Ask Slashdot: How To Protect Your Passwords From Amnesia?

Phopojijo writes "You can encrypt your password library using a client-side manager or encrypted file container. You could practice your password every day, keep no written record, and do everything else right. You then go in for a serious operation or get in a terrible accident and, when you wake up, suffer severe memory loss. Slashdot readers, what do you consider an acceptable trade-off between proper security and preventing a data-loss catastrophe? I will leave some details and assumptions up to interpretation (budget, whether you have friends or co-workers to rely on, whether your solution will defend against the Government, chance of success, and so forth). For instance, would you split your master password in pieces and pay an attorney to contact you with a piece of it in case of emergency? Would you get a safe deposit box? Some biometric device? Leave the password with your husband, wife, or significant other? What can Slashdot come up with?"

Secure safe.

Tell all your passwords to me, they'll be safe. Just don't forget who I am.

Re:Secure safe.

[wonkey_monkey]

Like that'll ever happen. You post here all the damn time.

Re:Secure safe.

[FatLittleMonkey]

"The password is in the book"; "Moby Dick"; "Page 27, Line 6"

Oops. Heh.

"unlock his bridegroom clasp--yet, sleeping as he was, he still hugged me tightly"

Oh Queequeg...

Re:Secure safe.

[fuzzyfuzzyfungus]

It seems like it really depends on (A)the threat model and (B) your tolerance for inconvenience.

A safe deposit box, say, won't last 10 seconds against The Man (unless you bank with the same Bespoke Swiss Wealth Management Entity whose gnomes have guarded your family's anonymous riches since the days when you were aristocracy); but is pretty much 100% bulletproof against hackers, malicious friends, and most other likely attackers with the possible exception of a malicious-but-once-trusted spouse. Plus, while it might be a bit of a hassle, especially if you face serious cognitive impairment, such an arrangement is well established enough, socially and legally, that regaining access to your box after an accident or something should be pretty doable.

Something like that would be too much of a hassle to routinely deposit updates to passwords you rotate frequently; but a good place for a long, hostile, master password for a password locker of some sort that you use day-to-day and store the passwords that actually get rotated in.

If the concern is The Man, of course, you could hardly do worse than that strategy. Depends on what you are worried about. If you aren't worried about the man, just putting it on paper in one of the institutions society has offered for secure storage for centuries now is the obvious strategy, and comes with the advantage that even 100% non-techies will be familiar with, and likely to be helpful with, such an arrangement. If you are worried about a warrant cutting through your security like a stray round through an innocent bystander, you'll need to get more creative, and hope that you have some social resources to employ.

Biometrics are always a terrible plan, of course (sure, your fingerprint will be fine after you get out of the burn ward, no problem...) and KISS is probably a good idea if your concern is the potential for unplanned mental degradation (whether pure memory, or cognition as well). The fancier you get, the worse your odds of remembering how your fancy plan to remember your passwords worked.

Re:Secure safe.

[morethanapapercert]

Small problem with your approach: It relies on you knowing what to DO with the N number of pieces given to you by your friends. Sure you may get back A, B, C...but your description seems to imply that the requirement to perform an XOR operation on the pieces is not part of the data you have given to friends. Is your resulting password WhiteSuitRicardoMontalban, WhiteRicardoMontalbanSuit or RicardoMontalbanWhiteSuit? You need the generation method to be part of the recovered data, not just the "seed" if you will. Otherwise you won't know if you need to XOR, concatenate, follow the breadcrumbs or use a simple substitution cipher on the pieces.

A similar problem lies in most of the other "tell N friends to give you the clues needed to find the password" approaches. What happens if one or more friends fail to return the clue they possess? It's like having a hard drive array as a simple spanned volume. Lose one drive and everything is lost. Trying to include a checksum or similar function seems needlessly complex IMHO.

I think most folks are over-thinking this. Lets stipulate that I have lost my memory for whatever reason. All my passwords are generated using a relatively simple pattern. If I was amnesiac, I still have all those passwords saved in my browser, chat and email clients. Amnesiac me can collect email and log into sites that I use as long as my computer is intact. My wife knows the pattern but not the current passwords, if I can't get into the password lockers, my wife can give me the starting point. From there I can access my passwords with as little as 5 tries. However, as long as my email client still has useful passwords, the vast majority of my password list can be reset with a simple "I forgot my password" request. If, for whatever reason, those two options aren't good enough, I really don't care y'know? If I'm amnesiac, I have much bigger problems on my plate than whether I can access any social sites, member-only areas of sites and so on. Given the kind of brain trauma needed to get significant amnesia, I probably would not have much use for email for the first while anyway.

Just post it on Slashdot

[michelcolman]

And then, whenever you need your password, just "ask Slashdot"! Of course there will then be some jokers who post incorrect passwords, but they will be modded down rapidly since anyone can check whether the password is correct or not. Just go with the "+5 informative" one.

Re:Just post it on Slashdot

[master5o1]

Remember, posting your password on the internet will show the password to you as as your password, but others will see it as stars.

See, look at my password ************

So now if I get amnesia all I have to do is come back and check my comment history and I'll find my password.

Re:Just post it on Slashdot

[oodaloop]

Yeah, I use a bunch of asterisks for my passwords too.

Re:Just post it on Slashdot

[yincrash]

The problem with this (along with other plans), is that if you get amnesia and forget your password, there may be the chance that you forget where you stored your password as well. So, to be a good plan, it has to involve you either stumbling on to it quickly, or having someone / something tell you it once they get news that you have amnesia.

Re:Just post it on Slashdot

[isorox]

Remember, posting your password on the internet will show the password to you as as your password, but others will see it as stars.

See, look at my password ************

So now if I get amnesia all I have to do is come back and check my comment history and I'll find my password.

So your password is hunter2?

Do what Jason Bourne did

[wisebabo]

Tattoo your safe deposit bank number (the bank of which required your biometric identity to get into the vault) on your arm. Maybe you should also tattoo the name of the bank (and address?) there, I seem to remember that he had problems remembering he had a safe deposit box there.

Nice try

[sc0rpi0n]

Nice try, NSA!

Re:A piece of paper in a drawer

[txoof]

A trusted executor is really the way to go here. Store the passwords in an encrypted format and then give the key to a trusted party that will only unseal the encrypted database in the event that you are incapacitated. For added security, split the key into multiple parts and give it to multiple parties. It would probably be best to transport the key in a physical format and make it clear that the importance of the document.

In a work place setting, give the keys to supervisors that are mutually responsible for the systems in question. In a personal setting, give the keys to family members that are trusted. Be sure to provide step-by-step instructions as to how to decrypt your data. If you are so unfortunate to not have trusted family or friends, pay a law firm to administrate this service and act as your executor. For a fee, the law firm can be instructed to only unseal the data in the event that certain standards are met (such as a declaration of incompetence by N medical professionals).

Use mooltipass

[mathieu.stephan]

At Hackaday we're actually developing a solution that could work in your case. The concept behind this product is to minimize the number of ways your passwords can be compromised, while generating and storing long and complex random passwords for the different websites you use daily. It is designed to be as small as possible so it can fit in your pocket. The Mooltipass is composed of one main device and a smartcard. On the device are stored your AES-256 encrypted passwords. The smartcard is a read protected EEPROM that needs a PIN code to unlock its contents (AES-256 key + a few websites credentials). As with your credit card, too many tries will permanently lock the smart card. Therefore, you'd only need to share your PIN code with your husband/wife (5 to 6 numbers) And the whole project is open source.... http://hackaday.com/tag/developed-on-hackaday/

I did something really clever

[Chrisq]

I did something really clever with my password list .... I'm darned if I can remember what though.

Re:I did something really clever

[Chrisq]

I did something really clever with my password list .... I'm darned if I can remember what though.

You emailed the list to me for safekeeping. Just send $10,000 (plus shipping and handling) to my paypal account, and I'll send it right back to you!

Sure ... just tell me my paypal password first, I can't remember it!

Re:Hire a lawyer

[Rosco+P.+Coltrane]

I'd rather give my password to a russian hacker than to a lawyer. The former is probably more trustworthy...

Republican answer

[korbulon]

Try not getting amnesia in the first place! Whore!

Re:A piece of paper in a drawer

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate...

Your boss does not have "every right" to know your password at work any more than any other employee has a "right" to know it. You are an IT Security person's worst nightmare with that bullshit argument, especially if you have even a fucking hint of how Windows security works, and know damn well that in any emergency, most any member of your IT staff can reset any password upon following proper HR and IT policy, which is your audit trail as well for CYA.

Work passwords pretty much for the most part do NOT need to be stored offline in any way for this very obvious reason, and by relying upon the security guards, you've basically destroyed any point in having any sort of strong password policy.

Like I said, you're an IT Security person's worst nightmare. Knock it off with that shit already, and use common sense.

Re:Why is "forgetting" such a problem apparently?

[OolimPhon]

"All I have to remember is a poem".

This won't necessarily work if you have amnesia! Poem? What do I need a poem for? And all that stem/prefix/append process, if you have amnesia, what's that all about?

If your passwords, and your password generating method, are kept solely inside your head, then that is a single point of failure. Fall off a bike and it may be gone. For ever. The point is to be able to somehow reconstruct your passwords if you can't remember!

Re:Paranoid much?

[stranger_to_himself]

Amnesia is most often associated with major brain damage, which means you have a lot more to worry about than your passwords.

Also with ageing - not just in dementia. My parents in their 60s/70s both struggle with remembering secure passwords.

Re:A piece of paper in a drawer

[aaribaud]

For work-related passwords, my boss has every right to know my passwords if I get sick

Hmm, no, he has every right to access your professional data for sure, but this does not necessarily require him to know your passwords. Back when I was doing IT for a 25-odd people company, I'd briefed people that their password was like their signature: personal, and if some manager asked them their password, they should redirect the manager to me (happened a few times, each time the request was baseless and rejected, and when there was an actual problem, it was solved without anyone having to let anyone else know their password). Heck, I'd briefed everybody never to tell me their password.

Re:A piece of paper in a drawer

[pla]

For work-related passwords, my boss has every right to know my passwords if I get sick.

Absolutely not. Your employer has every right to reset your work-related passwords to gain access to your machine - An easily detected, even auditable, event that proves "you" didn't try to bribe a Central American dictator to use your company's brand of widgets (or bullets, as appropriate).

Now, for truly shared company passwords like a corporate Twitter account, you should already have a key escrow plan set up - That might mean a formal third-party service, or something as simple as the old trick of writing it on a note-card, sealing the note-card in an envelope, and signing across the flap. Store envelope in a secure area.

Don't confuse those two situations.

Re:A piece of paper in a drawer

[DarkOx]

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

Disagree.

Your boss has every right to possess credentials himself capable of resetting or changing your password to something he knows; should a need arise. He should not however have your password. This is a audit and separations of powers issue. Being able to reset your password is fine, that should result in a log, of what account was reset and what account did the resting. If it was root, who sudo'ed to root, etc. Can someone with administrative access still taper with logs? Yes; but it raises the bar and makes it harder to cover their tracks from forensic examination if something happens.

Account credentials should not be shared for accountability reasons, even with the boss.

Re:A piece of paper in a drawer

[ifiwereasculptor]

do I have any physical place where someone finding out my passwords would be the least of my concerns? If you have a place like that, store your passwords there.

You just gave me the best idea ever: tattoo your passwords on your penis. The chance of losing it is small when compared to the chances of losing a notebook or piece of paper, it's a private location and chances are social engineering industrial espionage attempts will have to get pretty interesting. I can see only two minor problems with my plan: first, you might not be able to fit strong passwords in there. If you end up only being able to fit easy to brute force passwords, I suggest you use the old piece of paper method, and maybe a pump. Second, your work may be one of those that use five or six different systems, all with different passwords, and rotate them on a monthly basis. You can still stick with the idea, but oh, boy, you're going to be sore.

Do what I did

[140Mandak262Jamuna]

Pick some nerdy site, say slashdot, and create an account. Use your password as the username, but it won't stand out in such sites. Cackling devilishly at the foolishness of the masses who do not realize that your password is hiding in plain sight is optional.

Re:A piece of paper in a drawer

[pspahn]

I know that it might seem obtuse, but there are in fact companies out there that don't even have an IT department and chances are the "IT system" is just a bunch of random machines doing random things and password resetting isn't a practical option.

Use a PO Box

[Overzeetop]

Go get a small PO Box
Print a master list of passwords each week and mail it to yourself at that PO box
Every 3-6 months go clean out your box except for the most recent and shred them
Keep the key with you at all times.

Why use this over a safety deposit box?
  (1) It's a federal felony for someone else to remove or open the letters
  (2) You have a list no more than a week old (prior to your death or amnesia) available
  (3) If you should die or become incapacitated, your home/mailing address will get a reminder once a year that you HAVE a box, and where it is, by producing ID or appears certifying your death or incapacitation, your attorney or next of kin will get a notification that such a box exists and when they (or you) check to see what mail you've gotten they'll discover your passwords.

Re:I do not discuss matters of security

[itsdapead]

Actually, that "security through obscurity" approach is exactly how security does NOT work :-)

Funny. Relying on a password that nobody else knows sounds like "security through obscurity" to me.

Re:A piece of paper in a drawer

[shikaisi]

I'm not bragging, but I just wanted to mention that I've got plenty of room for strong passwords.

Re:A piece of paper in a drawer

[MightyYar]

I agree with you on policy, but technically the boss has the right to have whatever policy he wants. It's his company, after all. Now if your "boss" is just the manager directly above you, they may very well be violating some company policy...

Re:A piece of paper in a drawer

[JackieBrown]

At work, when one password expires, I update all of my system passwords to match whichever new password I pick.

I used to come up with clever, difficult to guess passwords. Now that I have to change my password every three months, I just +1 my previous password. Farscape20 is what I was at before I switched shows.

If my job really expects a challenging password, then it should stop forcing me to update it so frequently. I am simply not imaginative enough (nor do I have the desire) to come up with something unique each time.

Dead Man's Switch

[fiziko]

Write a script with a "dead man's switch." Store passwords in an encrypted file on a secure system. If you don't log on and issue some sort of "wait" command every 30 days or so, then passwords get emailed to an account whose password is stored on a phone. At the time the passwords are issued, it's bloody insecure, but it should work well enough to get into the systems and change the passwords to something else. Not a perfect system, of course. What happens with a 60 day coma? Passwords are accessible for at least 25 of them, but not to you, etc. Existence of the script and encrypted file on an email ready system means there's a vulnerable spot there, too. It's better than nothing, though, and doesn't involve lawyer fees.

Re:Secure safe.(Shamir Secret Sharing)

[kye4u]

Use Shamir's Secret Sharing . That way ordering doesn't matter. You just need the N secrets.