mSecure Support

Knowledge Base Forums Submit a ticket

Password sharing after death

 No matter how much we try not to think about it too much, fact is we're all going to die one day.


While it's relatively easy for those we leave behind to go through our physical posessions,

enumerating all of our online accounts is an entirely different story.


A password manager is probably the closest thing to a complete enumeration of all of our online identities.


Sharing the mSecure master password with family members requires a substantial amount of trust,

and writing it down on a piece of paper hidden in the drawer probably only helps a thief break into our accounts.


So something else is called for, that I do not see in mSecure yet (correct me if I'm wrong).


What if a user could encrypt my password database with two keys: "regular" and "afterlife".

They could be password based derived keys, or perhaps even stored on the device(s) we use mSecure on

(i.e. not stored in the cloud, for obvious security concerns).


Key "afterlife" can be split in 2 parts (either using a onetime-pad+XOR, or secret sharing):

One is received by mSecure Cloud Services, the other one is received by a trusted family member.


Now if the user dies, the family member would contact mSecure Cloud Services,

providing evidence of the demise of the account owner.

The account owner would receive notification of this event, and perhaps there should be an

additional delay allowing the account owner to intervene, in case this feature was somehow abused.


Only after verifying these steps would mSecure Cloud Services make available the other half of the "afterlife" key,

that the family member can combine with their half in order to unlock a backup of the user's

database (encrypted with key "afterlife", of course).


All of this complexity would of course have to be wrapped into an intuitive user-interface,

guiding the account owner, and later on the family member through this process.


And the secret sharing could of course also be extended to a (t,n) threshold scheme,

but strictly speaking, a simple mechanism would be an awesome start.

Hi Gerd, 

Thank you for the feature request. This request is something we've received for a long time now. Technically, if your other family members are mSecure users or can download mSecure 5 and create their own account, you can simply provide them with a database backup file and the password for it. Please note that all backup files are encrypted with the account password in use when the backup file was created. This means that you could use a particular account password when you create a backup file and then change it after creating a backup file with the specific password for the backup file.


With all that said, as I mentioned above, this kind of request is something we get often. To addresses it, we are looking into providing an emergency access or emergency contacts ability to our system. What we have planned would require customers use our mSecure Cloud syncing feature, but would work to provide other mSecure account users with emergency access to someone's information. At the moment, we are looking into having the option or feature built in mSecure itself. You'd be able to give 1 or more users emergency access to your mSecure information. These people or person would receive a notice in mSecure on their devices, and(or) an email if they don't have an account already. You would be able to set how long your emergency contacts have to wait in order to gain access, and you would get a notice by email and in mSecure when an emergency contact requests access to the information allowing you to cancel the request. 


At the moment, this is all in the planning stages and would only be implemented after our planned cross account sharing features.


Login or Signup to post a comment