Chat support available. Click the chat icon on the bottom right corner to start chatting with us right away!

mSecure Support

Knowledge Base Forums Submit a ticket
Planned

Password sharing after death

 No matter how much we try not to think about it too much, fact is we're all going to die one day.


While it's relatively easy for those we leave behind to go through our physical posessions,

enumerating all of our online accounts is an entirely different story.


A password manager is probably the closest thing to a complete enumeration of all of our online identities.


Sharing the mSecure master password with family members requires a substantial amount of trust,

and writing it down on a piece of paper hidden in the drawer probably only helps a thief break into our accounts.


So something else is called for, that I do not see in mSecure yet (correct me if I'm wrong).


What if a user could encrypt my password database with two keys: "regular" and "afterlife".

They could be password based derived keys, or perhaps even stored on the device(s) we use mSecure on

(i.e. not stored in the cloud, for obvious security concerns).


Key "afterlife" can be split in 2 parts (either using a onetime-pad+XOR, or secret sharing):

One is received by mSecure Cloud Services, the other one is received by a trusted family member.


Now if the user dies, the family member would contact mSecure Cloud Services,

providing evidence of the demise of the account owner.

The account owner would receive notification of this event, and perhaps there should be an

additional delay allowing the account owner to intervene, in case this feature was somehow abused.


Only after verifying these steps would mSecure Cloud Services make available the other half of the "afterlife" key,

that the family member can combine with their half in order to unlock a backup of the user's

database (encrypted with key "afterlife", of course).


All of this complexity would of course have to be wrapped into an intuitive user-interface,

guiding the account owner, and later on the family member through this process.


And the secret sharing could of course also be extended to a (t,n) threshold scheme,

but strictly speaking, a simple mechanism would be an awesome start.


1 person likes this idea

Hi Gerd, 

Thank you for the feature request. This request is something we've received for a long time now. Technically, if your other family members are mSecure users or can download mSecure 5 and create their own account, you can simply provide them with a database backup file and the password for it. Please note that all backup files are encrypted with the account password in use when the backup file was created. This means that you could use a particular account password when you create a backup file and then change it after creating a backup file with the specific password for the backup file.


With all that said, as I mentioned above, this kind of request is something we get often. To addresses it, we are looking into providing an emergency access or emergency contacts ability to our system. What we have planned would require customers use our mSecure Cloud syncing feature, but would work to provide other mSecure account users with emergency access to someone's information. At the moment, we are looking into having the option or feature built in mSecure itself. You'd be able to give 1 or more users emergency access to your mSecure information. These people or person would receive a notice in mSecure on their devices, and(or) an email if they don't have an account already. You would be able to set how long your emergency contacts have to wait in order to gain access, and you would get a notice by email and in mSecure when an emergency contact requests access to the information allowing you to cancel the request. 


At the moment, this is all in the planning stages and would only be implemented after our planned cross account sharing features.

Since it's been 7 months since this question was originally asked, has any progress been made on building this feature into mSecure?

Hi Joseph,

Thank you for taking the time to ask about this feature request. This is a feature request that we have on our radar and something that goes with our planned sharing features. However, I am not sure when the feature will be available in the app. This feature will either be part of our next major update or be in a log of features planned afterwards. I'm sorry I don't have more news for you here.

Hi Mike


Are there any plans to include this feature in v6?


Thanks!

Hi Mike


Are there any plans to add this to v6?


Thanks

Hi Andrew,

Thank you for contacting us! While we do have this feature up front on our feature request list, it will not be making its way into the first release of version 6. With the first release, we are implementing cross-account sharing, which is the foundational feature needed for the "Access Upon Death" feature. Once cross-account sharing is in the app, then the other feature can be added to it.

Thanks Mike.


 Happy New Year.

No problem Andrew. Have a Happy New Year as well!

Mike, My Father-in-Law just passed away suddenly and the family is trying to access his mSecure passwords to complete unfinished family business. Do you have any insight as to how we would do that? Obviously, we do not have his mSecure master password. Thank you for you guidance with this situation. Amy Magstadt.

Hi Amy,

I'm really sorry to hear about the passing your father-in-law. I wish I could be of some help here, but there is just no way to access mSecure without the master password he used to unlock the app. The way the security is built makes it impossible to do so. The reason for this is, the data stored in the app is encrypted using that password, so the only way to decrypt the data is if that same password is entered when trying to unlock the app.


The only option would be if someone was able to access his device using face or fingerprint recognition if he was using that feature to unlock the mSecure app. In that case, anyone who could unlock the phone through biometrics should be able to unlock mSecure as well.


I'm sorry I don't have more help here Amy.

Thank you Mike!

No problem at all Amy. Please let me know if I can be of further assistance.

Mike,

It has been years since this issue of obvious security and financial importance has been raised. You now have sharing features. Other password managers have features that provide the kind of safe sharing after death (not before death or by exploiting security holes that the deceased left open as the suggested work-arounds require). My attorney is recommending using such a feature to safely allow our executor to access our accounts after death. Do we need to abandon MSecure in order to comply with our attorney's recommendation?

Hi John,

While we do have this feature on our roadmap, we have not begun work on creating its functionality. Unfortunately, I do not have a timeline as to when it will be added to the app, so there are no guarantees it will become available within the timeframe your attorney is recommending. I'm sorry I'm not able to be more definitive on when the feature will be added.


Login or Signup to post a comment