Here's the nightmare scenario for anyone who uses a password manager, 2FA, and other modern online security tools.
https://shkspr.mobi/blog/2022/06/ive-locked-myself-out-of-my-digital-life/
Hmm, this has got me considering—if I locked a copy of my password vault in an encrypted tomb (https://dyne.org/tomb/), I could then spread copies of that tomb around to various places I could get access back (with a memorized password or something), then put a copy of the keyfile on a USB drive given to a friend (or multiple friends). That way I don't have to get access to the friend's USB whenever I update or add a password, I just update the tomb. The friend also wouldn't have access to the tomb, just the key.
Probably not foolproof, but feels like it addresses a number of points on the threat model?
@Edent I went through this about ten years ago when I had to change my number (stalky reasons) - locked myself out of several accounts I will never see again.
Apple, particularly, make it next to impossible to regain access to your accounts if you've lost devices
Ah, another note—a key file can also be hidden inside an ordinary-looking photo with steganography. That way if someone who shouldn't got ahold of the USB drive, they wouldn't notice anything out of the ordinary, it would just look like a directory full of family photos or something.
Or, keys can be printed out as QR codes for a more physical backup.
@Edent This problem would perhaps be helped by having a very very secure but ultra small (to be cheap) fire-proof and disaster-proof box, inside another one, for one ubikey that serves as the 2FA for your password manager and a couple of email accounts, and which is tested on the 1st April every year. I was wondering what sort of boxes would suit.
@adingbatponder that doesn't get around the problem though. What if that box is destroyed or stolen?
I'm talking about how you can bootstrap from nothing.
@Edent Oh. Sorry. My understanding of the article was that once you have 2FA then you cannot. At least I cannot see how.
This is why you need the Guy Pearce in Memento approach, and tattoo all your secrets onto your corporeal self
@Edent I get the impression that you are a clever enough person that you've worked out a solution to this for yourself, and if your house really did burn down you'd get your life back soon enough.
@Edent Copy the bootstrap data you need to several USB drives encrypted with a long password you can easily remember ('icanrememBerthispassword,' for example), and scatter the drives around a bit. It doesn't actually matter who you give them to. And yeh, you'll need a scheme in place to refresh them from time to time.
@khleedril people can't remember long passwords - especially ones they rarely use - that's why they use a manager in the first place!
@Edent I remember that post, it was a great one. As I commented then, one risk factor most people don't seem to consider is that *you* could have a stroke and be incapable of remembering your passwords, or even be capable of using a computer any more.
The best solution I have been able to come up with is to put all my digital credentials on a pair of Apricorn ASK3-NXC-4GB USB drives with a passcode keypad (I used to use a pair of IronKey S200, but they are no longer supported on newer macOS because the unlock is in software that suffers from bitrot, hence using a solution with an OS-independent physical unlock), have one in the safe, rotate them regularly, and have either a dead-man's switch to release the code to my spouse or give it in a sealed envelope to the lawyer who administers my will.
@Edent
If your life depends on one, you can remember it. I do. It probably wouldn't be too bad if you used the same one as the master password for the manager.
@Edent This is pretty scary. I'm really sorry you are living through this calamity.
The only thing that might make sense is a combination safe buried under ground in the garden. Assuming it was waterproof that would likely survive most any disaster. But OUCH!
So now I'm thinking can I create a small server and equipment underground on my lot that could connect via wifi to my network? Then back up into that? Crazy talk.
@Edent great, a reminder of just how unprepared I am. Thanks!
I guess my next couple of weekend projects might be writing this stuff down for my own sanity and the potential future benefit of other people...
@Edent @khleedril For the way companies have trained us to make passwords (random string of numbers punctuation and lower and uppercase letters) this is true.
But remembering it's the last sentence of your favourite book would just mean you need to pop to the library (you don't even need a library membership as you're not going to borrow the book) to look up the password.
@Edent Actually, you had me thinking.
Our KeePass database is on a NAS. Yes, with backups in a safe, and in online storage.
But, it needs an extra place.....
@Edent Thinking through the 3 risks at the end, I think the last risk is the most disastrous but least likely. The first 2 are more likely, but damage can be contained. A bad guy might be able to gain access to some of my accounts, even a credit card or bank account. But if I isolate accounts, there would be damage just not total. Personally, I lean more towards protecting against the first 2 and less 3rd, but that’s because I live a comfortable middle class lifestyle and devalue that 3rd risk.
@khleedril @Edent I'm specifically not using the same PW for the extra online storage space I've just added as is used for the KeePass database in it.
@Edent my wife and I have a family Bitwarden account, and while I’ve never considered a scenario as extreme as this, I have considered the “house burning down”. What I did was load but an additional Yubikey and loaded it onto both our BW accounts. That Yubikey lives at my mum’s house. So even in your scenario, we can still get to our vaults.
What a horror.
It should be noted that you can easily get to the same situation even if you're not THAT privacy-savvy, or if your state allows easier recovery of identity.
That so many of internet services (and even irl-ones!) don't know their customers (in effect leaving the onus of maintaining the relationship to the individual) is a problem that doesn't limit itself to catastrophes like lightning strikes. That's a lot of spoons to spend on the regular!
@Edent Missing word here "it can be intercepted or the SIM can [be] swapped to one controlled by an attacker" glad your house is still standing
@yahe I'm glad your app has been audited to make sure it is 100% trustworthy.
What happens if I need to change one of my passwords? Do I have to remember how many times it has been rotated?
@yahe I do not like the approach.
It doesn't deal with rotation.
What happens if a site has limitations on length or characters?
If the master password is compromised, everything is vulnerable.
I appreciate what you're trying to do - but password security is too important to leave to a hobby project.
@Edent Have you considered keeping a copy of your password manager's credentials and the corresponding 2FA secret with your wills at your local solicitors?
As a bonus, you can then let family members know it's there, so they can access your online accounts in the event that you both share the same fate as your FIDO2 key.