Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)
In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.
This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...
You can give your password, or part of it, to your estate lawyer to attach to your will.
This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.
Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret.
(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)
For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.
I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it.
I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty.
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
This. A physical safe provides something that you can't do digitally: It's hard, but not impossible to get in without credentials.
On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.
Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)
In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.
This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...
You can give your password, or part of it, to your estate lawyer to attach to your will.
This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.
Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret.
(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)
For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.
https://support.apple.com/guide/iphone/share-passwords-iphe6...
https://support.apple.com/guide/icloud/share-files-and-folde...
aw, friend of mine built this way back in the day
https://michael-solomon.net/keybearer
https://github.com/msolomon/keybearer
For this purpose Google offers "Inactive Account Manager" AKA a dead man's switch.
I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
I also had old Google backup codes fail a few years ago. Anybody who hasn't regenerated them in a year or two, I recommend you do so.
Well, this is disturbing news.
Google services are best treated as a liability.
That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it.
i thought 3M had already invented the best password safe ;)
I think 3M also sells a $5 wrench.
Write down the password, print out recovery codes. Store them in separate buildings.
Tell someone you trust about where you left these pieces of paper.
a safe-deposit box at a bank works ok too.
master password on paper hard copy
Yubikey
I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty.
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
What if you forgot your password but retained all other memories?
No family, eh?