Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!
mSecure Support
No matter how much we try not to think about it too much, fact is we're all going to die one day.
While it's relatively easy for those we leave behind to go through our physical posessions,
enumerating all of our online accounts is an entirely different story.
A password manager is probably the closest thing to a complete enumeration of all of our online identities.
Sharing the mSecure master password with family members requires a substantial amount of trust,
and writing it down on a piece of paper hidden in the drawer probably only helps a thief break into our accounts.
So something else is called for, that I do not see in mSecure yet (correct me if I'm wrong).
What if a user could encrypt my password database with two keys: "regular" and "afterlife".
They could be password based derived keys, or perhaps even stored on the device(s) we use mSecure on
(i.e. not stored in the cloud, for obvious security concerns).
Key "afterlife" can be split in 2 parts (either using a onetime-pad+XOR, or secret sharing):
One is received by mSecure Cloud Services, the other one is received by a trusted family member.
Now if the user dies, the family member would contact mSecure Cloud Services,
providing evidence of the demise of the account owner.
The account owner would receive notification of this event, and perhaps there should be an
additional delay allowing the account owner to intervene, in case this feature was somehow abused.
Only after verifying these steps would mSecure Cloud Services make available the other half of the "afterlife" key,
that the family member can combine with their half in order to unlock a backup of the user's
database (encrypted with key "afterlife", of course).
All of this complexity would of course have to be wrapped into an intuitive user-interface,
guiding the account owner, and later on the family member through this process.
And the secret sharing could of course also be extended to a (t,n) threshold scheme,
but strictly speaking, a simple mechanism would be an awesome start.
Gerd
No matter how much we try not to think about it too much, fact is we're all going to die one day.
While it's relatively easy for those we leave behind to go through our physical posessions,
enumerating all of our online accounts is an entirely different story.
A password manager is probably the closest thing to a complete enumeration of all of our online identities.
Sharing the mSecure master password with family members requires a substantial amount of trust,
and writing it down on a piece of paper hidden in the drawer probably only helps a thief break into our accounts.
So something else is called for, that I do not see in mSecure yet (correct me if I'm wrong).
What if a user could encrypt my password database with two keys: "regular" and "afterlife".
They could be password based derived keys, or perhaps even stored on the device(s) we use mSecure on
(i.e. not stored in the cloud, for obvious security concerns).
Key "afterlife" can be split in 2 parts (either using a onetime-pad+XOR, or secret sharing):
One is received by mSecure Cloud Services, the other one is received by a trusted family member.
Now if the user dies, the family member would contact mSecure Cloud Services,
providing evidence of the demise of the account owner.
The account owner would receive notification of this event, and perhaps there should be an
additional delay allowing the account owner to intervene, in case this feature was somehow abused.
Only after verifying these steps would mSecure Cloud Services make available the other half of the "afterlife" key,
that the family member can combine with their half in order to unlock a backup of the user's
database (encrypted with key "afterlife", of course).
All of this complexity would of course have to be wrapped into an intuitive user-interface,
guiding the account owner, and later on the family member through this process.
And the secret sharing could of course also be extended to a (t,n) threshold scheme,
but strictly speaking, a simple mechanism would be an awesome start.
1 person likes this idea