9

I am looking for a modern, password manager-based way to share my passwords with certain parties (partner, executor of my will) within a week or so of my death, but no sooner.

The scenario I wish to avoid is the loss of my assets and/or breach of my privacy during my lifetime. My threat model includes betrayal of trust and physical access (as in thieving roommate, not the NSA) to my personal papers, keychain, hardware security key, and password-protected phone/laptop. I use 2FA (some with security key, some with phone-based Authenticator apps) for all my accounts.

Regarding betrayal: I accept that someone I'm concerned will betray me in life could just as well betray me after death. While I hope that doesn't happen, that's between them, my intended beneficiaries, and the legal system -- I'm looking to protect my interests while I am alive. So handing someone my passwords on a plate as recommended by e.g. Wirecutter is a nonstarter.

I reject solutions that rely on:

  • Physical security, e.g. printed out master password or safety deposit box key (thieving roommate)
  • Trust, e.g. sharing the password with someone and hoping they don't use it until I die. (I do trust established entities like Apple, Google, Dropbox, 1Password, etc., but not random third parties like Joe's Password Manager or https://www.deadmansswitch.net/)
  • Keep-alive toil, e.g. weekly "click to confirm you're not dead yet" emails
  • Shoddy facsimile of a password manager, e.g. maintaining my own encrypted list of passwords outside of a password manager
  • An attorney: I don't have one, and they are much more expensive than a password manager

Ideally, I would have a password manager that lets me designate a list of allowed requestors. If any of them requests access, I have (say) 14d to approve/deny the request (during which time I'll be aggressively pinged), after which I'm presumed dead and the request is approved.

Non-Solutions

A very similar question was previously asked in 2013, but none of the proposed solutions meet my requirements:

  • Use a lawyer (explicitly ruled out)
  • Encrypt the passwords; give party A the passwords and party B the key: This is an awful solution, ticking both the 'shoddy facsimile' and 'trust' boxes.
  • Google's Inactive Account Manager: This has a minimum 3month delay, and doesn't reveal passwords. Maintaining a doc/email would again be a shoddy facsimile.
  • Dead man's switch email service: Keep-alive toil, and sketchy 3rd-party
  • Written down password and/or safety deposit box: physical security
  • "Estate Map", a defunct service that amounted to "use a lawyer"
Tom
  • 199
  • 2
  • 2
    I don't understand the difference between the option you want *"I have (say) 14d to approve/deny the request "* and the option you don't want *"Keep-alive toil"*. If someone is trying to get to your secrets they can try often and you essentially need to always prove that you are alive. Also, no solution is possible without trusting someone (which might also be a service run by someone) since something must be able to decrypt the password and if it is software it must run somewhere which cannot be fully in your control only since you might be dead. – Steffen Ullrich Oct 02 '20 at 20:18
  • An ongoing requirement to affirm life every 14d is toil. Having 14d to veto a one-time attempted abuse is not. Repeat attempts would not occur, as I would promptly remove them from the list of people authorized to request access. As for trust, I noted in my question that I do trust established tech firms. That’s precisely why I want to offload the security concerns to them: they’re actually qualified! – Tom Oct 02 '20 at 20:53
  • *"... I noted in my question that I do trust established tech firms ..."* - I cannot find this kind of statement in your question, at least not as explicit as you say it here. It might be implicit when you are talking about "password managers" and you might mean with this commercial cloud based systems run by companies and not using free software. – Steffen Ullrich Oct 02 '20 at 21:02
  • """Trust, e.g. sharing the password with someone and hoping they don't use it until I die. (I do trust established entities like Apple, Google, Dropbox, 1Password, etc., but not random third parties"...)""" – Tom Oct 02 '20 at 21:04
  • I see, must have been blind. Thanks. – Steffen Ullrich Oct 02 '20 at 21:05
  • Master password in a safety deposit box would be my go-to; piggy-back on the bank's physical security and process for releasing assets after death. But I see you've explicitly ruled that out. There must be bank safety deposit box services that require a human ID check in addition to / instead of the key? – Mike Ounsworth Oct 02 '20 at 21:58
  • 1
    This question is confusing. First of all, if you are looking for a password manager, isn't this off-topic in this community because it's "product recommendation"? And anyway, it's not clear who you are willing to trust, exactly. You mentioned 1Password, so I suppose you are willing to use well established services. Did you check if any services already have what you need? A quick search found that LastPass probably has the feature you want. – reed Oct 03 '20 at 09:33
  • I'm not sure how to ask this, but seeing how stringent your requirements are described, one would ask if this is a _nea... ..eath_ case ? – elsadek Oct 03 '20 at 18:59
  • didn't see this mentioned, but why not just give it to the beneficiaries themselves? –  Oct 06 '20 at 11:52
  • How do you plan to differentiate between being in an hospital bed in a coma (or just being unable to speak and move) for one week and being definitely dead for one week? – A. Hersean Dec 03 '20 at 15:48
  • Just a comment. You are seeking for the password manager that will be opened for third party if pinging you for N days does not succeed. Please consider that there can be situations when you'll be not able to respond to ping while still being alive. This solution may be not what you are looking for – Alexander P Jan 07 '21 at 15:43

5 Answers5

6

I’d like to point out that there is an epistemic inconsistency in the reasoning here: you’re willing to trust large tech companies like Apple or Google but not a bank and its safety deposit box product. I think that’s an inconsistency that cannot be overstated. Personally I would be far more inclined to trust a safety deposit box from a large, multi-generational bank than a tech company.

Safety deposit box access usually require two things: access based on proof of identity for an authorized individual and possession of the box key. These can be two separate people, by the way: you can authorize a person with the bank for access that is different from the person to whom you give the key, so as to implement a two-person rule.

As well, the bank cannot open your box without drilling the lock, so you would know if the box was ever opened without your permission.

Putting an encrypted secret key in the box (or even better, a physical key like a yubikey) could allow you to implement a three-person rule: one is authorized to access the box, one has the key to the box, and one knows the PIN to unlock the secret key on the yubikey. They must all co-operate and agree in order to access the password manager or encrypted file that stores the actual passwords.

If you can’t find true trust amongst at least one of three people in your life, you’re focused on the wrong things.

schroeder
  • 125,553
  • 55
  • 289
  • 326
RibaldEddie
  • 356
  • 3
  • 9
3

I don't know if it actually ticks all your requirements, but I personnaly use ssss, an implentation of shamir secret sharing

I have splitted a password and printed the resulting shares on plastic card of a size of CB, and hand it over to members of my family.

Have a look at https://security.stackexchange.com/a/5428/77603 for another alternative: libgfshare

These are linux only it seems implementation. There must exist some for other Oses.

solsTiCe
  • 231
  • 2
  • 10
1

I've been thinking about this for a while and indeed, no proper solution yet exists.

Since death is related to your body, the solution would require some kind of connection to it. One solution would be to implement a storage device somewhere in your body. I would have it implemented under anaesthesia in a painful place, such that you would definitely notice if someone would try and steal it during your lifetime. The Wikipedia article on this shows someone with a chip under the surface of the hand, which might allow it to be stolen when you're passed out drunk, etc:

https://en.wikipedia.org/wiki/Microchip_implant_(human)

With this solution, you'd need to put in your will that people can remove the chip after you're dead. But an advanced version might be made where you reprogram a pacemaker to activate an RFID chip when your heart stops. Again, this doesn't exist yet. Would be awesome next-level Elon Musk cyborg tech though.

You could also check out the status of research on data storage in DNA (see the link below). However, this seems to only work when creating new organisms, and I don't think you can alter your own DNA to store things.

https://en.wikipedia.org/wiki/DNA_digital_data_storage

Beurtschipper
  • 743
  • 5
  • 10
  • you assume that alive equals conscious which is not always true, surgeries, serious sickness, accidents or even being intoxicated can allow someone to extract the chip and possibly couple it with a fake pacemaker (you did not mention any authentication between them). – Rsf Nov 02 '20 at 14:02
  • 3
    I would think very long and hard before implementing any technical solution which attempts to instrument a living creature to release data upon its death. Depending upon the data being protected, there is incentive to literally kill the creature (person) to obtain the release of the data. This was a consideration early in the implementation of biometrics for entry to secured spaces, as it was thought to present incentives to create a market in the severed fingers of authorized persons. – Mike McManus Nov 03 '20 at 20:37
  • @MikeMcManus That's basically what OP is asking for though. They want something that will give someone some information if they're not alive. They just need to xor whatever data they implant with some random data the designated recipient has, and instruct that person to keep the random data safe. – user Jan 07 '21 at 15:50
  • 1
    @user I just want to make sure the OP understands the possible consequences of what they are asking for, because they might get it whether they wanted it or not. If they are really good at making the solution impenetrable while they are alive, that creates a perverse incentive for someone to arrange for their death so they can get at the data. As I said, this depends on the nature of the data they intend to protect. – Mike McManus Jan 07 '21 at 19:39
1

Interesting question. I don't understand your requirement for a week-long delay, however, I'll assume it's to ensure you, aah, "ain't com'n' back" ...

The thought of utilising a safety deposit box in a bank has been discussed and eliminated, however, this idea differs slightly in that it rests on the digital security of the bank's transaction system.

Might it be possible to tune a memory-hard keyed hash like Argon2 so that the runtime is roughly a week on current hardware, and would it be stable? I know it can be tuned to run for minutes, but I don't know about days. However, looking at the spec, I reckon the upper bounds on Argon2's inputs would see runtimes in the tens of hours, at least, on current hardware. The inputs for the key-derivation function would be gathered from various points, 'til all inputs are available and the key can be derived.

The first piece of the puzzle requires you to periodically perform a bank transaction (maybe once per year?), and record the amount of money and generate a random description. The transaction would occur between two accounts that you own, or between yours and each beneficiary's account. In the case of the former, financial institutions are adept at verifying executors, and granting access to accounts as part of probate.

I don't know whether all banks would provide transaction history, and how far back, yet in my experience this information is available to the executors for the process of wrapping up a loved one's affairs.

Ktx = Ha2( amount || description )

This has the potential to encode roughly ~65 bits of CS-entropy, eg. log2(9^4) + log2(62^9), and would need to be combined with a separate key file. If your state has a public trustee, you might place key material with them somehow (eg. base64 in your will), or, it could be recovered from your possessions after death, eg: your wallet, or a safe that you carry the key to (or some combination of the above).

Loved ones and beneficiaries would also each choose a personal pass-phrase, and be trained in the technique of a partial recovery that encourages them to remember the key phrase while you're alive, possibly by locking up gifts using a similar technique.

K = H( Kfile || Ktx || Ha2(Kphrase) )

You would produce multiple encrypted backups, and theoretically would control access to these backups through some mechanism that would allow you to audit or be made aware of access attempts.

brynk
  • 1,016
  • 4
  • 14
1

If you trust that a large number of individuals won't all betray you, you could give all of them a copy of an encrypted database and a part of a shared secret, which combined would form the encryption key. See Shamir's Secret Sharing. It takes a number and generates pairs of numbers, which don't tell the parties anything about the original number, unless all are together. One usage of this I know of, is splitting a crypto wallet into backup segments, which can be shared with other parties.

Ángel
  • 18,188
  • 3
  • 26
  • 63
Martin Horský
  • 563
  • 1
  • 4
  • 10
  • Such ideas of all or nothing feel brittle to me. What if I trust my spouse but they die with me in an accident? The kids won't be able to access my passwords. – Limit Feb 06 '21 at 23:11
  • 2
    Shamir secret sharing support threshold sharing. E.g. you could split the secret in 4 pieces and allow any 4 of them to retrieve it. You can set any values for these numbers, or even different weights (such as giving two shares to your spouse). The lower the number needed and the larger the people with shares, the easier they will be recoverable, but there are more possibilities for getting backstabbed as well. – Ángel Feb 06 '21 at 23:58