| ▲ | Show HN: If you lose your memory, how to regain access to your computer?(eljojo.github.io) |
| 68 points by eljojo 3 hours ago | 58 comments |
| Due to bike-induced concussions, I've been worried for a while about losing my memory and not being able to log back in. I combined shamir secret sharing (hashicorp vault's implementation) with age-encryption, and packaged it using WASM for a neat in-browser offline UX. The idea is that if something happens to me, my friends and family would help me get back access to the data that matters most to me. 5 out of 7 friends need to agree for the vault to unlock. Try out the demo in the website, it runs entirely in your browser! |
|
| ▲ | bitexploder an hour ago | parent | next [-] |
| Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager. |
| |
| ▲ | repiret 20 minutes ago | parent | next [-] | | This is what I do too, but be warned about “fire proof” - a fire that results in the total loss of your house will create enough heat for enough time that fireproof gun safes and smaller fireproof lockboxes will be destroyed, or even if not, their contents will get hot enough to combust anyway. A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses. It’s probably not practical to really be robust against fire without being buried several feet deep. | | |
| ▲ | ses1984 12 minutes ago | parent | next [-] | | Another solution is to engrave your secret on something that’s stable up to household fire temperatures. | |
| ▲ | eljojo 12 minutes ago | parent | prev [-] | | do you store stuff in a bank? could you tell me more about it? my account gives me access to one for free and been meaning to put a yubikey there for a while but never have |
| |
| ▲ | maurycyz an hour ago | parent | prev | next [-] | | This. A physical safe provides something that you can't do digitally: It's hard, but not impossible to get in without credentials. On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong. | | |
| ▲ | kylehotchkiss 31 minutes ago | parent [-] | | I've broken into Physical Safes using nothing more than a drill with a half inch bit (I was young and didn't want to drag myself to harbor freight to sacrifice a more suitable tool). Enough boreholes and I had access. In hindsight, looking harder for the key would probably have been fruitful. | | |
| ▲ | 0cf8612b2e1e 25 minutes ago | parent [-] | | Nothing says you cannot trivially encode the paper password. Those in the know understand that you need to append “BoomShakalaka”, replace “A” with “Q”, or some other super simple modification to what is recorded. Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals. | | |
| ▲ | mathstuf a minute ago | parent [-] | | I've thought about making a "word search" and embedding the passphrase in it using a pattern (e.g., a subset of a Knight's tour, a space-filling curve overlay, or some other sampling algorithm). |
|
|
| |
| ▲ | munk-a an hour ago | parent | prev | next [-] | | Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like). In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will). | | |
| ▲ | rcxdude an hour ago | parent [-] | | Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly) | | |
| ▲ | spockz 9 minutes ago | parent [-] | | Apple has this thing called Legacy Contact which allows the same but then built in to the whole Apple account. This includes devices as well as the iCloud ~~and attached keychains. Granted, it is another hoop to jump through compared to presharing keys with each other.~~ It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”. Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain… |
|
| |
| ▲ | eljojo 13 minutes ago | parent | prev | next [-] | | sometimes simpler is the best. I am always on the move so vaults don't jive well with me. my concern would be for something to still happen to it, too. I'm trying to go by the principle of not putting all my eggs on one basket. | |
| ▲ | rcxdude an hour ago | parent | prev [-] | | In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die. |
|
|
| ▲ | econ 33 minutes ago | parent | prev | next [-] |
| I like it. Perhaps you can use a weird idea of mine. You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part. One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing. The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer. |
| |
| ▲ | eljojo 27 minutes ago | parent [-] | | ohhhh that's brutal haha! for context my app runs entirely clientside, but I get it, it's an interesting idea... |
|
|
| ▲ | gingerlime 22 minutes ago | parent | prev | next [-] |
| Other than passwords though, I also have stuff installed at home on a Synology NAS, a mail server, a VPS running some websites (my own, family, my wife's), Home Assistant, Family photos with backups etc etc. I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services... |
| |
| ▲ | reddalo a minute ago | parent | next [-] | | Me too. I'm starting to self-host more and more services for both me and my family, and I wonder what would happen should I meet a bus in a front-facing way. | |
| ▲ | eljojo 14 minutes ago | parent | prev | next [-] | | you're completely right! the app actually guides you on some of that, it generates a readme that gives you advise on what to document, but I agree you can't be too careful here, the passwords IS NOT ENOUGH. You need to give people "a map" of where things are: https://github.com/eljojo/rememory/blob/main/internal/projec... | |
| ▲ | thephyber 17 minutes ago | parent | prev [-] | | Don’t assume that anyone can. If you want someone to be able to access it after you’re gone, either put 1000 BTC in it or leave instructions. Paper instructions in a physical fireproof safe is way easier to deal with than any digital encryption with no hints. |
|
|
| ▲ | nippoo an hour ago | parent | prev | next [-] |
| This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password... |
| |
| ▲ | tmpfs 12 minutes ago | parent | next [-] | | We care about this porblem and are actively working on it, like the OP we also settled on shamirs secret sharing with a time lock mechanism. However, there is still the issue of the service provider going offline or out of business which we don't have a solution for yet. We have started with a good password manager and will be adding digital inheritance/social recovery soon! [0] Take a look, thoughts and feedback welcome. [0]: https://saveoursecrets.com | |
| ▲ | rcxdude an hour ago | parent | prev | next [-] | | Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret. (If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted) | |
| ▲ | nandomrumber an hour ago | parent | prev | next [-] | | You can give your password, or part of it, to your estate lawyer to attach to your will. This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them. | |
| ▲ | eljojo 25 minutes ago | parent | prev [-] | | yes! I am starting to do some planning on that myself, that's why I'm in that kind of mindset. If you know more people in this space, please share this with them! would love to get feedback |
|
|
| ▲ | cbabraham an hour ago | parent | prev | next [-] |
| aw, friend of mine built this way back in the day https://michael-solomon.net/keybearer https://github.com/msolomon/keybearer |
| |
| ▲ | eljojo 17 minutes ago | parent [-] | | no way!!!! I searched for a long time for a solution like this, many could encrypt using shamir but none took an actual file with browser upload and easy UX. and like, 14 years ago? my hats down to you my friend. my zip bundles are 1-2 megabytes due to all the wasm, and you achieved this on so little. impressive job! I'd love to hear what you think about mine, one of the differences is that it creates a ZIP file containing the recovery app in it, as well as a PDF with instructions for non-technical friends. Overall trying to make the recovery experience as smooth as possible. but cheers, your version is the only one that I found that does basically what mine does, all the others fall short one way or another! | | |
| ▲ | thephyber 14 minutes ago | parent [-] | | I wonder how many thousands or millions of useful projects are so well hidden that they are effectively nonexistent. |
|
|
|
| ▲ | rawgabbit an hour ago | parent | prev | next [-] |
| For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share. https://support.apple.com/guide/iphone/share-passwords-iphe6... https://support.apple.com/guide/icloud/share-files-and-folde... |
| |
| ▲ | politelemon 17 minutes ago | parent [-] | | Despite the convenience factor, it isn't great to use a manager tied into your own ecosystem. It should exist outside, with the minor factor of lesser convenience. |
|
|
| ▲ | cedws 24 minutes ago | parent | prev | next [-] |
| I also gave this problem some thought: https://github.com/cedws/amnesia |
| |
| ▲ | eljojo 15 minutes ago | parent [-] | | oh hey, nice timing! good name too, I see we're both on the same wavelength there. I'll link you from my readme! |
|
|
| ▲ | rkagerer 5 minutes ago | parent | prev | next [-] |
| Nice! Good to see some tooling in this space explicitly designed for simplicity and user-friendliness. One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers. Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new). Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills. I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc). The rest of my comments are overkill but maybe fun to discuss from an academic perspective. Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gains access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery). Auditing to detect collusion is also something you might think about (eg. somehow watermark the decrypted output to indicate which friend's shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings. Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform? Again, thanks for sharing and best of luck with your project! |
|
| ▲ | ddtaylor 2 hours ago | parent | prev | next [-] |
| I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything. Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years. |
| |
| ▲ | ericbarrett an hour ago | parent | next [-] | | I also had old Google backup codes fail a few years ago. Anybody who hasn't regenerated them in a year or two, I recommend you do so. | | | |
| ▲ | eljojo 22 minutes ago | parent | prev [-] | | my stomach turned into a knot just reading your story. I know that feel of waking up surrounded by nurses not knowing what happened. I'm so glad you had proper backups!!!!!!!!!! this exact story is why i built my app, thank you so much for sharing. my hope is to basically make a next version of your plan that's distributed among friends. |
|
|
| ▲ | modeless an hour ago | parent | prev | next [-] |
| For this purpose Google offers "Inactive Account Manager" AKA a dead man's switch. |
| |
| ▲ | couchdive 23 minutes ago | parent | next [-] | | 3 months of non-use is the lowest term available before it will enact. That's too long for most situations except maybe probate court | |
| ▲ | eljojo 21 minutes ago | parent | prev [-] | | I don't use Google :( |
|
|
| ▲ | moltymolt 2 hours ago | parent | prev | next [-] |
| That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it. |
| |
| ▲ | eljojo 25 minutes ago | parent [-] | | exactly! my hope is to offload some trust to the collective of my friends |
|
|
| ▲ | lucenet an hour ago | parent | prev | next [-] |
| Write down the password, print out recovery codes. Store them in separate buildings. Tell someone you trust about where you left these pieces of paper. |
| |
|
| ▲ | croisillon an hour ago | parent | prev | next [-] |
| i thought 3M had already invented the best password safe ;) |
| |
|
| ▲ | JTbane an hour ago | parent | prev | next [-] |
| master password on paper hard copy |
| |
| ▲ | eljojo 25 minutes ago | parent [-] | | that's so scary though! what if someone has access to it? or it gets lost when you need it? | | |
| ▲ | seb1204 3 minutes ago | parent [-] | | I think this is when you need to evaluate your thread scenario.
A) self-made crypto accessible through web or browser that any cracker can find through www and use machine clusters to run on or AI to work on etc.
B) physical home invasion that are interested in one of your A4 papers with some random words that have only meaning to you and few trustees. |
|
|
|
| ▲ | BoredPositron an hour ago | parent | prev | next [-] |
| Yubikey |
|
| ▲ | registeredcorn an hour ago | parent | prev [-] |
| I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty. I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use. That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it." |
| |
| ▲ | saltcured 28 minutes ago | parent | next [-] | | I agree in broad strokes. If I am incapacitated, that is when things like durable power-of-attorney, medical advance directives, and living trusts come into play. The important thing is to ensuring your computer is not a single point of failure. Instead of losing a password, you could have theft, flood, fire, etc. Or for online accounts, you are one vendor move away from losing things. None of these should be precious and impossible to replace. I've been on the other side of this, and I think the better flow is to terminate or transfer accounts, and wipe and recycle personal devices. A better use of your time is to set up a disaster-recovery plan you can write down and share with people you trust. Distribute copies of important data to make a resilient archive. This could include confidential records, but shouldn't really need to include authentication "secrets". Don't expect others to "impersonate" you. Delegate them proper access via technical and/or legal methods, as appropriate. Get some basic legal advice and put your affairs in order. Write down instructions for your wishes and the "treasure map" to help your survivors or caregivers figure out how to use the properly delegated authority. | |
| ▲ | catlifeonmars an hour ago | parent | prev | next [-] | | What if you forgot your password but retained all other memories? | | |
| ▲ | wavemode 13 minutes ago | parent | next [-] | | Well see, that's why I keep my "password" memory stored snugly next to "breathing" and other such. If I'm walking around conscious, then I must still know my password. | |
| ▲ | eljojo 24 minutes ago | parent | prev [-] | | asking the real questions here |
| |
| ▲ | esafak an hour ago | parent | prev [-] | | No family, eh? | | |
|
