Access to password manager in case of an emergency/amnesia?


#1

Since I’ve started using a password manager I can’t stop thinking about what’s the best way to ensure that in case of an emergency or amnesia you or a trusted person can get access to your password manager. The biggest question for me here is how to weight security against complexity of the recovery system.

How do you all handle this? Or do you have some general thoughts on this topics you’re willing to share?


#2

You’re going to need to involve someone else, obviously someone you trust (hopefully younger than yourself).
Think: Matryoshka doll or Chinese boxes (box within a box, within a box). COME UP WITH YOUR OWN, but here are some ideas…

  1. Maybe get a fire safe & or safe deposit box. They run from the size of a shoebox to a big gun safe (small ones are cheap).
  2. Give a key or combo to your trusted friend and/or put in safe deposit box that your friend can legally access.
  3. You want a nested line of security. Keep a copy of your passwd mgr details on an ecrypted USB stick, keep this in your firebox.

The password / key for one of these Chinese boxes maybe put in plain sight, but it’s useless unless you can access the other boxes (a note of your fridge, taped to the bottom of your computer or on some page in a book, etc.)

Makes me think of the old movie: It’s a Mad, Mad, Mad, Mad World. The treasure hunters were looking for the “big W”. In plain sight, there it was (4 palm trees appearing to form a “W”).

Obviously document this access path of nested “boxes” for your close friend and/or family member(s). If you have any assets you should probably setup a living trust & will and do the same thing (it’s no one’s business what’s in your living trust until you’re dead).

-Trout


#3

Thank you very much for sharing your thoughts in such an extensive reply, Trout! Getting a fire safe deposit box really is a good idea I haven’t thought about so far.

I also totally agree with the “box within a box, within a box” philosophy, I’m just still a bit unsure about how much complexity (“number of boxes”) I want to introduce to my system and whether it makes sense adding another layer of redundancy by replicating this system for more than one person.

Another thing that became clear to me over the last days is that the password manager files need to be stored such that the trusted persons can always get an up-to-date copy. So either this require a local storage solution the trusted persons can access or something cloud-based. The cloud-based approach then of course would require adding the log-in credentials to the password manager details.


#4

I don’t trust safe deposit boxes nor the cloud (but at times use both of them). If you use the cloud, use some kind of Chinese boxes approach and encrypt the shit out of it w/ an extremely annoying long key for 1+ boxes.

The beauty of this is obfuscation.

Only reveal the first box to your trusted friend / family + a clue (it’s a treasure hunt).

Then you can have:

(big box *ptr) --> Medium box *ptr --> small box *ptr --> …

Then later on you decide to change it (but it doesn’t change how your trusted friend / family gets started).

(big box *ptr) --> some other small box *ptr --> smaller box *ptr --> …

You can change things behind the curtain and you don’t need to inform anyone about your change (the Living Trust approach–you can change the details all you like while it’s shielded by the documented / recorded / notarized & brief Living Trust).


#5

Hey @julian I’ve been having the same thoughts ever since I started using password managers long ago.

I like @Trout’s input yet to me the two key aspects of you recovering your master password in case of accident/amnesia are :

  • you need to be able to recover it fairly quickly and without too much effort
  • the solution you adopt shouldn’t cost financially too much to maintain over the years (after all, this is a safeguard).

The whole point of having a password database is that you only have to protect one single password. Your mind is the best place to store it so the first rule is : never, never, give it to anyone.

You can’t trust anyone. You can’t control how that person is going to try and keep it, so it may eventually backfire. Also, if people ever want to harm you and somehow gain knowledge of the fact this person has your one password, then you place that person in danger…

So instead of setting up a very complex trail of encrypted data, keys, safe boxes etc. which could take you some time to get through in case of memory loss I believe a good, solid, cost-efficient solution is to register your password in your will, safely and confidentially deposited in a sealed envelope upon the proper notarial authorities and inform some people you trust in your entourage, such as your family, of having done so.

This also has the advantage of unlocking your digital self to people you trust in case you die, so they can deal with your ghost on the web (which is an increasing problem on many platforms, social media amongst the first).

Also, as I mentioned earlier about putting people in danger. If you’re ever in a line of business where governments might come after you, then this solution would not work.


#6

This addresses another problem related to password managers then memory loss and I like the concept of nested line of security, and a copy of the database in a USB in your firebox.

However, as I see it, if you ever need to access the database on that key it’s that you’ve lost all other copies and are going for (one of) the safety backup(s). If the USB stick is encrypted you need a password to decrypt it. If you don’t have access to your database, you need to know that password by heart, which undermines the concept of having a database in the first place.

If the USB stick is in your safety firebox and seeing as the database itself is already encrypted. I think it’s safe to assume the USB stick doesn’t itself need to be encrypted :grin:

My two cents… Love the whole idea though. I don’t have a firebox yet but I should ! Adding that to my list !


#7

Just throwing out ideas, to each their own and you probably don’t want to document your security measures on the web!

I still like the treasure hunt idea. You KNOW where the treasure is, so when you want to update your “backup” USB stick or encrypted cloud file, you can at will. Everyone else will have to go from box -> to box -> box. I also like the idea of hiding something (a piece of the puzzle) in plain sight. Ya’ll need to watch more old Pirate & Treasure Hunt Movies!

-Trout