How to Share Passwords and Backups Securely Posthumously
Whether it's your personal life of business life, you'll die, that's inevitable. This is a tutorial on how to not be be a burden on others in the event of your death, but instead, instill a secure and confidential process.
How will I prepare my digital assets and accounts upon my death?
You might think I'd rather die with all my passwords then insecurely share them. That was me too (especially since I work in infosec). Times have changed and more is at stake of significant loss. Digital assets, bitcoins, etc.
You need to prepare for your death to lessen the burden on loved ones and business partners. It's like "eat your broccoli", you know you should, you just don't do it.
I wanted a way to share my backups, passwords, and other digital assets upon my death.
The solution needs to meet the following requirements:
- Be secure and fault tolerant so I was assured it would work when I'm not here
- Avoid relying on paid services, escrows, and other third-party solutions that might not be in business when I'm gone (or can't be trusted)
- My wife (or other trusted party) should be able to perform all functions with little technical experience.
- Easy to maintain
- Allows for password rotation with ease
Using hardware devices to distribute my keys
Use a hardware device commonly used for bitcoin cold storage (an offline only storage that's not connected to the computer in any way) with a secret sharing algorithm to distribute the keys to multiple trusted individuals.
icon-star:
This method does not provide the trusted individuals with all the keys.
So no one person can be compromised, or act maliciously, or lose the key and affect the possibility of decryption.
An approach we'll use works similar to dual authorization in banks (or nuclear launch codes). Think multiple people must agree and provide something in order to carry out an action.
We'll use a similar secret sharing approach that allows us to share with a larger group of individuals. We'll also have fun with some algorithms that are used in the blockchain.
Choosing Hardware
First we have to choose how we'll physically provide the secrets.
The best option is to use something that can withstand a disaster such as a house fire, flood, etc. Here is what I chose:
Cryptosteel Capsules
I bought four, one for myself and three to be given to trusted family and friends:
Cryptosteels can be pricey, but they should last a lifetime. ;-)
The Cryptosteel Capsule is the premier backup tool for autonomous offline storage of valuable data without any third-party involvement. The solid metal device, designed to survive extreme conditions, works under nearly all circumstances.
Other options can be:
- Any crypto cold storage device or capsule
- USB stick (not the best idea since it is digital and has a shelf life)
- A piece of paper (better than not doing this at all)
Encryption
Shamir's Secret Sharing (SSS) algorithm splits a secret (in this case a password) into multiple parts (called shares). You can set a threshold or a number in which the required parts are need to reconstruct the original secret.
This allows me to hand out unique password shares to each person I trust, but require a smaller number (threshold) of those individuals to reconstruct my original secret. This allows one of your trusted individuals to loose their password share but not compromised the ability to reconstruct the original share. Or if you are like me, your closest friends are hackers and would take the opportunity to pull a personal prank on me...but they can't unless they have the cooperation of multiple individuals.
How To Setup Your Shared Secret Backup
These instructions were carried out a Linux system, but could be adapted for Windows.
- Create the File
Create a plaintext file with your currently used master password for your password vault/app in it. Let's call thismylife.txt
. You can also include anything you'd want to share upon your death in this file.I buried $3m behind a bench in the park
, for example. - Encrypt the File
Symmetrically encrypt themylife.txt
file and provide a passphrase using GPG. This passphrase will be the secret that gets converted into shares. It should be different than whats stored in themylife.txt
file:
Note: The above command outputs a separate encrypted file namedgpg -c --no-symkey-cache mylife.txt
mylife.txt.gpg
. Don't forget to shred and delete the original plaintext file. - Split the Passphrase
Split the passphrase that you used in the command above (the passphrase to encrypt the file, not the password inside the file) and provide it when prompted into thessss
command:
I chose to split my password into 4 shares and only require 3 of the 4 shares to recovery the original secret. You can change these values based on your needs. Take each share and put them into your capsule.ssss-split -t 3 -n 4
Note: Include the numbered prefixes, this is part of the share and is needed. - Standby
Putting these on individually is the longest part of the process. Put on a podcast and go to work! - Test your Backup
You can do this by randomly choosing shares that match your threshold and inputting them into the following command to reconstruct the original secret:
Thessss-combine
command uses your secret shares to reconstruct your original passphrase
You're not done testing! Make sure that the passphrase from thessss-combine
output can successfully decrypt the GPG file,mylife.txt
:
gpg decrypt the file containing instructions on how to access your password safe. - Distribute your shares to trusted individuals.
For me, this was family and friends. I also kept one share to myself that my wife or kids could use if needed. Consider distributing one of your shares to someone that has used Linux before. Since they will need to run few command line tools.
Instructions For Your Share Holders
I've made a simple one-page document that explains this process and I include it with each share I distribute.Make sure the instructions you provide are clear and easy to follow. For my case, my wife or parents will initiate the recovery process upon my death.sprocketsecurity / password-recovery-upon-death
A secure password recovery process used upon your death and engaged by multiple approvers. Use Shamir Secret Sharing and Cryptosteel capsules.
You should include the current contact information of each share owner since they'll need to work together to recovery your passphrase.
Rotating Your Master Password without Redistributing Shares
The biggest benefit of this method is the ability to rotate your master passsphrase or even switch password vaults altogether and not have to redo the original work.
Keep your original shamir secret (the one to decrypt the gpg file) within your password safe. Simply decrypt the mylife.txt.gpg
file, change your passphrase or instructions, and encrypt using the same original shamir secret. Passphrase rotations made easy!
Conclusion
You can use this process for your personal life, part of your business succession plan, disaster recovery, or simply for multiple authorizations. The whole process takes less than an hour and you'll have a great feeling at the end knowing that your backup plan is safe.
Continuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations