Start treating the Future-You like a Stranger. Write for that stranger, your Future-You will thank you. We think we will remember, but we won’t. So, don’t be too harsh on yourself and make it easier for your future-you. If that stranger finds it easier, it will also be for others; your relatives, kids, etc.
Unless your work and life need to be very secretive, or involve matters of national or international importance, I personally think a simpler printed/written format that works without electronics/Internet would be a better option. Of course, the printed details can have simple encryption, which your family/friends can break using day-to-day quirks you shared, such as the family secret codes, the name of that pet in the town you grew up in, or the middle name from the story of your great-grandfather, etc.
Some time ago, my mother-in-law (erstwhile teacher) and my godmother-aunty (businesswoman) began to forget many things. Their kids have tried quite a few phone apps and whatnot with electronics. Finally, I have suggested enforcing just two things: a lot of Valet bowls around the house (at common places in all the rooms) and pocket notebooks with pens attached. They just write anything and everything, from money to kitchen items to anything they want. If they forgot something, refer to the notebooks. If a key is lost, try the Valet Bowl. Now, my plan is to train their muscle memory to drop/pick from the bowl (don’t try to remember) and write things down.
The idea of Valet Bowls comes from something someone mentioned on Hacker News.
5 out of 7 means you cannot be in an eg. car accident with more than 2 of them at a time, if there is the possibility of all of them present in the car not surviving.
Im also quite more practical - there are responsabilities that may go beyond a simple memory loss - eg. If one is in a coma or just hospitalized for a long period of time; trusted third parties may require access to your accounts even for simple stuff like paying bills/rent/cloud services.
Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
Ah, I actually did something similar years ago. I basically hashed individual pages of my wiki and I think I published the hash of hashes on the Blockchain. Anyway I didn't need it and stop maintaining that system but definitely interesting explorations.
To clarify the hashing was to verify that the pages were indeed modified by me, to prevent tempering.
The "lost my memory" scenario differs a bit from death/succession planning in that you can use biometrics... but IMO it's better to jump straight to the latter and concuss two birds with one stone.
Interesting approach. I like that this is explicit about human recovery rather than pretending crypto alone solves catastrophe.
That said, this design and fully stateless systems like mine (deterministic derivation, no escrow) are solving opposite failure modes. Shamir-based social recovery assumes:
trusted third parties remain reachable,
they are willing and able to cooperate,
and that recovery is an exceptional event.
Stateless systems assume the inverse:
no one can be relied on,
recovery is impossible by design,
and the primary threat is silent compromise rather than lockout.
Neither is “better” universally; they’re value judgments. What I appreciate here is that the tradeoffs are made explicit instead of buried behind UX.
One open question I’d be curious about: how you reason about coercion risk over time (friends change, incentives change), and whether you see this as something users should periodically re-shard as relationships evolve.
I like it. Perhaps you can use a weird idea of mine.
You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.
One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.
The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.
Other than passwords though, I also have stuff installed at home on a Synology NAS, a mail server, a VPS running some websites (my own, family, my wife's), Home Assistant, Family photos with backups etc etc.
I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...
TouchID is a good starting point... though it does confirm your password weekly.
Somewhat tongue-in-cheek, but if I lose my memory, how am I supposed to remember the 7 (or 5) friends who have my password...?
Somewhat less tongue-in-cheek, if you really wanted to be serious about your friends not being able to produce your password now for the lolz, then you'd actually want to ensure they were merely acquaintances who didn't know each other and couldn't find each other, e.g. not all Facebook friends. In which case the list of friends becomes essentially as important as the password, and then how do you remember where you've stored that list?
In reality, hopefully you can just entrust your master password with your closest family (spouse, parent, adult children), assuming they're not going to drain your bank account or read your private digital journal.
This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...
I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
I like that more people are thinking solving some of the problems of digital inheritance we face. These are problems that are so important now that so much of our lives are digital and tapping into ones actual social circle seems the best way to do this.
Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.
Thank you for this tool. We have been looking at shamir schemes in our org for encrypting backup, and decided against it for the reasons of being too complicated. Maybe it is time to revisit it again.
For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.
That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it.
As our identities get more fragmented across devices, clouds, and cranial volatility, I expect digital wills that withstand real-world decay to become the norm.
I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty.
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
Nice! Good to see some tooling in this space explicitly designed for simplicity and user-friendliness.
One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers.
Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new).
Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills.
I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc).
The rest of my comments are overkill but maybe fun to discuss from an academic perspective.
Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gain access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery).
Auditing to detect collusion is also something to think about in schemes like these (eg. somehow watermark the decrypted output to indicate which friends' shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). And timelocks to make wrench attacks less practical (likely requires some external process).
Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings.
Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform?
Again, thanks for sharing and best of luck with your project!
Show HN: If you lose your memory, how to regain access to your computer?
(eljojo.github.io)242 points by eljojo 13 hours ago | 148 comments
Comments
Unless your work and life need to be very secretive, or involve matters of national or international importance, I personally think a simpler printed/written format that works without electronics/Internet would be a better option. Of course, the printed details can have simple encryption, which your family/friends can break using day-to-day quirks you shared, such as the family secret codes, the name of that pet in the town you grew up in, or the middle name from the story of your great-grandfather, etc.
Some time ago, my mother-in-law (erstwhile teacher) and my godmother-aunty (businesswoman) began to forget many things. Their kids have tried quite a few phone apps and whatnot with electronics. Finally, I have suggested enforcing just two things: a lot of Valet bowls around the house (at common places in all the rooms) and pocket notebooks with pens attached. They just write anything and everything, from money to kitchen items to anything they want. If they forgot something, refer to the notebooks. If a key is lost, try the Valet Bowl. Now, my plan is to train their muscle memory to drop/pick from the bowl (don’t try to remember) and write things down.
The idea of Valet Bowls comes from something someone mentioned on Hacker News.
Im also quite more practical - there are responsabilities that may go beyond a simple memory loss - eg. If one is in a coma or just hospitalized for a long period of time; trusted third parties may require access to your accounts even for simple stuff like paying bills/rent/cloud services.
To clarify the hashing was to verify that the pages were indeed modified by me, to prevent tempering.
Damn, found it back, was in 2011!
in English https://fabien.benetou.fr/Slideshows/MemoryLoss
in French https://fabien.benetou.fr/Slideshows/MemoryLossPES
https://michael-solomon.net/keybearer
https://github.com/msolomon/keybearer
You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.
One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.
The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.
https://bitwarden.com/help/emergency-access/
Would also cover banking details or whatever else you want to put in there.
I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...
Somewhat tongue-in-cheek, but if I lose my memory, how am I supposed to remember the 7 (or 5) friends who have my password...?
Somewhat less tongue-in-cheek, if you really wanted to be serious about your friends not being able to produce your password now for the lolz, then you'd actually want to ensure they were merely acquaintances who didn't know each other and couldn't find each other, e.g. not all Facebook friends. In which case the list of friends becomes essentially as important as the password, and then how do you remember where you've stored that list?
In reality, hopefully you can just entrust your master password with your closest family (spouse, parent, adult children), assuming they're not going to drain your bank account or read your private digital journal.
https://www.folklore.org/I_Still_Remember_Regions.html
The bigger issue if I drop dead is all the nontrivial tech crap I have set up (self hosted Vaultwarden included…).
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.
https://support.apple.com/guide/iphone/share-passwords-iphe6...
https://support.apple.com/guide/icloud/share-files-and-folde...
Consider whether you really need this.
Doing 7-choose-5 separate multiparty encryptions is way harder to screw up. Is having to produce 42 ciphertexts really a dealbreaker?
Tell someone you trust about where you left these pieces of paper.
(At home of course, people get pissy if you do this at work!)
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
https://en.wikipedia.org/wiki/Dead_man's_switch
They are an important feature in autonomous systems, critical equipment, and deterrents. =3
One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers.
Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new).
Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills.
I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc).
The rest of my comments are overkill but maybe fun to discuss from an academic perspective.
Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gain access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery).
Auditing to detect collusion is also something to think about in schemes like these (eg. somehow watermark the decrypted output to indicate which friends' shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). And timelocks to make wrench attacks less practical (likely requires some external process).
Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings.
Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform?
Again, thanks for sharing and best of luck with your project!