Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Useful checklist: https://getyourshittogether.org/

Others in this thread have talked about safety deposit boxes and buried crates. I'd add that you can just give some trusted party a normal encrypted USB flash drive, and eliminate the risk of getting absolutely rinsed out in the event of a house burglary by splitting the password amongst an arbitrary number of your other contacts using the Shamir's Secret Sharing algorithm.



I call this a Horcrux.

Also, unless your arbitrary number of friends are cryptographers, it's a sure way for them to collectively lose your shit.


Create transparencies with the text

   If you put at least 3 of these
   on top of each other, my Google
   recovery code will appear here:

   2  £ 3 > ]7   7#A    E
(each with different characters shown, of course. Ask a mathematician to make sure any 3 will show the full code, and any 2 won’t show enough to recover it)

Put them in envelopes, write “open in case John Doe dies” on them, and distribute them among friends.

If you distribute enough of them, I think there’s a reasonable chance they’ll recover your data.

As an improvement, distribute them not to your friends, but to their kids (the probability is higher they’ll be sane of mind when you die), and tell your attorney who has one.

I think that’s overkill, though. I’ve done it simpler: I wrote the full recovery codes down a few times and put them in a few places in my house.

I think that’s fine if I assume burglars won’t take them or won’t know what to do with them and I won’t die in a disaster that also destroys my house.


> I think that’s fine if I assume … I won’t die in a disaster that also destroys my house.

You might not die, but you might still end up in a pretty bad position: https://shkspr.mobi/blog/2022/06/ive-locked-myself-out-of-my...

Incredibly unlikely, of course, but you'll certainly feel like a dick if it does happen.


As someone who _has_ had their house burn down and had to recover their digital life from backups (successfully), this is why I've not made the step to yubikeys.


I'd say a regular will, sealed at a notary is just okay.

If you are really paranoid, why not write a service that works like a dead mans switch and when you don't trigger it for n days it sends all the keys to the kingdom to those who should receive them.


Google actually provides this service: https://myaccount.google.com/inactive?pli=1

At this point I've moved almost everything off Google and basically now only use my Gmail account for logins on websites I don't want to give my real email address to and to keep Inactive Account Manager setup to send the necessary info to get into my 1Password account to my brother if I die.

I have a will setup with all my financial details and have set beneficiaries everywhere but this feels like a good backup in case I forget to update it with something or my family has trouble gaining access using other means.


> The setting you are looking for is not available for your account.

Google Apps strikes again...


That’s a helpful link! Do you know if google allows access to Gmail once inactivity is triggered? Ideally my contacts could use it to recover access to my password manager.


You have the option to allow that yes. When you add people to be contacted you're able to granularly decide what parts of your google account they get access to and can optionally add a personal message as well.


Step 1: Kidnap $target

Step 2: keep for N+1 days

Step 3: …*

Step 4: profit!

* where “…” just means “wait”


Kidnapping $target works for just about every contingency once you include $hammer.


Why bother waiting!?

https://xkcd.com/538/


Only a couple need to be into cryptography. You can setup so than N-of-M keys work, so that you're resilient to M-N losing their key

You can have 2-of-20 which encrypts an encrypted blob whose key you share in your will


Additional links:

* What to Do Before You Die: A Tech Checklist – https://archive.is/6vjqQ

* Cheat Sheet For If I'm Gone – https://archive.is/lnWX6https://github.com/christophercalm/if-im-gone/blob/main/exam... (HN discussion: https://news.ycombinator.com/item?id=31748553)


Also https://g3rv4.com/2022/04/using-shamir-secret-sharing which includes a link to an easy-to-use SSS tool that can output shards as QR codes.


I am picturing a room full of non-programmers staring at all these documents, codes and Docker commands and saying “Well, Greg was obviously crazy. Instead of leaving any of his passwords, he just left pages of gibberish. I guess we’ll never be able to access anything.”


Me too, but then I realise that one should include at least a few tech savvy friends - or references to good coworkers or similar which these friends could contact.


I wouldn't trust USB flash drives with anything long term. Best archival method would be to print something out (perhaps an encrypted message in a QR code), have it put away somewhere secure, and use that for a key to unlocking everything else.


Yes, this, USB flash drives live at most 5 years or something. Things get even worse for SSD.

If we are talking just about credentials, you can just print the password and access instructions to a password manager and give it to the people you trust. This is one place were having a cloud password manager might be helpful, otherwise you would need to also provide the access to a device containing the offline manager (or a updated copy of it)

You probably don't need to keep a whole flash drive for credentials. Unless you also want to keep some other files secure without being on other devices


Bitcoiners have been thinking about this storage problem for a decade now. Secure electronic devices in faraday cages and tamper and water proof bags or engraved steel plates (possibly cut up and distributed) seem to be the way to go for storing small bits of extremely valuable information.

Or of course you can use multiple key storage techniques and have a 2 out of 3 or more type setup. It all depends on how valuable the information is.


Engraved steel plates cut up is actually extremely easy and virtually indestructible.

You can buy a piece of 100x50x3 mm 316 stainless steel (thats 4"x2"x1/8" in freedom units) for around $5.

Engraving it is a simple matter of using a $10 automatic center punch and write the password out in dot punched letters.

If necessary, cut plate in N pieces with a hack saw, distribute among N people.

I always mark bicycles this way, dot punch my last name underneath the bottom bracket shell.


Security against unauthorized use and data lifespan are separate concerns. They're not fully orthogonal—security tends to make things more brittle—but you can apply whatever form of security you like and then store the secured data in any way you like. Hardburn seems to have been talking purely about the useful life of the archived data. The charge in flash storage leaks, so the data is eventually lost if not refreshed. A flash drive is reliable for a year, but not a decade. If you want long term storage you're going to want something else. Paper would be fine for most uses. An ordinary printout subjected to ordinary handling is good for a few decades with reasonable storage conditions.




Consider applying for YC's Fall 2026 batch! Applications are open till July 27.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: