When Security Locks You Out of Everything

Thought experiment story of someone who lost everything in a house fire, and now can’t log into anything:

But to get into my cloud, I need my password and 2FA. And even if I could convince the cloud provider to bypass that and let me in, the backup is secured with a password which is stored in—you guessed it—my Password Manager.

I am in cyclic dependency hell. To get my passwords, I need my 2FA. To get my 2FA, I need my passwords.

It’s a one-in-a-million story, and one that’s hard to take into account in system design.

This is where we reach the limits of the “Code Is Law” movement.

In the boring analogue world—I am pretty sure that I’d be able to convince a human that I am who I say I am. And, thus, get access to my accounts. I may have to go to court to force a company to give me access back, but it is possible.

But when things are secured by an unassailable algorithm—I am out of luck. No amount of pleading will let me without the correct credentials. The company which provides my password manager simply doesn’t have access to my passwords. There is no-one to convince. Code is law.

Of course, if I can wangle my way past security, an evil-doer could also do so.

So which is the bigger risk?

  • An impersonator who convinces a service provider that they are me?
  • A malicious insider who works for a service provider?
  • Me permanently losing access to all of my identifiers?

I don’t know the answer to that.

Those risks are in the order of most common to least common, but that doesn’t necessarily mean that they are in risk order. They probably are, but then we’re left with no good way to handle someone who has lost all their digital credentials—computer, phone, backup, hardware token, wallet with ID cards—in a catastrophic house fire.

I want to remind readers that this isn’t a true story. It didn’t actually happen. It’s a thought experiment.

Tags: , , ,

Posted on June 28, 2022 at 6:22 AM69 Comments

Comments

wally June 28, 2022 6:58 AM

Personal physical offsite backup. Cloud is secondary. Doing it for years. Everything is physically & easily available to with a memorable master password/phrase.
If the situation is so bad even my offsite is gone, I don’t think I’ll be in any position to care.

Mike June 28, 2022 7:10 AM

Wally already mentioned it, but I want to elaborate on it slightly. Keep a backup means of getting back in, and keep it someplace safe that is NOT colocated with your primaries. You might want to rent a small safe deposit box. Or keep an unmarked notebook at work. Maybe ask a parent, sibling or close friend to safekeep an extra physical U2F key for you, or a full-disk encrypted thumb drive with a copy of your password database. Whatever works in your situation.

It doesn’t have to be enough to get you back into everything; it only has to be enough to get you back in sufficiently to bootstrap the process of regaining access elsewhere. It might even SPECIFICALLY only provide enough access to get you started on the road to recovery.

Tariq June 28, 2022 7:37 AM

@wally, @Mike:

The OP already talked about how impractical that might be in some circumstances:

I know… I know… I should have kept them in a lock-box in my local bank. The only problem is, virtually no banks offer safe deposit boxes in the UK. The one that does charges £240 per year. A small price to pay, for some, to avoid irreversible loss. But it adds up to a significant ongoing cost.

But, suppose I had stored everything off-site. All I’d need to do is walk up to the bank and show some ID which proved that I was the authorised user of that box.

The ID which has just been sacrificed in tribute to mighty Thor and now looks like a melted waxwork.

I mean, presumably some kind of off-site secure access would require you to identify yourself in some way, and you don’t want that way to be less secure than your primary method of access, or else that’s a backdoor…

jbmartin6 June 28, 2022 7:54 AM

Keeping offsite backups isn’t cost free, nor is it without risk. It’s an interesting thought experiment that I went through when a neighbor’s house burned to the ground. I concluded that I would grab my mobile phone no matter what, and the password manager on there contains a lot of my recovery information. But who knows what could happen, I could become separated from my phone/wallet for some reason. I couldn’t access my password manager on another device without the FIDO keys that were presumably also destroyed. I’ve thought about keeping a key offsite, but then I couldn’t add it to any new services without going to get it, then putting it back. So I guess I accepted the risk at that point.

xkcd386 June 28, 2022 8:00 AM

big mistake was to rely on cloud based password manager

would not happen with an offline tool like keepassxc. Strong passphrase, copies on my phone and wife’s phone, one copy sent to a good friend approx once a month (it’s only a couple of MB; peanuts) and that entire scenario — except physical artifacts like passport — is taken care of

Zephyr June 28, 2022 8:32 AM

The fire scenario is more likely than most of us being hacked. Similarly, I read a story of someone who lost everything in a hurricane flooding situation. He was lucky to escape through a hole chopped in the roof of his house with nothing but the clothes on his back. So does 2FA make us more vulnerable to losing everything? The direction everything seems to be headed is to make your phone your default 2FA device, but that seems to make everyone extremely vulnerable. Losing a phone or having it stolen is common.

Clive Robinson June 28, 2022 8:46 AM

@ ALL,

It’s a one-in-a-million story, and one that’s hard to take into account in system design.

Sadly it’s not “one-in-a-million” as “Silver-Surfers” do fall very regularly off of their perches.

Also it’s not something that should be hard to “design out” when doing “System Design”, it’s just that few talk about it (a bit like writing wills or getting life insurance, many think it’s attracting fate).

The real issue however is it’s a rapidly rising problem and it should not be.

Because we have known how to solve the problem for over a hundred years, yup since before electronic computers were thought about.

As an overview,

In essence you give two people that know you but don’t know each other a letter in an traditional escrow system.

You or your executors turn up and get the letters out of escrow.

You then use the contents to reconstruct your “master secret” and how aditional passwords are generated.

To stop either person getting at the secret, you use the principle behind the “One Time Pad”(OTP”, where one letter has the “ciphertext” and the other the “keymat”. Only with both can the “plaintext” be recovered.

Yes it’s old fashioned and yes there are ways to subvert it. But unless there is something of substantial value protected by it, is it going to be subverted?

OK that is the basic principle, easy enough to understand by most readers here.

But it is “fragile” which could be problematic… but it’s not, there are more modern systems you can use such as “M of N threshold secret sharing” algorithms.

You just have to study “Key Managment”(KeyMan) sufficiently to understand the currently known wrinkles.

Because that is what this is,

“A Key Msnagment issue.”

Something for some reason in the ICT industry and especially the ICTsec sub industry we realy do not talk about anywhere enough…

Winter June 28, 2022 8:47 AM

One of the “dangers” of cryptocurrencies, extensively discussed in [1], is that the password (key) is the money. People have lost large fortunes by losing the key(s).

Their solution: Engrave the seed of your keys in stainless steel or some other very hard and durable material and store it somewhere really secure.

Maybe, that is a solution for others. Have off-site backup for one-time access codes engraved in durable materials for those apocalypse days.

Oh, and “secure data” storage means replicated on different continents.

[1] https://www.schneier.com/blog/archives/2022/06/on-the-dangers-of-cryptocurrencies-and-the-uselessness-of-blockchain.html

Medo June 28, 2022 8:59 AM

My solution is to have encrypted cloud backup, with the backup key memorized. I made sure I need nothing secret except this one key to get at the data. There is a chance that someone could learn my backup key, figure out where everything is and thereby get access to all my files, but I think it very unlikely.

Dave Pawson June 28, 2022 9:12 AM

An alternative (nightmare) scenario.
My ‘smart’ phone? Stolen/ lost / broken?
How much is that used as 2FA, via authenticator app etc?

Just as bad?

We need something better.

Ted June 28, 2022 9:19 AM

It certainly seems like recovering all these accounts and records would be a laborious and tedious process. As far as where “code is law” – do we just have to give up on these accounts?

There are definitely non ”code-only” processes for obtaining a replacement birth certificate, social security card, driver’s license, etc. Hopefully your bank, retirement accounts, and most service providers are staffed by actual people.

I tried to start doing some estate planning a few years ago. The process of recording and safe-keeping all this info is not terribly dis-similar to preparing for other life-changing events. There are workbooks that greatly help with this. I periodically worry about it, but it’s a work in progress.

MFreeman June 28, 2022 9:52 AM

Thinking about it, I could come unstuck by this. My PWM doesn’t use 2FA, but if I install on a new device, it sends me an email, the password for which is… in the PWM since I changed it when my old-but-memorable password was no longer safe.

Time to go back to a long-but-memorable one of my choosing, methinks!

It sounds like there’s a market for “decoder” rings? Small chip for 2FA. Permanently wearable etc. Readable via any paired mobile (friend or family’s one for safety) or a dedicated scanner.

Clive Robinson June 28, 2022 9:55 AM

@ jbmartin6, ALL,

Re : Smart Device Dangers.

But who knows what could happen, I could become separated from my phone/wallet for some reason.

Think back a little and you will remember Samsung Phone users,

“Got burned”

When the battery in their Smart Phone went incandescent and stated melting metal and even burning it…

Every thing including sand can be made to “oxidize” dramatically in some way…

The chemicals you need for this are usually based around either chlorine or fluorine or as in CIF3 both…

So the chemists favourite nightmare to be avoided by even the “foolhardy” is “Chlorine Trifluoride”…

Which has been investigated as part of a high-performance rocket propellant as a fuel oxadizing agent. But “handling concerns” it has aplenty, and as John Drury Clark noted, that desirable as it might be on paper, they do however, severely limit chlorine trifluoride’s practical use.

He famoulsy summarized some what dryly the difficulties of Chlorine Trifluoride with,

“It is, of course, extremely toxic, but that’s the least of the problem. It is hypergolic with every known fuel, and so rapidly hypergolic that no ignition delay has ever been measured. It is also hypergolic with such things as cloth, wood, and test engineers, not to mention asbestos, sand, and water with which it reacts explosively.”

He also noted, that as a research chemist working with rocket fuels, he found the most usefull piece of equipment to be a good pair of running shoes…

JonKnowsNothing June 28, 2022 9:56 AM

@All

re: Not so far fetched – happens in RL

At least 2 scenarios I’ve encountered

Scenario 1:

~2005 after a major hurricane hit the southern part of the USA and family members there had to evacuate to other states for safety, I tried to get the utility company in that state to:

a) turn off the juice for safety
b) arrange to pay the connect charge bill for the duration of the evacuation and the time for repairs to the damaged homes

I was successful at neither. I was not the account holder so I had no “rights to pay the bill for the holder”, I was from a different state “clearly an imposter attempting to pay the bill” and I did not know all the secret handshake codes which had been safely stored in “secured” locations like a bank box in the now underwater town.

Scenario 2:

~2022 at the impeding death of my spouse, while conversation was still possible and cognition not too impaired by the continuous administration of high potency narcotics (the principle means of inducing death, subsequently followed by starvation and dehydration: aka “natural death”) there was a scramble to make sure I had all the passwords, code phrases, code keys to every account that required them, so I could access them while my spouse was still breathing and then afterwards.

I make great efforts to track these as a rule, and so far I haven’t been stumped although some accounts are non-transferable so notification is really the method of saying “close the account: the account holder is deceased”. (1)

It highlights that there are groups and classes of people for which these F2A and Password Managers and On-Line presence are problematic. They don’t have the gear, the connection, the funding and perhaps have infirmities that prevent them from remembering “how to log in and which check boxes to tick”.

There is some push to make Tech Access more Universal. (2) Dealing with passwords or account access codes will have similar issues as “logging in to your bank account from a Public Library Terminal”.

===

1) One might be surprised at how that conversation flows. Either you get a “Thank you for letting us know” or “Where’s the proof? (cheater) Send us a death certificate”

2) ht tps://www.theguardian. com/society/2022/jun/26/essential-services-websites-in-uk-should-be-accessible-to-all

(url lightly fractured)

Also June 28, 2022 10:07 AM

Um. Really? It would be a pain but very possible to get a new phone with a new SIM on the old number, and get back to 2FA from there. Worst case it means getting a copy of birth certificate and going to passport from there, most likely a carrier would be fine with a credit card and story in person, especially backed by news about the fire.

Jim June 28, 2022 10:11 AM

COO with sole approval authority at cloud enabled Startup Co is driving to work when his Te$la catches fire. He escapes the vehicle before it completely erupts in flames but his |phone was in the center console. Business continuity is disrupted for days impacting countless customers who flee, bankrupting Startup Co.

That’s a plausible one-in-a-million scenario.

Winter June 28, 2022 10:22 AM

@Clive

“Chlorine Trifluoride”

That chemical reminds me of the famous “Universal Solvent” sought by the Alchemists of yore. No prescription on how to store it.

For the uninitiated, there is a great scene in Breaking Bad where Pinkman thinks he can disolve a body in HF (hydrogen fluoride) in a bath tub only to find out it dissolved the bath tub and floor boards too.

ClF3 is much, much worse.

In a sense, ClF3 burns water.

Clive Robinson June 28, 2022 10:35 AM

@ Jim,

COO with sole approval authority…

As I’ve mentioned a close friend died at the begining of “lockdown” due to an accident. He was the “Managing Director” of the company.

The partner in the business tried to steal everything, and actually managed to avoid appearing in court by drinking himself to death in a few months and was not even fifty…

As I’ve mentioned they used Microsoft UK for the “email” service.

Despite all the paperwork etc Microsoft UK would not as legaly required hand over the control of the email system for reasons that were either the hight of stupidity or they just felt like being malicious.

Microsoft UK has directly caused the loss of millions to the “estate” of my friend and thus his family who have been my friends since I was a schoolboy.

What finally stopped Microsoft UK being “stupid” was another friend after serving legal papers on Microsoft UK’s headquaters. Also notified them that he was on the way to the home of the most senior person (you can look her name up easily enough who has a “KT8” West Londonish addressss) to serve personal liability papers on her and thus her home…

Sometimes you have to show the mutt that you are going to take it’s kennel away, for it to “wake up and smell which way the wind is blowing”…

As my still alive friend wryly pointed out,

“If you want them to perform, and they ignore you, you have to make it personal, then your loss becomes their loss”

Kent Brockman June 28, 2022 11:04 AM

Any plan should take into account the possibility of memory loss( permanent or otherwise) due to shock or physical injury from an incident(car crash,fire, etc.,etc.) which would render moot a passphrase, plan, etc. unless written down and distributed to others(trusted implicitly, of course). This is to my mind at least, possibly the largest risk to even a well thought out scheme.

Security Sam June 28, 2022 11:25 AM

For safety the security abhors
With a mutually exclusive rule
Just like the set of double doors
Located in every bank vestibule.

CdrJ June 28, 2022 11:28 AM

I’ve had a supermarket loyalty card for about 12 years (which you get automatically if you sign up to grocery delivery).

It’s still registered to the house I moved out of a decade ago, and they will only send new cards there. To change the card address I have to use 2FA, which sends a message to… the landline number of the old house.

Oddly, the supermarket is perfectly happy to send groceries to my current house which is why I haven’t burned the old account and started again. I keep forgetting the loyalty card exists.

I hope the current occupants enjoy their occasional discount vouchers!

lurker June 28, 2022 11:33 AM

As a hardware guy I was fascinated by the photos of stuff that “survived” a total loss fire. The Fido key looked well worth a cleanup rescue attempt. Of course the the last para. of the story revealed it as a beat up.

lurker June 28, 2022 11:37 AM

Bouncing round the event horizon is a story of an early blogger who used rsync over ssh to a tiny server in his mother’s house across town.

lurker June 28, 2022 11:41 AM

Also bouncing around the event horizon are the tech lawyers and estate planners who know less than the commentariat here or at the original story.

Ted June 28, 2022 1:08 PM

@lurker

… tech lawyers and estate planners who know less than the commentariat here or at the original story.

A lightening strike to a safe is pretty remarkable. Not impossible though.

The book “Get It Together” recommends a waterproof, fireproof home safe for secure storage. It might not hurt to have a safe rated for digital media protection too.

That’s rough that safe deposit boxes aren’t less expensive in the UK. I doubt anyone would give a lawyer periodic updates of their credentials. Yes, it would be a bit of a challenge to figure out where to store important information.

I guess it’s good that Terence Eden is considering this risk assessment now.

Mexaly June 28, 2022 1:16 PM

I stop at the moment that there was no plan for a housefire.
The rest of the security discussion is nice, but the basics were neglected.

Anonymous June 28, 2022 1:24 PM

I’ve had to design policy for these types of scenarios for insert large MFA player here. They come up more often that you’d think.

The core principle we use is the assumption that the person attempting access is an attacker. Staff must be able to provide a paper trail detailing why they are not and it needs sign-off. It’s never a simple step-by-step process and regularly results in no access granted.

We can usually obtain enough information out-of-band for companies with a public presence, but the casual person is extremely hard to verify.

It bugs me that we have to turn folks away who are not tech savvy or have the forethought to follow the instructions to make backup accounts. That said, there’s also no simple solution without an interpersonal web of trust.

JonKnowsNothing June 28, 2022 1:30 PM

@ CdrJ , @Al

re: supermarket loyalty card registered to obsolete address

That’s right up there with lost password codes.

Anyone who has tried to correct out of date information finds it’s a closed loop. You might get one change done but it re-pops up in another instance. I’m not sure what the data brokers are really selling these days but ancient history doesn’t have much value except to LEOs.

It used to be a way to track the old postal mail spam by registering your name, address with a slight change. That way you could track the mailing lists and companies that sold your address to them.

In the realm of RvW fallout, a good number of people are deleting “Apps that Track” in (forlorn) hope that the information already harvested “cannot be used against them” in legal proceedings. Getting data purged or corrected for a wrong address is an annoyance but harvested information is used for all manner of legal criminal enforcement and now 50% of the USA is subject to that enforcement.

Strange are the ways that tracking, data harvesting and passwords are linked.

===

ht tps://www.theguardian. com/world/2022/jun/28/why-us-woman-are-deleting-their-period-tracking-apps

(url lightly fractured)

Ape June 28, 2022 4:01 PM

It seems to me that the impact of the thought experiment resides in this: we have evolved backwards. Rather than insisting that it is robots who have to prove they are humans, we have evolved into a situation where humans have to prove they are not robots. Whatever happened to cognito ergo sum? It is now: I exist because the robot says I exist. If the robot says I don’t exist, I don’t exist. There is probably some fancy Latin way of saying it. So the heart of the problem is not “code is law”. The heart of the problem is that we have devolved law to programmers. Not just law, either, but the reality of our lives.

Now let’s imagine a different thought experiment. One where a person physically exists so they have an identity. In that cultural reality the question is not a question of token verification but a question of “Who is this person?”. They must be somebody. So we go about deciphering who they are. It is humans who have control, not the code, not the programmers, not the token. Maybe we even decide that the person is not the person who he was before the house burned down. Does it matter if the victim cannot regain his old identity if we give him a new one? Why the need for convergence on the old, on perpetuation?

It is time to regain control of our own identity.

Doug June 28, 2022 4:51 PM

This is exactly why systems like 1Password offer an emergency kit that you can print out and keep in a safe location (e.g. safe deposit box).

What I’m more worried about is the push to passwordless authentication like Apple is doing – what’s the fallback when all your devices melt down in a fire?

backup plan June 28, 2022 5:23 PM

This isn’t a new question.

For backups, at a minimum you need at least 1 copy off-site. A place far away enough that a fire/flood/whatever won’t affect the off-site copy.

The other main issue is dealing with the loss of access from the primary user, be it loss of memory, loss of that person’s device, death, etc. You’re left then with the question of who the backup user should be. For estate planning, I make the assumption that I can’t know who that would be. What if my wife & I pass while driving? What if a family trip gets all of us?

My plans are based on the requirement that the person recovering my estate isn’t tech savvy, and I can’t be sure who it is. Recovery needs to be as simple as a written list of accounts and passwords. This means that the recovery process is indeed vulnerable to attack- thus I must rely trusted contact who knows where to look and get started.

I’m personally not a fan of cloud services for passwords, secure storage, or finances. These things get hacked more often than I get robbed, and cloud services have been known to go out of business.

A home safe, a family member’s safe, a safe at a friend’s house, a storage unit, a bank’s deposit box, etc are all good ways to have fairly secure backups within my physical control.

If you want to protect against government seizure, that’s a whole different use case with it’s own risks…

stine June 28, 2022 5:32 PM

Anecdotally, the answer to his question is for him to pick up a random phone and call his grandmother and ask her what his password is. And because this is the USA, the NSA will be listening and also because this is the USA, they’ll have a backup of all of your data.

It was funnier in the 1980’s.

SpaceLifeForm June 28, 2022 6:30 PM

intentional ambiguity

If you lose control of a financial asset, you know who eventually gets control, right?

It will be either a government, or a thief.

Dave June 28, 2022 8:44 PM

What @backup plan said. I have a sealed envelope in the care of a friend which can be used to recover any important accounts and from there bootstrap access to other stuff in the event of a catastrophe. Similarly, he has an envelope with me for the same purpose. The ‘what do I do?’ is a solved problem, the issue is taking that step of creating a backup. Virtually no-one I know ever has a backup of anything, and I’m not just talking passwords here, I mean anything at all, data, physical documents, anything.

Firitia June 29, 2022 12:15 AM

A theoretical dream? A 1 per million?
Here in Tonga I see it happening every day. People often have only 1 mobile and do not understand the importance of remembering their passwords. (Stupid? yes, but that is the way it is). If the fone is lost or breaks, they loose all access to facebook, gmail, and whatever of that type of misery. Or if the fone locks by mistyping the passcode too many times, it cannot be restored because the Appleid (or the like) requires the password. And 2fa does not work, because it is set for that same fone. The number of iphones essentially lost in this way is staggering. My only advice to the people is: do not use icloud, do not use 2fa if you can, do not use… etc. Maybe it will not be safe (against spies and hackers), but better not completely safe rather than completely lost.

Hugo June 29, 2022 12:36 AM

I have all my 2FA keys backed up, it’s simple either save the QR image or the actual key represented by the QR code. And as everyone is saying a secure off-site backup, even a ziplock bag (or 2) with a micro SD with an encrypted backup of your passwords and 2FA codes under a rock or something (I have something similar, not a rock :-)) that you update only when your main account(s) are updated should be enough to at least not lose the important stuff

Winter June 29, 2022 12:47 AM

@Firitia

Maybe it will not be safe (against spies and hackers), but better not completely safe rather than completely lost.

That is always the trade-off. Perfect Security generally means Perfect Uselessness.

Clive Robinson June 29, 2022 6:28 AM

@ Larry wannabe techguy,

Sadly I don’t think they are going to pay the several million in “lost business” Micro$haft caused…

However, putting the message around might wake them up a little further…

@ SpaceLifeForm,

I remember there was a fascinating picture once painted on this blog that featured a kitchen demonstratin OSint… It set me thinking, so a little rummaging later,

https://www.google.co.uk/maps/place/65+Wolsey+Rd,+Molesey,+East+Molesey+KT8+9EW/@51.4035867,-0.3541075,17z/data=!4m2!3m1!1s0x48760b3dd03ac9cb:0x3bc3bc1cc520491d

JonKnowsNothing June 29, 2022 7:41 AM

@ Firitia , @All

re: … have only 1 mobile. If the fone is lost or breaks, they loose all

RL anecdote tl;dr

Back in the dark ages of CRTs, a new option was added to “store a text string” in the keyboard.

Once people figured it out, it became the GoTo place to put your ID and PW.

The head of computer division put The One and Only Master Admin Password to the Mainframe in one of the key-stores.

No… it wasn’t hacked.

The terminal died, CRTs do that, and the swap out was a new terminal and keyboard.

When asked if they still had the password, the person punched the assigned key-store and got (“           “)

There was Panic in River City with a Capital T which rhymes with P and stands for Phool.

Now this is called “text replacement” and comes in several variations

a) on demand find-search-replace

b) hard coded text strings: otw == On The Way. Found in the keyboard section of an iPhone. The penalty or mitigation for teeny tiny touch screens and keyboard-on-screen orientation-location scan failures.

Nick Levinson June 29, 2022 7:48 AM

The most extreme case and what to do about it: Answer: Do the best you can. Wing it when you get there.

Reason: If you plan for every possibility, you will consume all your resources just in the planning. Consuming all of your resources in planning will leave you dead before you get a benefit.

Mars and Saturn could crash into each other tomorrow and emit a toxic cloud and rocks, kill three fourths of Earthlings except readers of this blog, and wipe out all survivors’ sight and memory. It could happen. But it’s not worth planning for it.

What some major institutions do: Select a risk. Select a time period, such as a year. Estimate the percentage likelihood that the risk will become reality in that time period. Calculate the cost in monetary terms if it happens in that time period. Multiply the percentage by the money amount. Do not spend more than the product of that multiplication. Therefore, for the Mars-Saturn example, you’d spend nothing. This gets more complicated with some risks have to be considered as co-occurring, but the principle is the same.

If you agree to design any system, do not agree to cover all possible risks without leaving yourself some escape clause.

Jeff June 29, 2022 9:24 AM

This almost happened to me. Houses nearby were burnt to the ground, but the wind was in my favor, and I had no issues.

But I did start researching fire safes, and bought one that was 1) big enough for all the important papers, and 2) was rated for protection of optical and semiconductor media. A copy of my KeePass database is in there, and I’ve put much more than passwords and 2FA seeds in it. It’s got digital photos of my ID, my passport, and other important papers.

The house fire is a realistic risk, and a proper fire safe will mitigate that risk. Not to zero, but close. And it’s cheaper than a safe deposit box.

Wendy M. Grossman June 29, 2022 9:29 AM

Not sure how this is a thought experiment. Over on Twitter and at The Times, James Ball has been talking about his recent mugging, in which the mugger demanded all his passwords and PINs. He’s now struggling with the consequences of being locked out of his life.

wg

Clive Robinson June 29, 2022 10:26 AM

@ Wendy,

Long time no see/hear I hope you are well?

Do you pop in the Cabbage Patch these days?

JonKnowsNothing June 29, 2022 12:51 PM

@ Nick Levinson, @All

re:
The most extreme case and what to do about it: Answer: Do the best you can. Wing it when you get there.

Reason: If you plan for every possibility, you will consume all your resources just in the planning. Consuming all of your resources in planning will leave you dead before you get a benefit.

One doesn’t need to over worry about a planetary collision but there are known and common conditions for which not-too-much planning needs to be done.

Whether people actually plan or need to plan is also part of the equation.

1) If you are a member of the houseless group and have no stocks, bonds, assets of any significant value there isn’t much that needs protecting. It should be noted that governments globally are demanding digital ID and digital PW and without those any benefits programs fail. Which is more likely the point of demanding digit IDs in the first place.(1)

2) If you are a member of the higher paid portions of society but not a member of the stratospheric group, your assets are likely house, cash, investments (401k) and maybe a few other perks in life. A timely review of your security listings and an inheritance document (if any) could be recommended. When you get to the “golden years” you might find that in order to fund them, using the (Actuarial Life Expectancy Table for your age group * current rate of expenditures) the result will mean that little or nothing is left over. This is the difference between historical wealth inheritance and current lack of wealth. Current generations have added zero funds to the wealth received by their parents, grandparents etc. Asset stripping is the common term. (2)

3) Only the super oligarchs have to worry about planetary collisions. At least one is planning to live long enough to witness it.

===

1) Essential services websites in UK ‘should be accessible to all’

h ttps://www.theguardian.c om/society/2022/jun/26/essential-services-websites-in-uk-should-be-accessible-to-all

2) Another UK Post Office Type Scandal Computer Wreck in Progress:
Code Name: Phoenix Developed by: IBM

Canadian woman loses her home amid government payroll debacle

Fiasco involves automated system that has led to 200,000 government workers being overpaid, underpaid or not paid at all

ht tps://www.theguardian. com/world/2022/jun/29/canada-government-payroll-woman-loses-home

(url fractured lightly)

Larry wannabe techguy June 29, 2022 3:34 PM

@Clive Robinson
Sadly, I’m sure you’re correct. Maybe it will wake them up a little.
Since I’m not a real techguy, I haven’t used Windoze since XP(2012). I’m on my second Chromebook(not that I trust Google) & have no need for Micro$haft(I like that name!).

Clive Robinson June 29, 2022 4:13 PM

@ Nick, ALL,

If you plan for every possibility, you will consume all your resources just in the planning. Consuming all of your resources in planning will leave you dead before you get a benefit.

The trap of,

“Thinking in Instances not Classes”

You can not defend against every “instance” because you will never be able to think of them all, as they are being constantly created new every day (how many confirmed vulnetabilities are there so far this year, it was rising around a hundred a day).

However every “Instance” falls in a “Class” of instance types. Whilst we don’t know of all classes, when we do defend against known classes we do also defend against a lot of as yet unknown instances.

In more human terms, we do not have evacuation drills for every conceivable instance that would require a drill. We do however have a drill against the most likely instance (usually but not always fire). With a little thought the environment and it’s drill can cover most instances that are worth covering (yes you can cover nuclear attack, massive meteorite strike and super volcano erruption, in your drills, but realistically they are at best short survivability events so you are probably going to die within days or weeks anyway, so you get into the quality of life issue of “Quick death -v- Lingering death”).

John Brown June 29, 2022 4:26 PM

If you have ‘family’ or ‘friends’ there should be copies of your KeePass databases with at least one, geographically distant.

SpaceLifeForm June 29, 2022 5:46 PM

@ Clive, Nick, ALL

“Thinking in Instances not Classes”

Many have endured a bad Instance in a Class.

As you learn, you avoid the bad Classes. If you can.

There are bad students and there are bad teachers. You avoid those Claases if possible.

You listen to the good students so you can avoid the bad teachers.

My first rule of Marxism: Never join any club that would have you as a member.

Do not enroll in the Class. Be especially wary if there is no tuition.

Avoid the various Classes that can warp your mind, take away your identity, or create problems for you.

Examples of bad classes: Facebook, Apple, Google, Windows, SMS 2FA, and Fox.

Stay out of bad Classes, do not become an Instance. Be a good student.

Rick June 30, 2022 12:03 PM

I agree with @Also. I think this is where brick and mortar adds value to digital. If your DMV and or state police you are who you say you are then I think the password source security company should yield to what we call the proper authorities. It may be needed to give the password company a waiver so they are not held liable to smooth over the transaction, but do diligent by our proper authorities would make the transaction risk free for all involved. Sorry if I misunderstood the conversation.

Joao June 30, 2022 5:16 PM

FIDO/ FIDO2 security keys can go to the fire & water proof safe.
Important data can go to some device prepared for every kind of disaster (Fire, hacking, tornado, crush, water, nuclear) like ThermoDyne DataBunker.

Quantry June 30, 2022 5:29 PM

When security locks you out… like

“too many requests” trying to post here for the first time today.

SpaceLifeForm June 30, 2022 9:33 PM

This will not age well

‘https://www.theverge.com/2022/6/30/23189450/chrome-password-manager-updates-ios-android

confusopoly July 1, 2022 6:30 AM

My solution here is a personal off-site backup like so: I have a friend who lives 400km away from me. We swap encrypted backup drives with each other every month.

Those drives contain data needed to recover from catastrophic data loss and a second unencrypted partition with a copy of my encrypted password manager database which also contains the key for the rest of the backup drive.

That way all I need to remember is my master password and in case of a catastropic loss that destroys all my local backup devices and a backup drive 400km away I’ll probably not worry too much about my digital ID.

My-Tien July 2, 2022 2:15 AM

One solution would be to be able to enter an emergency contact in your password manager. that person shouldn’t live with you I guess… How big is the risk of both of you losing access?

JonKnowsNothing July 2, 2022 6:36 AM

@My-Tien, @All

re: add an emergency contact in your password manager

The common thread of “who can you trust?” and “what do you trust them with” are underlying issues. Password managers are like scum on the water obscuring what’s under the surface.

It’s not too horrible if something unimportant gets locked. Many games will let you create a new account if you get locked out, and you can move along from there. Certainly over the years of playing MMORPGs, loads of people have forgotten their original passwords or had their game accounts hacked or had the account locked for a variety of reasons. If they continue to play, they rebuild their account and toons. They lose their initial investments of course which is mostly seen as “disposable income”; irritating to be sure but nothing that cannot be re-built.

But when it comes to something really important like, banking info or access to stock market trading accounts, things can go pear-shaped fast. The wrong “trusted” person getting access can asset-strip your account just as fast as a hacker-thief, except in this case you gave them permission to do it.

Overall, society does a poor job of explaining how to navigate along these varied paths. Every country has their own rules and regulations and things that are OK in one spot may not be OK in another. There are lots of legal books, rulings, boiler plate forms but most folks haven’t a clue what they mean or how to use them or how to not use them. We only know They Are Dangerous Documents and we have to be Very Careful who we give them to, since regardless of what the person says, once they have the document in hand, You are Pwnd.

When it comes down to what’s in a password list or security setup, it is mostly to prevent Asset Stripping. It’s a popular feature of governments globally, it’s a popular activity when dealing with infirm or elderly persons, it’s a popular activity for banks, and mortgage companies and it’s heavily weighted to take as much as possible before the victim realizes what’s happened.

When you consider who you will add to your contact list, ask also who will you hand your entire financial welfare, your home, your stuff and your healthcare and your life+death. Cause it’s all under the same umbrella:

  Who can you trust? What can you trust them with?

Kevin Smith July 2, 2022 11:09 AM

The lawyer who deals with my Will keeps a thumbdrive in my file, and also a “do not open unless I’m dead or disabled” envelope, with printed contact info, passwords, etc.

lurker July 2, 2022 1:29 PM

@Kevin Smith

Lifting off and replacing wax seals was a well developed art 500 years ago . . .

Clive Robinson July 2, 2022 6:42 PM

@ lurker, Kevin Smith, Interested others,

Re : a well developed art 500 years ago

That and a millennium and a half before at least.

“Papal Bulls” are so called because of the cord and soft metal seal called a “bulla” which was known to be in use befor the 12th Century abd may go back atleast as far as the 6th Century.

As Papal Bulls were used for amoungst other tgings property title, they were extreamly valuable thus as with all such things subject to forgery. As wax seals are knoen much earlier in Egypt and Phonecia and the Phonecians had developed a more secure system based around fired ceramic enevrlopes we can only assume that the Holly Roman Empire were well aware of how such things could be forged.

Of more interest is “tamper evident” systems, it’s not clear when the art of “cutting and folding” paper messages started but certainly by the Tudor period it had become a very fine art.

It did not as such make the messages any more secure than wax seals but it was very much more tamper evident, thus when “secrecy of information” rather than “value of title” was concerned such systems were of more use.

The shear artistry that goes into early security systems makes their research divided amongst several study domains, including religion, legislation, history and art.

In some respects we have actually got to the point of “lost knowledge” because what we have in records are mainly the unsealed / opened documents, not the sealed ones. As some could have been closed in quite a few ways, that in it’s self may have been an extra security feature, sadly we just do not know.

Kaleberg July 2, 2022 8:01 PM

As it is usually implemented, 2FA is a security nightmare. You get all the bad stuff if you lose your phone and it is only marginally more secure in the face of phishing or SMS redirection. The problem is that it involves something you have which means whenever you don’t have all your usual things, you are locked out.

Who? July 4, 2022 10:20 AM

You can see it the other way—this human being has achieved digital immortality.

Don’t worry, we all are now condemned to achieve digital immortality; although not the kind of immortality that our predecessors thought.

Billy Jack July 8, 2022 5:16 PM

The place I worked back in 1980 had an offsite storage location for backups that specialized in such storage about five miles from the office. Whenever they did a monthly backup, they transported the previous monthly backup to the storage location.

Where I work now, I have often advocated that we get a safety deposit box in a nearby town but I don’t know if the banks we have accounts at (we have bank accounts in town, at one town 15 miles away, and another town 40 miles away) offer safety deposit boxes. The one in town is only a block away and I would prefer that any offsite storage location be at least a few miles away to limit the odds of a common disaster (such as an explosion or a big fire). So far, I haven’t talked them into it.

For my passwords, I keep backup copies of the KeePassXC file on my ProtonDrive account.

Billy Jack July 8, 2022 5:20 PM

By the way, living on a farm, I have thought about putting encrypted copies of everything in a briefcase and storing them in some odd place like the rafters of the barn or fastened to the inside of a grain silo or in the chicken house. One downside to inside a grain silo is that I might have to wait until we remove the grain to get to the backup.

JonKnowsNothing July 8, 2022 10:09 PM

@Billy Jack

re: Storage barn and silo heaps

Barns burn. Rafters collapse. Silos blow up from grain-dust bombs. The silo auger isn’t too safe either.

On farms, you may have to contend with mouse population explosions associated with bumper crops and un-gleaned fields. They may not be able to bite through heavy metal canisters, but the urine deposited on the canister can be deadly.

===

Search Terms

Silo

Dust explosion

Gleaning

Orthohantavirus

Jasper van Weerd July 12, 2022 8:34 AM

Google (but also Facebook) has provisions to set secondary access. Both would then not be in a loop and could be setup again on fresh devices, which then would give you again access to the cloud and start setting everything up again.

wim ton July 15, 2022 3:45 AM

I just moved to Ireland. To get a bank account, I need a utility bill. To get electricity or Internet, I need a bank account.

Security Sam July 22, 2022 9:04 AM

@wim ton

In operating systems lingo it is known as a “deadlock”
In general terms it is also known as a “catch 22”
Good Luck!

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.