bills/rent/cloud services.
A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses.
It’s probably not practical to really be robust against fire without being buried several feet deep.
While the fire resulted in the total loss of the house it was actually the water from the fire department not the heat that did proportionally more damage.
As a mental model you shouldn’t think of it as “what if my house burns down?” so much as “what if nice strangers roll up to my windows and chainsaw through my roof and spray 50,000 gallons of water in here?”
Yes everything in the mechanical room melted but everything in the rest of the house got hot, smoky, soaked and then moldy.
For root of trust materiel like social security cards, cash, passports put in a ziplock bag in a fireproof, waterproof safe. But for other storage I use clear “Ezy Storage” brand stackable 50L tubs labeled with Homebox QR codes. In the US, Target and Home Depot frequently stock them. I am very anti black and yellow tubs.
The majority of work post-fire goes to itemizing your house inventory for insurance. Even cataloging all your bathroom’s soaps by brand name rather than generic can make $100 difference. Multiply that by 500x different things.
From a threat model perspective I look at rooms from a “what would be salvageable in here if I emptied a swimming pool’s worth of water from some fire sprinklers”. Furniture and TVs are easy to replace. Other stuff less so.
1500/piece for 20 junk windows I was building a greenhouse with that I dug out of the trash the year before. $250 for a bird feeder because they couldn't find one outside of specialty stores. $40k instead of 10k for a new roof on the shed because it was heavier gauge metal than standard.
Exact replacements can be expensive, but you need to make sure your insurance has 100% replacement instead of adjusted for age or like-kind replacements.
After that experience, we itemized EVERYTHING in the house with make, model, serial number, and color. It was a bitch to get set up, but took the value of our home contents from around 75k to over 250k for exact replacements.
Copies of these records along with our master password for our keepass database are in two bank deposit boxes about 45 minutes apart. For $50/year we can sleep easy.
Also they're small town banks, so that makes it easier as well. We don't really need to worry about providing ID, but if we did and couldn't access ID or something like that, we have four other people listed with access, one of which lives hours away in case of a disaster impacting everyone else on the list. They don't have keys but could get into it for us. So for a few hundred dollars, we're set and insured for the declared value of the contents of the boxes (250k max for another $15/year) if the banks are both destroyed as well!
If a key is lost, you go and prove your identity (easier if any bank employee is familiar with you) and ask for a new key. A date is set and a locksmith shall come, you are next to him and next to the bank employee while he uses the bank's key and lockpicks your lock. Then he configures it for a new key (or replace the lock).
It's cost you something like $300 or whatever.
Source: been next to locksmith opening a bank vault, twice, in two different countries. Once for a bank belonging to a deceased family member (we had the key but not the three-letters combination) and once not because I lost my key but because the bank's lock (on my vault) went defective.
So it's not "my key from the my vault at the bank melted during a housefire, so I can never access my vault at the bank anymore" nor is it "I forgot my three-letters combination, so until the end of the universe that bank vault shall stay locked".
Would you mind sharing more about these tubs and why you are against them?
As to why they're against them, I don't know their reason, but there used to be only one size of tote. There there was big and small. And then, for some fxcking reason, they decided to make ones that were roughly as big as the big ones. Just enough that you have to take half a second to re-eyeball-ruler measure them. But in isolation, if you've got one in front of you, you can't know if it'll tetris properly with another one until they're side-by-side and it turns out they're not.
Dumbest decision ever.
At least they come in transparent now though
In the event of a fire, the bag will melt and coat everything in plastic. This may be undesirable.
Is there a better class of safe one could use that might be more successful even if not a guarantee? F/e even with a safe deposit box, one might still have some lower-tier items that would be impractical to store in one but you might want to do better than just out in the open.
In December 2025, items worth an estimated €30 million were stolen from a Sparkasse bank in the Gelsenkirchen suburb of Buer, Germany. The thieves used a large drill to break into the bank's underground vault and proceeded to crack over 3,000 safe deposit boxes.
The vast majority of these don’t make the news because there’s no proof there was even anything inside the box in the first place so anyone could be lying.
> Mr. Pluard, who tracks legal filings and news reports, estimates that around 33,000 boxes a year are harmed by accidents, natural disasters and thefts.
> Oddly, the bank returned to him five watches that weren’t his. “They were the wrong color, the wrong size — totally different than what I had,” Mr. Poniz said. “I had no idea where they came from.”
https://archive.is/j8e6x
My late wife had a safe deposit box in the Almaden Valley (San Jose) branch of US Bank. Her key to the box was nowhere to be found. So I had to get the box drilled open.
This would normally require a hefty fee. But the branch was moving to a new location, so they invited customers to make an appointment to show up a Saturday with proper ID for a lock drilling party.
I showed my ID and the death certificate, and we went into the safe to have the lock drilled.
But there was no real drilling involved. The locksmith had a little handheld gadget that she pushed into the lock, gave it a little twist, and the door came right open.
The ironic part? All that was in there were a few pieces of costume jewelry, worth maybe $50 in total.
She was paying more than that per year for the box rental, and if I'd had to pay for the "drilling" it would probably be more than that.
If your house and PC burn, restore from online backup.
If your brain burns, spouse restores from vault.
The bank will seal the box as soon as they discover you are dead, and require a court order. Without a will, the executor will be whatever statutory person your state calls for.
Something you keep in your home that no one knows about won't be inventoried.
Including AGE keys (so you can encrypt arbitrary data), SSH keys, FIDO2 and passkeys.
Additionally you might want to store a hardware wallet in a deposit box instead of the seed (if you trust the security model).
Especially inside a fireproof safe.
Wouldn't trust aluminium, solder, Wood's metal, gallium, or mercury, but apart from that...
ex: https://www.cbc.ca/news/safety-deposit-box-protection-1.7338...
https://archive.is/www.nytimes.com/2019/07/19/business/safe-...
Things we take for granted. When my father passed, I was digging stuff out of SDBs that he had for decades.
It's great if you want to store some documents. But don't expect _real_ security. It's guarded by a minimum-wage employee, and the keys are usually laughably insecure. Banks know this, so they cap their liability for the loss of the deposit box at around $1000.
So don't even think about storing gold bars there, like they do in movies.
There _are_ companies that provide safe storage for high-value items, but they are pretty exotic.
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”.
Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain…
There are two rules: 1. You need to be a paying customer when setting up. 2. The other person needs to have a Bitwarden account.
I like the idea of the lawyer, unlike normal people, they like sticking to their promises.
On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.
In hindsight, looking harder for the key would probably have been fruitful.
Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.
I used to keep a password card in my wallet and had a pattern I would use.
https://michael-solomon.net/keybearer
https://github.com/msolomon/keybearer
my zip bundles are 1-2 megabytes due to all the wasm, and you achieved this on so little. impressive job!
I'd love to hear what you think about mine, one of the differences is that it creates a ZIP file containing the recovery app in it, as well as a PDF with instructions for non-technical friends. Overall trying to make the recovery experience as smooth as possible.
but cheers, your version is the only one that I found that does basically what mine does, all the others fall short one way or another!
[0] https://web.archive.org/web/20230610235249/http://bash.org/?...
also RIP bash.org found out thru you :(
To clarify the hashing was to verify that the pages were indeed modified by me, to prevent tempering.
Damn, found it back, was in 2011!
in English https://fabien.benetou.fr/Slideshows/MemoryLoss
in French https://fabien.benetou.fr/Slideshows/MemoryLossPES
In am just thinking about the number of 5, who these times has really five trustable friends not just acquaintances or people bound by some specific activity perishing over time. I am afraid, for most people in the digital era this number is much lower (and I am certainly not speaking for myself now).
You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.
One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.
The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.
The security questions are like extra shares of lower value.
My mental model is something like burying the password in your 100x100 yard. You give one friend the X and a different friend the Y coordinates both rounded down to a multiple of 10 meters. The security questions can be added to the X and Y coordinates.
X = 30 + 2 + 3 + 1
Y = ?? + 3 + 5 + 1
You only have to dig 9 holes now.
If you are to hand out files maybe it is wonderful to write them a letter that serves as their shard? They might actually store it some place safe and it wouldn't scream I'M A SECRET!
https://crypto.stackexchange.com/questions/20578/definition-...
* If my use of the word 'Americans' above is triggering, feel free to substitute it with 'people'.
I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...
If you want someone to be able to access it after you’re gone, either put 1000 BTC in it or leave instructions. Paper instructions in a physical fireproof safe is way easier to deal with than any digital encryption with no hints.
You need to give people "a map" of where things are: https://github.com/eljojo/rememory/blob/main/internal/projec...
So, without any crypto my belongings are either real estate or depots and accounts at banks. Both can easily be discovered in case of my death. I think there is a similar discovery process if I am subject to guardianship (permanently).
(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)
Shameless plug: I wrote a project a few years ago to create PDF-based backups with sharded keys which would do exactly what I suspect you want[2], unfortunately I got stuck at the "make a nice UI for it" stage (everything works but it's just a CLI tool at the moment). I guess I should take a look at using an LLM for that these days... (I used this to store my password manager root password and necessary keys to pull and decrypt the encrypted backups of my server.)
[1]: https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing [2]: https://github.com/cyphar/paperback/
Shamir's secret sharing scheme does not allow anyone to bruteforce it, no matter if they have 99 out of the 100 required pieces that unlock a 10-character password. If you want to do this sort of thing, I would recommend using a secret sharing scheme instead
If you want to share your password with M family members such that you only need N to agree to recover the original:
Split your password into ordered chunks.
Make a polynomial p, of power N where the p(1) = chunk1, p(2) = chunk2, ...
Evaluate the polynomial at M other points: p(N+1),p(N+2)...
Gives those M new points to your family along with their index (+1,+2,...).
If less than N family members get together, they will not be able to figure out the password much better than guessing. If N get together, they can interpolate their points to form the unique polynomial which will match p. Then evaluate p at p(1),p(2),... to get your original password.
If you put the whole password into 1 chunk, and pad the polynomial with random extra coefficients or points to make the polynomial of sufficient degree, then they get literally no information on the password without having at least N cooperate. If you make multiple chunks then they can do a little correlation between the chunks without knowing the whole thing.
This is sufficiently simple you can even work this out by hand without a computer, though it would be somewhat tedious.
This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.
However, there is still the issue of the service provider going offline or out of business which we don't have a solution for yet.
We have started with a good password manager and will be adding digital inheritance/social recovery soon! [0]
Take a look, thoughts and feedback welcome.
[0]: https://saveoursecrets.com
for the time lock mechanism, how do you go about it? I'm interested in exploring using drand time lock, but that also relies on the service continuing to run (which is admittedly very likely) https://github.com/drand/tlock
[1]: https://github.com/cyphar/paperback
Since you wrote it in Rust, I'd suggest compiling it to wasm and releasing a browser-based version
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
Still, it's weird that Google doesn't accept a recovery code. Then again, I had a similar issue where I had nothing set up but a recovery email address and password (back when 2FA was rare), and after confirming both, Google said "well, we still think it's suspicious, why don't you use a device where you're already logged in" (my account had no active sessions that I knew of, besides that I was traveling). Luckily I didn't need it for anything as I had my email moved away already at that time. I still can't access that account today and I switched to throwaway accounts for things like youtube comments or app downloads from the play store (need to download that government authentication software somehow...)
Did Google specifically reject the recovery code as invalid, or did it accept all entries and then their algorithm rejected the login outright?
Security aspects of software should just work properly. Google should test this and, imo, people should make backups of data they care about. Google might ban you for any reason, no matter if the recovery drill worked 2 hours ago it might not work anymore now. Seems like a fool's errand to keep chasing it instead of making routine (or automated) backups of data when you update it
this exact story is why i built my app, thank you so much for sharing.
my hope is to basically make a next version of your plan that's distributed among friends.
Online accounts on the other hand... I hope you used something like lastpass. :)
Honestly, anything more than this is completely overkill.
The bigger issue if I drop dead is all the nontrivial tech crap I have set up (self hosted Vaultwarden included…).
- No more sync conflicts when using multiple devices
- Backups are taken care off
- It's harder to steal the database
- Slightly better browser and mobile extensions for auto-filling passwords
Somewhat tongue-in-cheek, but if I lose my memory, how am I supposed to remember the 7 (or 5) friends who have my password...?
Somewhat less tongue-in-cheek, if you really wanted to be serious about your friends not being able to produce your password now for the lolz, then you'd actually want to ensure they were merely acquaintances who didn't know each other and couldn't find each other, e.g. not all Facebook friends. In which case the list of friends becomes essentially as important as the password, and then how do you remember where you've stored that list?
In reality, hopefully you can just entrust your master password with your closest family (spouse, parent, adult children), assuming they're not going to drain your bank account or read your private digital journal.
https://bitwarden.com/help/emergency-access/
Would also cover banking details or whatever else you want to put in there.
While the motivation is similar this basically kills the feature. It requires that your friends not only use but continue to maintain their accounts.
From my understanding of OP's implementation, being completely offline they can basically just keep the key on a USB or file store of any kind.
Personally I think the most robust solution is single key access (a la emergency kit), distributed in one or more secure bank vaults for redundancy (many still do offer these for free or cheaply for small boxes). Put instructions in your (living) will and done.
If you self host then die no one can access your coins. Lawyers don’t want to be trusted with copies of secret phrases because of liability if the bitcoin gets stolen. If you encrypt the bitcoin recovery info across several files you can give part to the lawyer and part to different beneficiaries.
I gotta say Horcrux is a catchier name ;)
Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.
https://support.apple.com/guide/iphone/share-passwords-iphe6...
https://support.apple.com/guide/icloud/share-files-and-folde...
This is the sort of stuff that terrifies me https://hey.paris/posts/appleid/
https://www.folklore.org/I_Still_Remember_Regions.html
too high
Consider whether you really need this.
Doing 7-choose-5 separate multiparty encryptions is way harder to screw up. Is having to produce 42 ciphertexts really a dealbreaker?
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
The important thing is to ensuring your computer is not a single point of failure. Instead of losing a password, you could have theft, flood, fire, etc. Or for online accounts, you are one vendor move away from losing things. None of these should be precious and impossible to replace. I've been on the other side of this, and I think the better flow is to terminate or transfer accounts, and wipe and recycle personal devices.
A better use of your time is to set up a disaster-recovery plan you can write down and share with people you trust. Distribute copies of important data to make a resilient archive. This could include confidential records, but shouldn't really need to include authentication "secrets".
Don't expect others to "impersonate" you. Delegate them proper access via technical and/or legal methods, as appropriate. Get some basic legal advice and put your affairs in order. Write down instructions for your wishes and the "treasure map" to help your survivors or caregivers figure out how to use the properly delegated authority.
Edit: wait, sticky notes maybe? I thought they were a tape company (I'm not sure they're active in my country) but it just occurred to me that maybe they sell other office supplies as well
Tell someone you trust about where you left these pieces of paper.
fifteen years ago I decided to fiddle around one winter and learn a newfangled thing called "bitcoin" and setup my computer to run 24/7 and heat my apartment as a benefit
after mining a dozen coins which were worth next to nothing then, I gave up and took apart the PC and put it away
fast-forward to 2020 and covid/long-covid has now rotted my brain, swiss-cheesed my mind to the point I cannot remember the password for the life of me
I was too clever then for future me, and used a long passphrase that made funny sense then but beyond me now
(they are worth over a million dollars at times now)
In hindsight:
go find a book in your library and pick a random page and write the password or a significant hint to the password on that page and then put it away (don't put any other indication on that paper)
I'm trying to think of how this survives friends (who come and go in your life) having to coordinate. Then again, some people really did have PGP key signing parties...
(At home of course, people get pissy if you do this at work!)
https://en.wikipedia.org/wiki/Dead_man's_switch
They are an important feature in autonomous systems, critical equipment, and deterrents. =3
One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers.
Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new).
Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills.
I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc).
The rest of my comments are overkill but maybe fun to discuss from an academic perspective.
Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gain access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery).
Auditing to detect collusion is also something to think about in schemes like these (eg. somehow watermark the decrypted output to indicate which friends' shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). And timelocks to make wrench attacks less practical (likely requires some external process).
Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings.
Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform?
Again, thanks for sharing and best of luck with your project!