Without revealing too much, where do you choose to store the a copy of the single password that gets you into everything? I’m looking for ideas.
I just went through the process of creating two backup drives I plan on storing in different places. They both contain an encrypted vault and an encrypted copy of my password manager (that contains the passphrase to unlock the vault). One drive will be more easily accessible (so I can update it more frequently) and the other will be stored at a friend’s house.
All that is required is physical access and the single passphrase that unlocks my password manager. I have said passphrase pretty well memorized and the only other “copy” is written on the back of an envelope I hope to burn soon.
This begs the question, where do I store copies of that single passphrase. The simple answer is to write it down and hide it in a different friends house.
A fun idea is to find a book that contains all words in my passphrase. On a note write page and line numbers of all the words and the edition. Then store that note with just numbers somewhere and gift the book to several people.
The most efficient and effective might be to just hire a lawyer to keep track of such things.
I keep a physical copy of mine in a fire resistant lockbox in my house. This is so my family can find it in case I die or become incapacitated.
I also have it stored as a document in Proton Drive. This is the document I print out and keep inside my lockbox so family can access it if needed. The document is kept in Drive in case it needs to be updated.
It is also stored on a Cryptomator vault inside a thumbdrive. This is because the backups I keep on Drive, I like to have them backed up to a non cloud solution as well.
Lol yeah, I understand that and I don’t think I will forget mine anytime soon, but there is still that risk. Maybe that risk isn’t worth writing it down somewhere for you, but I think it is for me.
In High School we had lockers with a three number combo. By the end of every year I forgot the numbers and just vaguely remembered that the first one was so many notches on this side of 25, the next so many notches past 45, etc.
I started catching myself forget the words of one of my passphrases to a computer but instead remembering the muscle memory of typing it into my keyboard. If you put a different keyboard in front of me I’m not confident I could type it out. I’m mainly using a different computer day to day now and I’m even less confident that I will have that passphrase memorized next month.
I assume for most the risk of losing everything is worse than having it be leaked/breached. In my case my friend could find my passphrase and post a tweet like “I found this random code in my house.” I’m willing to take that risk.
I found that a QR code cut diagonally into two pieces had a good set of features: Neither half would scan but if placed side by side scans perfectly.
So I sent one half of a QR code containing my master password to one of the executors of our trust and placed the other half in a fire resistant safe in our house along with a USB flash drive containing a current copy of the Keepass file. A burglar won’t get enough info to open the Keepass file but the executor of the trust can get access (they live 1000 miles away but have a key to our house).
Exactly. It just comes down to threat assessment / modeling. The master password being physically stolen or breached from my E2EE drive or cryptomator vault seems pretty low to me whereas the value in knowing my family will have access to what they need regardless of what happens to me is high.
That’s pretty fair. I have the same setup (I believe).
Currently my GOS Pixel has a copy of my password manager on a second profile. When I first set up the phone I made the passwords for each profile different, but I might simplify that.
When turning on the phone I can’t do anything without entering a password, then I can open a different profile by putting in a different password. To make it simpler when just checking the phone I now have each profile set up with a fingerprint and a unique six digit pin. I don’t need to remember the pins but I do need to remember the passwords. It’s just overly complicated.
In the book Extreme Privacy (Michael Bazzell) he mentions that he uses full disk encryption on all computers, but chooses to use the same passphrase for the user login too. I thought this was strange at first but honestly just makes a lot of sense. One could use a four word passphrase for the drive encryption and another four words for the user, but why not just the same eight for both.
Agreed on this. I used to have different passwords but I forgot my main FDE one. It is very risky because you might not boot it only every few days, so you might not remember it as well as the login/sudo password.
You could also split your phrase up into multiple parts with duplication. This means you would need to bring together at least 2 cards together to make the full phrase. For example, a card in your safe, siblings house, lawyer, safe deposit box, etc.
Passphrase: correct horse battery staple
Column 1
Column 2
Column 3
Column 4
Card1
correct
-
battery
staple
Card2
correct
horse
-
staple
Card3
correct
horse
battery
-
Card4
-
horse
battery
staple
If you have a break-in and they take the copy from your safe, gives you a bit of time to reset.
I am a big fan of peppering the password. Preferably with something very personal. This makes sure that my close family members can use it after I pass and also make it useless for any burglar.
And to answer OPs question: an physical emergency sheet (in my opinion this is absolutely essential) with multiple duplicates stored offsite.
Emergency sheet is what i did. Technically its a security hole because i can’t fully encrypt the emergency sheet itself because then i need to store the decryption key somewhere else making it a neverending head and tail, chicken and egg situation. But it already saved my ass once.
If you want a cryptography-based version of this, have a look at Shamir’s secret sharing. It allows you to split a secret in multiple shares and require a pre-defined number of them to get the secret back.
Compared to your method it has pros (more secure, no participant can see any part of the key on their own) and cons (it’s more complex to implement and requires some software to reconstruct the key).