I combined shamir secret sharing (hashicorp vault's implementation) with age-encryption, and packaged it using WASM for a neat in-browser offline UX.
The idea is that if something happens to me, my friends and family would help me get back access to the data that matters most to me. 5 out of 7 friends need to agree for the vault to unlock.
Try out the demo in the website, it runs entirely in your browser!
Im also quite more practical - there are responsabilities that may go beyond a simple memory loss - eg. If one is in a coma or just hospitalized for a long period of time; trusted third parties may require access to your accounts even for simple stuff like paying bills/rent/cloud services.
A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses.
It’s probably not practical to really be robust against fire without being buried several feet deep.
While the fire resulted in the total loss of the house it was actually the water from the fire department not the heat that did proportionally more damage.
As a mental model you shouldn’t think of it as “what if my house burns down?” so much as “what if nice strangers roll up to my windows and chainsaw through my roof and spray 50,000 gallons of water in here?”
Yes everything in the mechanical room melted but everything in the rest of the house got hot, smoky, soaked and then moldy.
For root of trust materiel like social security cards, cash, passports put in a ziplock bag in a fireproof, waterproof safe. But for other storage I use clear “Ezy Storage” brand stackable 50L tubs labeled with Homebox QR codes. In the US, Target and Home Depot frequently stock them. I am very anti black and yellow tubs.
The majority of work post-fire goes to itemizing your house inventory for insurance. Even cataloging all your bathroom’s soaps by brand name rather than generic can make $100 difference. Multiply that by 500x different things.
From a threat model perspective I look at rooms from a “what would be salvageable in here if I emptied a swimming pool’s worth of water from some fire sprinklers”. Furniture and TVs are easy to replace. Other stuff less so.
1500/piece for 20 junk windows I was building a greenhouse with that I dug out of the trash the year before. $250 for a bird feeder because they couldn't find one outside of specialty stores. $40k instead of 10k for a new roof on the shed because it was heavier gauge metal than standard.
Exact replacements can be expensive, but you need to make sure your insurance has 100% replacement instead of adjusted for age or like-kind replacements.
After that experience, we itemized EVERYTHING in the house with make, model, serial number, and color. It was a bitch to get set up, but took the value of our home contents from around 75k to over 250k for exact replacements.
Copies of these records along with our master password for our keepass database are in two bank deposit boxes about 45 minutes apart. For $50/year we can sleep easy.
If a key is lost, you go and prove your identity (easier if any bank employee is familiar with you) and ask for a new key. A date is set and a locksmith shall come, you are next to him and next to the bank employee while he uses the bank's key and lockpicks your lock. Then he configures it for a new key (or replace the lock).
It's cost you something like $300 or whatever.
Source: been next to locksmith opening a bank vault, twice, in two different countries. Once for a bank belonging to a deceased family member (we had the key but not the three-letters combination) and once not because I lost my key but because the bank's lock (on my vault) went defective.
So it's not "my key from the my vault at the bank melted during a housefire, so I can never access my vault at the bank anymore" nor is it "I forgot my three-letters combination, so until the end of the universe that bank vault shall stay locked".
Would you mind sharing more about these tubs and why you are against them?
As to why they're against them, I don't know their reason, but there used to be only one size of tote. There there was big and small. And then, for some fxcking reason, they decided to make ones that were roughly as big as the big ones. Just enough that you have to take half a second to re-eyeball-ruler measure them. But in isolation, if you've got one in front of you, you can't know if it'll tetris properly with another one until they're side-by-side and it turns out they're not.
Dumbest decision ever.
At least they come in transparent now though
In the event of a fire, the bag will melt and coat everything in plastic. This may be undesirable.
In December 2025, items worth an estimated €30 million were stolen from a Sparkasse bank in the Gelsenkirchen suburb of Buer, Germany. The thieves used a large drill to break into the bank's underground vault and proceeded to crack over 3,000 safe deposit boxes.
The vast majority of these don’t make the news because there’s no proof there was even anything inside the box in the first place so anyone could be lying.
> Mr. Pluard, who tracks legal filings and news reports, estimates that around 33,000 boxes a year are harmed by accidents, natural disasters and thefts.
> Oddly, the bank returned to him five watches that weren’t his. “They were the wrong color, the wrong size — totally different than what I had,” Mr. Poniz said. “I had no idea where they came from.”
My late wife had a safe deposit box in the Almaden Valley (San Jose) branch of US Bank. Her key to the box was nowhere to be found. So I had to get the box drilled open.
This would normally require a hefty fee. But the branch was moving to a new location, so they invited customers to make an appointment to show up a Saturday with proper ID for a lock drilling party.
I showed my ID and the death certificate, and we went into the safe to have the lock drilled.
But there was no real drilling involved. The locksmith had a little handheld gadget that she pushed into the lock, gave it a little twist, and the door came right open.
The ironic part? All that was in there were a few pieces of costume jewelry, worth maybe $50 in total.
She was paying more than that per year for the box rental, and if I'd had to pay for the "drilling" it would probably be more than that.
If your house and PC burn, restore from online backup.
If your brain burns, spouse restores from vault.
Something you keep in your home that no one knows about won't be inventoried.
Including AGE keys (so you can encrypt arbitrary data), SSH keys, FIDO2 and passkeys.
Additionally you might want to store a hardware wallet in a deposit box instead of the seed (if you trust the security model).
Especially inside a fireproof safe.
Wouldn't trust aluminium, solder, Wood's metal, gallium, or mercury, but apart from that...
ex: https://www.cbc.ca/news/safety-deposit-box-protection-1.7338...
https://archive.is/www.nytimes.com/2019/07/19/business/safe-...
Things we take for granted. When my father passed, I was digging stuff out of SDBs that he had for decades.
It's great if you want to store some documents. But don't expect _real_ security. It's guarded by a minimum-wage employee, and the keys are usually laughably insecure. Banks know this, so they cap their liability for the loss of the deposit box at around $1000.
So don't even think about storing gold bars there, like they do in movies.
There _are_ companies that provide safe storage for high-value items, but they are pretty exotic.
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”.
Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain…
There are two rules: 1. You need to be a paying customer when setting up. 2. The other person needs to have a Bitwarden account.
I like the idea of the lawyer, unlike normal people, they like sticking to their promises.
On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.
In hindsight, looking harder for the key would probably have been fruitful.
Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.
I used to keep a password card in my wallet and had a pattern I would use.
Online accounts on the other hand... I hope you used something like lastpass. :)
Honestly, anything more than this is completely overkill.
So, without any crypto my belongings are either real estate or depots and accounts at banks. Both can easily be discovered in case of my death. I think there is a similar discovery process if I am subject to guardianship (permanently).
my zip bundles are 1-2 megabytes due to all the wasm, and you achieved this on so little. impressive job!
I'd love to hear what you think about mine, one of the differences is that it creates a ZIP file containing the recovery app in it, as well as a PDF with instructions for non-technical friends. Overall trying to make the recovery experience as smooth as possible.
but cheers, your version is the only one that I found that does basically what mine does, all the others fall short one way or another!
[0] https://web.archive.org/web/20230610235249/http://bash.org/?...
In am just thinking about the number of 5, who these times has really five trustable friends not just acquaintances or people bound by some specific activity perishing over time. I am afraid, for most people in the digital era this number is much lower (and I am certainly not speaking for myself now).
I gotta say Horcrux is a catchier name ;)
You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.
One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.
The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.
The security questions are like extra shares of lower value.
My mental model is something like burying the password in your 100x100 yard. You give one friend the X and a different friend the Y coordinates both rounded down to a multiple of 10 meters. The security questions can be added to the X and Y coordinates.
X = 30 + 2 + 3 + 1
Y = ?? + 3 + 5 + 1
You only have to dig 9 holes now.
If you are to hand out files maybe it is wonderful to write them a letter that serves as their shard? They might actually store it some place safe and it wouldn't scream I'M A SECRET!
https://crypto.stackexchange.com/questions/20578/definition-...
I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...
If you want someone to be able to access it after you’re gone, either put 1000 BTC in it or leave instructions. Paper instructions in a physical fireproof safe is way easier to deal with than any digital encryption with no hints.
You need to give people "a map" of where things are: https://github.com/eljojo/rememory/blob/main/internal/projec...
To clarify the hashing was to verify that the pages were indeed modified by me, to prevent tempering.
Damn, found it back, was in 2011!
in English https://fabien.benetou.fr/Slideshows/MemoryLoss
in French https://fabien.benetou.fr/Slideshows/MemoryLossPES
If you self host then die no one can access your coins. Lawyers don’t want to be trusted with copies of secret phrases because of liability if the bitcoin gets stolen. If you encrypt the bitcoin recovery info across several files you can give part to the lawyer and part to different beneficiaries.
(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)
Shameless plug: I wrote a project a few years ago to create PDF-based backups with sharded keys which would do exactly what I suspect you want[2], unfortunately I got stuck at the "make a nice UI for it" stage (everything works but it's just a CLI tool at the moment). I guess I should take a look at using an LLM for that these days... (I used this to store my password manager root password and necessary keys to pull and decrypt the encrypted backups of my server.)
[1]: https://en.wikipedia.org/wiki/Shamir%27s_secret_sharing [2]: https://github.com/cyphar/paperback/
Shamir's secret sharing scheme does not allow anyone to bruteforce it, no matter if they have 99 out of the 100 required pieces that unlock a 10-character password. If you want to do this sort of thing, I would recommend using a secret sharing scheme instead
If you want to share your password with M family members such that you only need N to agree to recover the original:
Split your password into ordered chunks.
Make a polynomial p, of power N where the p(1) = chunk1, p(2) = chunk2, ...
Evaluate the polynomial at M other points: p(N+1),p(N+2)...
Gives those M new points to your family along with their index (+1,+2,...).
If less than N family members get together, they will not be able to figure out the password much better than guessing. If N get together, they can interpolate their points to form the unique polynomial which will match p. Then evaluate p at p(1),p(2),... to get your original password.
If you put the whole password into 1 chunk, and pad the polynomial with random extra coefficients or points to make the polynomial of sufficient degree, then they get literally no information on the password without having at least N cooperate. If you make multiple chunks then they can do a little correlation between the chunks without knowing the whole thing.
This is sufficiently simple you can even work this out by hand without a computer, though it would be somewhat tedious.
This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.
However, there is still the issue of the service provider going offline or out of business which we don't have a solution for yet.
We have started with a good password manager and will be adding digital inheritance/social recovery soon! [0]
Take a look, thoughts and feedback welcome.
for the time lock mechanism, how do you go about it? I'm interested in exploring using drand time lock, but that also relies on the service continuing to run (which is admittedly very likely) https://github.com/drand/tlock
The bigger issue if I drop dead is all the nontrivial tech crap I have set up (self hosted Vaultwarden included…).
- No more sync conflicts when using multiple devices
- Backups are taken care off
- It's harder to steal the database
- Slightly better browser and mobile extensions for auto-filling passwords
Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.
Still, it's weird that Google doesn't accept a recovery code. Then again, I had a similar issue where I had nothing set up but a recovery email address and password (back when 2FA was rare), and after confirming both, Google said "well, we still think it's suspicious, why don't you use a device where you're already logged in" (my account had no active sessions that I knew of, besides that I was traveling). Luckily I didn't need it for anything as I had my email moved away already at that time. I still can't access that account today and I switched to throwaway accounts for things like youtube comments or app downloads from the play store (need to download that government authentication software somehow...)
Did Google specifically reject the recovery code as invalid, or did it accept all entries and then their algorithm rejected the login outright?
Security aspects of software should just work properly. Google should test this and, imo, people should make backups of data they care about. Google might ban you for any reason, no matter if the recovery drill worked 2 hours ago it might not work anymore now. Seems like a fool's errand to keep chasing it instead of making routine (or automated) backups of data when you update it
this exact story is why i built my app, thank you so much for sharing.
my hope is to basically make a next version of your plan that's distributed among friends.
https://bitwarden.com/help/emergency-access/
Would also cover banking details or whatever else you want to put in there.
While the motivation is similar this basically kills the feature. It requires that your friends not only use but continue to maintain their accounts.
From my understanding of OP's implementation, being completely offline they can basically just keep the key on a USB or file store of any kind.
Personally I think the most robust solution is single key access (a la emergency kit), distributed in one or more secure bank vaults for redundancy (many still do offer these for free or cheaply for small boxes). Put instructions in your (living) will and done.
Somewhat tongue-in-cheek, but if I lose my memory, how am I supposed to remember the 7 (or 5) friends who have my password...?
Somewhat less tongue-in-cheek, if you really wanted to be serious about your friends not being able to produce your password now for the lolz, then you'd actually want to ensure they were merely acquaintances who didn't know each other and couldn't find each other, e.g. not all Facebook friends. In which case the list of friends becomes essentially as important as the password, and then how do you remember where you've stored that list?
In reality, hopefully you can just entrust your master password with your closest family (spouse, parent, adult children), assuming they're not going to drain your bank account or read your private digital journal.
Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.
https://support.apple.com/guide/iphone/share-passwords-iphe6...
https://support.apple.com/guide/icloud/share-files-and-folde...
This is the sort of stuff that terrifies me https://hey.paris/posts/appleid/
Consider whether you really need this.
Doing 7-choose-5 separate multiparty encryptions is way harder to screw up. Is having to produce 42 ciphertexts really a dealbreaker?
Tell someone you trust about where you left these pieces of paper.
I'm trying to think of how this survives friends (who come and go in your life) having to coordinate. Then again, some people really did have PGP key signing parties...
(At home of course, people get pissy if you do this at work!)
I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.
That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."
The important thing is to ensuring your computer is not a single point of failure. Instead of losing a password, you could have theft, flood, fire, etc. Or for online accounts, you are one vendor move away from losing things. None of these should be precious and impossible to replace. I've been on the other side of this, and I think the better flow is to terminate or transfer accounts, and wipe and recycle personal devices.
A better use of your time is to set up a disaster-recovery plan you can write down and share with people you trust. Distribute copies of important data to make a resilient archive. This could include confidential records, but shouldn't really need to include authentication "secrets".
Don't expect others to "impersonate" you. Delegate them proper access via technical and/or legal methods, as appropriate. Get some basic legal advice and put your affairs in order. Write down instructions for your wishes and the "treasure map" to help your survivors or caregivers figure out how to use the properly delegated authority.
https://en.wikipedia.org/wiki/Dead_man's_switch
They are an important feature in autonomous systems, critical equipment, and deterrents. =3
One practical problem to consider is the risk of those distributed bundles all ending up on one or two major cloud provider's infra because your friends happened to store them someplace that got scooped up by OneDrive, GDrive, etc. Then instead of the assumed <threshold> friends being required for recovery, your posture is subtley degraded to some smaller number of hacked cloud providers.
Someone using your tool can obviously mitigate by distributing on fixed media like USB keys (possibly multiple keys to each individual as consumer-grade units are notorious for becoming corrupted or failing after a time) along with custodial instructions. Some thought into longevity is helpful here - eg. rotating media out over the years as technology migrates (when USB drives become the new floppy disks) and testing new browsers still load up and correctly run your tool (WASM is still relatively new).
Some protocol for confirming from time to time that your friends haven't lost their shares is also prudent. I always advise any disaster recovery plan that doesn't include semi-regular drills isn't a plan it's just hope. There's a reason militaries, first responders, disaster response agencies, etc. are always doing drills.
I once designed something like this using sealed paper cards in identified sequence - think something like the nuclear codes you see in movies. Annually you call each custodian and get them to break open the next one and read out the code, which attests their share hasn't been lost or damaged. The routine also keeps them tuned in so they don't just stuff your stuff in an attic and forget about it, unable to find their piece when the time comes. In this context, it also happens to be a great way to dedicate some time once a year to catch up (eg. take the opportunity to really focus on your friend in an intentioned way, ask about what's going on in their life, etc).
The rest of my comments are overkill but maybe fun to discuss from an academic perspective.
Another edge case risk is of a flawed Shamir implementation. i.e. Some years from now, a bug or exploit is discovered affecting the library you're using to provide that algorithm. More sophisticated users who want to mitigate against that risk can further silo their sensitive info - eg. only include a master password and instructions in the Shamir-protected content. Put the data those gain access to somewhere else (obviously with redundancy) protected by different safeguards. Comes at the cost of added complexity (both for maintenance and recovery).
Auditing to detect collusion is also something to think about in schemes like these (eg. somehow watermark the decrypted output to indicate which friends' shares were utilized for a particular recovery - but probably only useful if the watermarked stuff is likely to be conveyed outside the group of colluders). And timelocks to make wrench attacks less practical (likely requires some external process).
Finally, who conducted your Security Audit? It looks to me as if someone internal (possibly with the help of AI?) basically put together a bunch of checks you can run on the source code using command line tools. There's definitely a ton of benefit to that (often the individuals closest to a system are best positioned to find weaknesses if given the time to do so) and it's nice that the commands are constructed in a way other developers are likely to understand if they want to perform their own review. But might be a little misleading to call it an "audit", a term typically taken to mean some outside professional agency is conducting an independent and thorough review and formally signing off on their findings.
Also those audit steps look pretty Linux-centric (eg. Verify Share Permissions / 0600, symlink handling). Is it intended development only take place on that platform?
Again, thanks for sharing and best of luck with your project!
Unless your work and life need to be very secretive, or involve matters of national or international importance, I personally think a simpler printed/written format that works without electronics/Internet would be a better option. Of course, the printed details can have simple encryption, which your family/friends can break using day-to-day quirks you shared, such as the family secret codes, the name of that pet in the town you grew up in, or the middle name from the story of your great-grandfather, etc.
Some time ago, my mother-in-law (erstwhile teacher) and my godmother-aunty (businesswoman) began to forget many things. Their kids have tried quite a few phone apps and whatnot with electronics. Finally, I have suggested enforcing just two things: a lot of Valet bowls around the house (at common places in all the rooms) and pocket notebooks with pens attached. They just write anything and everything, from money to kitchen items to anything they want. If they forgot something, refer to the notebooks. If a key is lost, try the Valet Bowl. Now, my plan is to train their muscle memory to drop/pick from the bowl (don’t try to remember) and write things down.
The idea of Valet Bowls comes from something someone mentioned on Hacker News.
(Funny how I can remember this comment from many months ago after never implementing the bowls, but I currently can’t remember where my car keys are. Should have implemented the bowls…)
For keys, there is only one place: the Keyholder wall-mounted near the main door, while still visible from the main Hall. Not easy to pick and go by “guests” without being seen by someone, but easy for residents to just walk out with one. I got the exact same ones from Amazon and wall-mounted them in all the homes where I serve as Printer-Repair Guy. 10+ years, I kinda have trained every family member’s muscle memory, “Keys go there and only there.” ;-)
Add/Edit: I also have a sticker I printed stuck to the Keyholder, in Monica’s words from Friends, “Got the Keys?”