Others in this thread have talked about safety deposit boxes and buried crates. I'd add that you can just give some trusted party a normal encrypted USB flash drive, and eliminate the risk of getting absolutely rinsed out in the event of a house burglary by splitting the password amongst an arbitrary number of your other contacts using the Shamir's Secret Sharing algorithm.
If you put at least 3 of these
on top of each other, my Google
recovery code will appear here:
2 £ 3 > ]7 7#A E
(each with different characters shown, of course. Ask a mathematician to make sure any 3 will show the full code, and any 2 won’t show enough to recover it)
Put them in envelopes, write “open in case John Doe dies” on them, and distribute them among friends.
If you distribute enough of them, I think there’s a reasonable chance they’ll recover your data.
As an improvement, distribute them not to your friends, but to their kids (the probability is higher they’ll be sane of mind when you die), and tell your attorney who has one.
I think that’s overkill, though. I’ve done it simpler: I wrote the full recovery codes down a few times and put them in a few places in my house.
I think that’s fine if I assume burglars won’t take them or won’t know what to do with them and I won’t die in a disaster that also destroys my house.
As someone who _has_ had their house burn down and had to recover their digital life from backups (successfully), this is why I've not made the step to yubikeys.
I'd say a regular will, sealed at a notary is just okay.
If you are really paranoid, why not write a service that works like a dead mans switch and when you don't trigger it for n days it sends all the keys to the kingdom to those who should receive them.
At this point I've moved almost everything off Google and basically now only use my Gmail account for logins on websites I don't want to give my real email address to and to keep Inactive Account Manager setup to send the necessary info to get into my 1Password account to my brother if I die.
I have a will setup with all my financial details and have set beneficiaries everywhere but this feels like a good backup in case I forget to update it with something or my family has trouble gaining access using other means.
That’s a helpful link! Do you know if google allows access to Gmail once inactivity is triggered? Ideally my contacts could use it to recover access to my password manager.
You have the option to allow that yes. When you add people to be contacted you're able to granularly decide what parts of your google account they get access to and can optionally add a personal message as well.
I am picturing a room full of non-programmers staring at all these documents, codes and Docker commands and saying “Well, Greg was obviously crazy. Instead of leaving any of his passwords, he just left pages of gibberish. I guess we’ll never be able to access anything.”
Me too, but then I realise that one should include at least a few tech savvy friends - or references to good coworkers or similar which these friends could contact.
I wouldn't trust USB flash drives with anything long term. Best archival method would be to print something out (perhaps an encrypted message in a QR code), have it put away somewhere secure, and use that for a key to unlocking everything else.
Yes, this, USB flash drives live at most 5 years or something. Things get even worse for SSD.
If we are talking just about credentials, you can just print the password and access instructions to a password manager and give it to the people you trust. This is one place were having a cloud password manager might be helpful, otherwise you would need to also provide the access to a device containing the offline manager (or a updated copy of it)
You probably don't need to keep a whole flash drive for credentials. Unless you also want to keep some other files secure without being on other devices
Bitcoiners have been thinking about this storage problem for a decade now. Secure electronic devices in faraday cages and tamper and water proof bags or engraved steel plates (possibly cut up and distributed) seem to be the way to go for storing small bits of extremely valuable information.
Or of course you can use multiple key storage techniques and have a 2 out of 3 or more type setup. It all depends on how valuable the information is.
Security against unauthorized use and data lifespan are separate concerns. They're not fully orthogonal—security tends to make things more brittle—but you can apply whatever form of security you like and then store the secured data in any way you like. Hardburn seems to have been talking purely about the useful life of the archived data. The charge in flash storage leaks, so the data is eventually lost if not refreshed. A flash drive is reliable for a year, but not a decade. If you want long term storage you're going to want something else. Paper would be fine for most uses. An ordinary printout subjected to ordinary handling is good for a few decades with reasonable storage conditions.
Others in this thread have talked about safety deposit boxes and buried crates. I'd add that you can just give some trusted party a normal encrypted USB flash drive, and eliminate the risk of getting absolutely rinsed out in the event of a house burglary by splitting the password amongst an arbitrary number of your other contacts using the Shamir's Secret Sharing algorithm.