Security After Death -- Not your problem, or is it?
My best friend of 30+ years unexpectedly died in March of 2017. The grieving widow and daughter asked me to break into his work laptop and home systems to recover passwords, pictures and files they wanted. After about 20+ hours of work I managed to get into the computers and phones, but was not able to recover all the passwords; mostly because he stored all his passwords in his brain and never bothered to write them down or put them into a keyring.
So, my adventure got me thinking about the problems that survivors have today with accessing all the accounts, with all the different passwords for one’s digital life: Facebook, email, Twitter, Netflix, bank account, phones computers, and dozens of other accounts. I personally have 456 passwords between 4 keyrings making recovery an absolute necessity if I die or become incapacitated.
It turn out that the more computer security conscious you are, the more you have to think about “security after death” and how will my partner, businesses or employers will manage or close all the accounts I have. This also practical implications for businesses that have key employees that manage systems and how a business can survive a catastrophic employee loss.
The talk gives practical solutions to the issues with varying degrees of security. The solutions range from commercial to open source and some role your own, because even the keyring providers don’t have a way to secure and share password shards.
The question that needs to be answered is; “How do I keep my stuff private when I am alive; but allow others to access it after I am dead?”.
I will talk about Shamir’s Secret Sharing https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing that can be used to share passwords where one single shard cannot be used to recover your password, but can be used by n of m trusted persons to recover the password(s) and use it to access your encrypted data.
I will review the current state of keyrings both commercial and open source and talk about why you should be using them in your personal life and at your businesses to help manage your security, safely share passwords and how to recover from unexpected loss of employees.