Ask Slashdot: How To Protect Your Passwords From Amnesia?

Phopojijo writes "You can encrypt your password library using a client-side manager or encrypted file container. You could practice your password every day, keep no written record, and do everything else right. You then go in for a serious operation or get in a terrible accident and, when you wake up, suffer severe memory loss. Slashdot readers, what do you consider an acceptable trade-off between proper security and preventing a data-loss catastrophe? I will leave some details and assumptions up to interpretation (budget, whether you have friends or co-workers to rely on, whether your solution will defend against the Government, chance of success, and so forth). For instance, would you split your master password in pieces and pay an attorney to contact you with a piece of it in case of emergency? Would you get a safe deposit box? Some biometric device? Leave the password with your husband, wife, or significant other? What can Slashdot come up with?"

Nice try

[sc0rpi0n]

Nice try, NSA!

Re:Hire a lawyer

[Rosco P. Coltrane]

I'd rather give my password to a russian hacker than to a lawyer. The former is probably more trustworthy...

Re:Why is "forgetting" such a problem apparently?

[OolimPhon]

"All I have to remember is a poem".

This won't necessarily work if you have amnesia! Poem? What do I need a poem for? And all that stem/prefix/append process, if you have amnesia, what's that all about?

If your passwords, and your password generating method, are kept solely inside your head, then that is a single point of failure. Fall off a bike and it may be gone. For ever. The point is to be able to somehow reconstruct your passwords if you can't remember!

Re:Paranoid much?

[stranger_to_himself]

Amnesia is most often associated with major brain damage, which means you have a lot more to worry about than your passwords.

Also with ageing - not just in dementia. My parents in their 60s/70s both struggle with remembering secure passwords.

Re:A piece of paper in a drawer

[pla]

For work-related passwords, my boss has every right to know my passwords if I get sick.

Absolutely not. Your employer has every right to reset your work-related passwords to gain access to your machine - An easily detected, even auditable, event that proves "you" didn't try to bribe a Central American dictator to use your company's brand of widgets (or bullets, as appropriate).

Now, for truly shared company passwords like a corporate Twitter account, you should already have a key escrow plan set up - That might mean a formal third-party service, or something as simple as the old trick of writing it on a note-card, sealing the note-card in an envelope, and signing across the flap. Store envelope in a secure area.

Don't confuse those two situations.

Re:A piece of paper in a drawer

[DarkOx]

For work-related passwords, my boss has every right to know my passwords if I get sick. So, it makes sense to store them offline (e.g. a piece of paper in a drawer at the secretary's office). The security my passwords then relies on the security guards at the gate.

Disagree.

Your boss has every right to possess credentials himself capable of resetting or changing your password to something he knows; should a need arise. He should not however have your password. This is a audit and separations of powers issue. Being able to reset your password is fine, that should result in a log, of what account was reset and what account did the resting. If it was root, who sudo'ed to root, etc. Can someone with administrative access still taper with logs? Yes; but it raises the bar and makes it harder to cover their tracks from forensic examination if something happens.

Account credentials should not be shared for accountability reasons, even with the boss.

Re:A piece of paper in a drawer

[pspahn]

I know that it might seem obtuse, but there are in fact companies out there that don't even have an IT department and chances are the "IT system" is just a bunch of random machines doing random things and password resetting isn't a practical option.

Re:I do not discuss matters of security

[itsdapead]

Actually, that "security through obscurity" approach is exactly how security does NOT work :-)

Funny. Relying on a password that nobody else knows sounds like "security through obscurity" to me.

Re:Just post it on Slashdot

[yincrash]

The problem with this (along with other plans), is that if you get amnesia and forget your password, there may be the chance that you forget where you stored your password as well. So, to be a good plan, it has to involve you either stumbling on to it quickly, or having someone / something tell you it once they get news that you have amnesia.

Re:A piece of paper in a drawer

[MightyYar]

I agree with you on policy, but technically the boss has the right to have whatever policy he wants. It's his company, after all. Now if your "boss" is just the manager directly above you, they may very well be violating some company policy...

Re:Secure safe.

[fuzzyfuzzyfungus]

It seems like it really depends on (A)the threat model and (B) your tolerance for inconvenience.

A safe deposit box, say, won't last 10 seconds against The Man (unless you bank with the same Bespoke Swiss Wealth Management Entity whose gnomes have guarded your family's anonymous riches since the days when you were aristocracy); but is pretty much 100% bulletproof against hackers, malicious friends, and most other likely attackers with the possible exception of a malicious-but-once-trusted spouse. Plus, while it might be a bit of a hassle, especially if you face serious cognitive impairment, such an arrangement is well established enough, socially and legally, that regaining access to your box after an accident or something should be pretty doable.

Something like that would be too much of a hassle to routinely deposit updates to passwords you rotate frequently; but a good place for a long, hostile, master password for a password locker of some sort that you use day-to-day and store the passwords that actually get rotated in.

If the concern is The Man, of course, you could hardly do worse than that strategy. Depends on what you are worried about. If you aren't worried about the man, just putting it on paper in one of the institutions society has offered for secure storage for centuries now is the obvious strategy, and comes with the advantage that even 100% non-techies will be familiar with, and likely to be helpful with, such an arrangement. If you are worried about a warrant cutting through your security like a stray round through an innocent bystander, you'll need to get more creative, and hope that you have some social resources to employ.

Biometrics are always a terrible plan, of course (sure, your fingerprint will be fine after you get out of the burn ward, no problem...) and KISS is probably a good idea if your concern is the potential for unplanned mental degradation (whether pure memory, or cognition as well). The fancier you get, the worse your odds of remembering how your fancy plan to remember your passwords worked.

Re:Secure safe.

[morethanapapercert]

Small problem with your approach: It relies on you knowing what to DO with the N number of pieces given to you by your friends. Sure you may get back A, B, C...but your description seems to imply that the requirement to perform an XOR operation on the pieces is not part of the data you have given to friends. Is your resulting password WhiteSuitRicardoMontalban, WhiteRicardoMontalbanSuit or RicardoMontalbanWhiteSuit? You need the generation method to be part of the recovered data, not just the "seed" if you will. Otherwise you won't know if you need to XOR, concatenate, follow the breadcrumbs or use a simple substitution cipher on the pieces.

A similar problem lies in most of the other "tell N friends to give you the clues needed to find the password" approaches. What happens if one or more friends fail to return the clue they possess? It's like having a hard drive array as a simple spanned volume. Lose one drive and everything is lost. Trying to include a checksum or similar function seems needlessly complex IMHO.

I think most folks are over-thinking this. Lets stipulate that I have lost my memory for whatever reason. All my passwords are generated using a relatively simple pattern. If I was amnesiac, I still have all those passwords saved in my browser, chat and email clients. Amnesiac me can collect email and log into sites that I use as long as my computer is intact. My wife knows the pattern but not the current passwords, if I can't get into the password lockers, my wife can give me the starting point. From there I can access my passwords with as little as 5 tries. However, as long as my email client still has useful passwords, the vast majority of my password list can be reset with a simple "I forgot my password" request. If, for whatever reason, those two options aren't good enough, I really don't care y'know? If I'm amnesiac, I have much bigger problems on my plate than whether I can access any social sites, member-only areas of sites and so on. Given the kind of brain trauma needed to get significant amnesia, I probably would not have much use for email for the first while anyway.