Show HN: If you lose your memory, how to regain access to your computer?
49 points
2 hours ago
| 13 comments
| eljojo.github.io
| HN
Due to bike-induced concussions, I've been worried for a while about losing my memory and not being able to log back in.

I combined shamir secret sharing (hashicorp vault's implementation) with age-encryption, and packaged it using WASM for a neat in-browser offline UX.

The idea is that if something happens to me, my friends and family would help me get back access to the data that matters most to me. 5 out of 7 friends need to agree for the vault to unlock.

Try out the demo in the website, it runs entirely in your browser!

econ
5 minutes ago
[-]
I like it. Perhaps you can use a weird idea of mine.

You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.

One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.

The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.

reply
bitexploder
56 minutes ago
[-]
Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
reply
maurycyz
20 minutes ago
[-]
This. A physical safe provides something that you can't do digitally: It's hard, but not impossible to get in without credentials.

On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.

reply
kylehotchkiss
3 minutes ago
[-]
I've broken into Physical Safes using nothing more than a drill with a half inch bit (I was young and didn't want to drag myself to harbor freight to sacrifice a more suitable tool). Enough boreholes and I had access.

In hindsight, looking harder for the key would probably have been fruitful.

reply
munk-a
34 minutes ago
[-]
Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).

In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).

reply
rcxdude
29 minutes ago
[-]
Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)
reply
rcxdude
39 minutes ago
[-]
In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.
reply
nippoo
39 minutes ago
[-]
This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...
reply
nandomrumber
19 minutes ago
[-]
You can give your password, or part of it, to your estate lawyer to attach to your will.

This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.

reply
rcxdude
37 minutes ago
[-]
Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret.

(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)

reply
rawgabbit
26 minutes ago
[-]
For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.

https://support.apple.com/guide/iphone/share-passwords-iphe6...

https://support.apple.com/guide/icloud/share-files-and-folde...

reply
cbabraham
20 minutes ago
[-]
aw, friend of mine built this way back in the day

https://michael-solomon.net/keybearer

https://github.com/msolomon/keybearer

reply
modeless
56 minutes ago
[-]
For this purpose Google offers "Inactive Account Manager" AKA a dead man's switch.
reply
ddtaylor
1 hour ago
[-]
I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.

Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.

reply
ericbarrett
58 minutes ago
[-]
I also had old Google backup codes fail a few years ago. Anybody who hasn't regenerated them in a year or two, I recommend you do so.
reply
lucenet
46 minutes ago
[-]
Well, this is disturbing news.
reply
Zambyte
16 minutes ago
[-]
Google services are best treated as a liability.
reply
moltymolt
1 hour ago
[-]
That's an interesting idea. It's a good solution to the problem of sharing all your passwords with your loved ones posthumously. Typically that'd involve keeping everything in a vault which will automatically be released to your person of choice if you failed to reset it. The annoying part is having to reset it indefinitely. I like your idea where you share it with multiple people in advance but they would have to collectively decide to unlock it.
reply
croisillon
25 minutes ago
[-]
i thought 3M had already invented the best password safe ;)
reply
ddtaylor
11 minutes ago
[-]
I think 3M also sells a $5 wrench.
reply
lucenet
53 minutes ago
[-]
Write down the password, print out recovery codes. Store them in separate buildings.

Tell someone you trust about where you left these pieces of paper.

reply
notepad0x90
49 minutes ago
[-]
a safe-deposit box at a bank works ok too.
reply
JTbane
37 minutes ago
[-]
master password on paper hard copy
reply
BoredPositron
42 minutes ago
[-]
Yubikey
reply
registeredcorn
48 minutes ago
[-]
I explicitly make it so I cannot regain access to my computer in the event that my memory becomes faulty.

I would be in an impaired state, and cannot function in way that would be conducive to either work or pleasure in terms of computer use.

That is to say, the entire reason why I have password security at all is to keep out people who do not know the password. If someone does not know the password, they should not be able to access the system. That obviously and clearly applies to myself as much as any other person. "If you do not know it, then you do not need it."

reply
saltcured
28 seconds ago
[-]
I agree in broad strokes. If I am incapacitated, that is when things like durable power-of-attorney, medical advance directives, and living trusts come into play.

The important thing is to ensuring your computer is not a single point of failure. Instead of losing a password, you could have theft, flood, fire, etc. Or for online accounts, you are one vendor move away from losing things. None of these should be precious and impossible to replace. I've been on the other side of this, and I think the better flow is to terminate or transfer accounts, and wipe and recycle personal devices.

A better use of your time is to set up a disaster-recovery plan you can write down and share with people you trust. Distribute copies of important data to make a resilient archive. This could include confidential records, but shouldn't really need to include authentication "secrets".

Don't expect others to "impersonate" you. Delegate them proper access via technical and/or legal methods, as appropriate. Get some basic legal advice and put your affairs in order. Write down instructions for your wishes and the "treasure map" to help your survivors or caregivers figure out how to use the properly delegated authority.

reply
catlifeonmars
42 minutes ago
[-]
What if you forgot your password but retained all other memories?
reply
esafak
42 minutes ago
[-]
No family, eh?
reply