0

I have been thinking about how to store my master passwords (password manager, email and device passwords) for quite a while and I just haven't been able to come up with a satisfying solution yet. I really want to avoid having outsiders gain access to my data, but I also really want to avoid my data being lost for me or for my family in case I get heavily injured or worse. Here is the best idea I have come up with so far:

  • Passwords stored in encrypted zip archive on Google Drive
  • Link to encrypted archive and encryption password stored in bank vault
  • Copy of encrypted archive on lokal USB drive, password in my head

The upsides to this approach seem to be:

  • A bank vault is very secure
  • I can still update my passwords from home, both on the USB drive and Google Drive
  • Data is stored geo-redundantly

But of course there are also downsides:

  • Bank vault costs money
  • Archive can be downloaded by anybody with the link (if passwords are prefixed with a master password stored in the bank vault this doesn't seem like a big concern though)
  • Link might become invalid at some point
  • If a plane crashes into the bank while I'm in it, well...

I would love to hear your input on this. Does it seem like a terrible idea for some obvious reason I am missing? Are there aspects that could be improved? Is there maybe an entirely different and better solution?

Americat
  • 1
  • 3
    Does this answer your question? [How to share passwords \*only\* after death?](https://security.stackexchange.com/questions/239111/how-to-share-passwords-only-after-death), [Share certain information only after death](https://security.stackexchange.com/questions/37155/share-certain-information-only-after-death). – Steffen Ullrich Oct 02 '22 at 18:47
  • Thanks, I hadn't seen the second one yet. I didn't find any great ideas in it either though. Some of them would fail if half the family dies in a car accident, some of them rely on a single storage device not failing decades into the future, pretty much all of them would make it hard to add or update information. – Americat Oct 02 '22 at 20:08
  • 1
    Every solution will be based on some form of trust and assumptions that the future will be behave as you expect it: trust in people keeping a secret, trust in a service still being available, trust in technology not failing ... You could add robustness to each of these by spreading secrets over multiple people, adding redundancy in technology, services or people ... . There is no 100% reliable solution, but always a trade-off between achievable secrecy, achievable availability, achievable usability and costs/efforts needed. You need to find out what trade-off is acceptable to you. – Steffen Ullrich Oct 02 '22 at 20:17
  • I am aware that a perfect solution doesn't exist, I'm just searching for a good one. There are trade-offs but that doesn't mean that one solution cannot be better in every aspect than another one. I came up with a solution that's decent at most, maybe it can be turned into something good. For example: Is there a sort of "online bank vault" service which lets me store encrypted data and allows family members to request access via their ID (after the service makes sure I am not responding to email and phone anymore)? – Americat Oct 03 '22 at 06:08
  • > Link to encrypted archive and encryption password stored in bank vault >I can still update my passwords from home, both on the USB drive and Google Drive. So you physically must update password in bank vault after each password change on usb or google. If you fail to update password in vault by any reason and you cant share new password with trusted person (death, ingure, you are lost, whatever) new password and data are lost. – gapsf Oct 03 '22 at 14:19
  • So you should change password in all places almost simultaneously atomically or rotate two copy one with previous password another with new password and throw old copies only after update to new password everywhere – gapsf Oct 03 '22 at 14:24

0 Answers0