
Show HN: Passbox – Give access to your data only after you're dead - mrdazm
https://passbox.co
======
ken
The "How does Passbox work?" isn't clear to me. Is it encrypted at rest? Who
has the password (or passwords), and is it just one secret key to unlock
everything? Do my Trusted friends have to remember how to access Passbox, and
a Passbox password? Am I notified if they do? How many of them do I need to
select, and what if they die before I do, or move out of my life, or otherwise
cease to be Trusted?

This all feels like it's trying to apply the web-SAAS model to a domain where
it really doesn't fit.

I'd rather have a simple system where I could take any data, easily encrypt it
on the client-side, and put it somewhere that's going to stay around for a
long time (S3? thumb drive?). Then I give my lawyer the password and
instructions on how to use it, on a sheet of paper. At any point, I can upload
new data, replacing the old data. Digital security isn't as important because
it's always encrypted before it leaves my desk. I don't need to maintain
Trusted Friends because the only person with the password is my lawyer, who
keeps it with my will.

Dealing with my possessions after my death is a solved problem. It's possible
to simplify parts of it, but we shouldn't try to replace it entirely with
another model that discards the good parts of what we have.

~~~
blotter_paper
Here's a similar service with a straightforward description (I have no
connection, I think I saw this on HN):
[https://www.deadmansswitch.net/](https://www.deadmansswitch.net/)

Personally, I know a handful of people I would trust to execute a non-legally-
binding will who are also competent enough to combine a key and some encrypted
data if they have both.

~~~
StavrosK
That's mine, by the way, so I'm available to answer questions if anyone wants.

I'm actually planning to rewrite it and move it to a new stack soon. It also
accepts cryptocurrencies if you are so inclined (you have to email me to
arrange that, but I'll add a payment processor with the rewrite).

I plan to add some more features with the rewrite, mainly file hosting for a
monthly fee (many people have requested it).

~~~
fencepost
If you don't already have it the ability to specify multiple check-in email
addresses would probably be good. Too many ways to lose access to email
accounts for that to cause distribution of "if you're reading this then I'm
probably dead" messages.

~~~
StavrosK
Ah, good idea, thanks!

------
bronco21016
I’ve given a lot of thought to this problem lately after becoming a parent.
However, I just can’t picture trusting this to a third party. Ideally I’d
store my master password to my password manager and give instructions on what
accounts exist and what to do with them. By storing this on someone else’s
server I’m at risk of that data being leaked which is effectively the ‘keys to
the kingdom’. You can talk about encryption all you want but without knowing
what’s actually happening with that extremely sensitive data behind the scenes
I cannot trust your product. Perhaps a Bitwarden style model where the source
is provided could be a solution? Because Bitwarden is open source, self-host
able, and audited I can have some degree of comfort that my data is actually
encrypted client side and stored safely.

Speaking of the problem space, what non-tech techniques do people use for this
scenario? The best I’ve been able to come up with is storing the information
in two safes and leaving instructions on how to open the safe in a will or
with trusted persons. Other thoughts?

~~~
edoo
I bet someone makes a product with this someday
[https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing](https://en.wikipedia.org/wiki/Shamir%27s_Secret_Sharing).

You could in theory have a digital safe that you yourself can open with one
key, and a quorum set of 2 keys that require both. You distribute 1/2
combination keys to your kids and keep one yourself. When you die your 1/2 key
is passed to the kids who can now open the data. The keys themselves are
useless without the other keys so anyone in the chain of custody of the key
until it reaches your kids wouldn't be able to open the data. No one would
have to have your singular key.

~~~
kirushik
I've wrote [https://bs.parity.io/#/](https://bs.parity.io/#/) exactly for
this; it also tries to avoid the most obvious opsec mistakes, like trusting
your printer too much =)

BananaSplit is of very experimental quality, it hasn't been battle-tested and
independently reviewed yet. But at least it's there, it's FOSS, and I
encourage you inspecting the code, contributing to it, or re-hosting the HTML.

------
MrLeap
Interesting! This was kind of my software engineering II project back in
college a decade ago. I wrote it in PHP. You configured all sorts of different
actions that would occur if you failed to check in every once in a while
(there were lots of ways to kick the deadman switch down the road. A simple
phone app, you could text message a number with anything, you could send an
email..)

The idea was that you could configure "I loved you and never told you!" emails
to out, cancel your electricity / gas, ask people to return your videotapes,
send your top secret dossier to journalists, and give access to sekret
treasure maps if you get eaten by a bear while on a hike.

I never had the moxy to make it public, but I always liked the idea. I wish
you the best of luck!

~~~
mrdazm
Thank you so much!!

The version you built (dead man's switch + triggered workflows) is what I
envision for a phase 2 if this goes anywhere. :)

------
chadash
A few comments:

\- I think the pricing structure is way too high. $60/year is quite a bit for
what you are offering. At that price, I would rather rent a safety deposit box
with a bank and just tell my friends and family about it. That way, I can
store passwords as well as physical valuables there.

\- This seems a lot less useful than Lastpass's Emergency Access feature. Once
i'm trusting a third party with my secrets, I might as well keep it to just
one third party. Again, if the service was cheap enough, then maybe I wouldn't
care, but $60/year is a lot.

\- It also seems like a hassle to update my passwords in passbox every time I
change them. I'm going to forget. I need it to sync automatically.

~~~
bwanab
Are you sure you want to keep valuables in a safe deposit box?
[https://www.nytimes.com/2019/07/19/business/safe-deposit-
box...](https://www.nytimes.com/2019/07/19/business/safe-deposit-box-
theft.html)

------
madamelic
Get rid of $5.99 / mo, charge a flat $99 lifetime.

Monthly doesn't make sense at all for this kind of service. I have no plan on
dying anytime soon.

~~~
pheug
Monthly can actually make perfect sense for this kind of service as a signal
that the user's still alive. But yeah, $6/month is way too high.

------
teuobk
Free alternative: use one of several tools that implement Shamir's Secret
Sharing Scheme to split your master password into chunks. You can create a
bunch of chunks and require that at least a certain subset of them be used to
recover the password.

For example, you could encode your password into 10 chunks and require that at
least 5 chunks be presented together to recover the secret. Any 5 chunks of
the 10 (in this example) could be used, but it is mathematically impossible to
recover the secret with just 4 or fewer of the chunks (in this example). Thus,
you could spread those 10 chunks among 10 trusted friends, the idea being that
they would recombine the chunks only in the event of your death. Moreover, if
you are not yet dead, at least five of your trusted friends (again, in this
example) would need to betray you for your secret to be stolen.

~~~
mrdazm
What are some such tools that you know about/recommend?

I've also considered this for Passbox but needed to start simply.

~~~
peterwwillis
Not the same, but you can use two-man crypto verification to make sure a file
was signed/encrypted by multiple parties. Example:
[https://github.com/psypete/public-bin/blob/public-
bin/src/se...](https://github.com/psypete/public-bin/blob/public-
bin/src/security/twoman.sh)

------
beshrkayali
Asking users to trust a random web service with their most sensitive data
almost feels like a prank.

~~~
mrdazm
I'm with you. That's one of the big challenges I (and anyone in the space, I
presume) would have from outset. On the bright side Passbox would only be
random until it's not. The right news article, partnership or some other form
of validation would inspire trust. It's not there yet but any company has to
start somewhere and build up.

~~~
beshrkayali
Maybe. "random" wasn't intended to be the focus of my comment. But even if, I
can't see how something like this is feasible. Even with the best of
intentions, services get hacked and they break. A tiny mistake (maybe some
extra logging, now or down the line) could expose user's data. All services
dealing with personal data claim being secure, until users receive that
dreaded "we're sorry" email.

Maybe if you allow uploading files (that would be gpg encrypted by users,
locally) with some mechanism to have their keys physically sent to their
relatives in a way that you don't store it or even have access to it, it'd be
something worth paying for. But at this point, one can just get a safety
deposit box, and they can give their loved ones the encrypted file(s) even
before death.

------
kemiller2002
Serious question. Why wouldn't I just use a safety deposit box? Outside of the
convenience of being electronic what benefit does this add over a physical
storage space? The deposit box can store non-electronic stuff as well. When I
die, I can pass the key over to the executor and that person can go through
the contents etc.

~~~
mrdazm
To me I think that'd definitely work with static content/data and of course
physical items. Things like passwords, accounts, devices and any special notes
you may want to leave can change pretty often and presumably could become a
chore to replace in the box and get neglected.

It could also be a hassle handling physical keys and also re-assigning who
gets what. The barrier to having multiple and also changing accessors goes
down.

Overall I'm not knocking the deposit box approach but it could be a little
more work to maintain.

------
mrdazm
Hi all, original poster here.

I created Passbox after buying my first motorcycle and thinking that if
anything happened to me on it I'd like for my devices/accounts/photos and such
to not be walled off forever.

I'd love to hear your thoughts on the app, approach and any feedback in
general! Thanks!

~~~
cloudking
Cool idea but your pricing structure seems high. You should consider a one-
time lifetime fee, it aligns with your business model.

~~~
giancarlostoro
I would suggest a mix of both. The issue with lifetime fees is eventually
someone will start to cost you money. I had a friend who sold some lifetime
subscriptions to a VPN service, it's just not entirely feasible.

On the other hand, this is what I use BitWarden for, so my wife has access to
important accounts and vice-versa. BitWarden does provide free shared
passwords for 2 users.

~~~
mrdazm
And with lifetime pricing I don't like the idea of just keeping that money if
someone churns. Maybe I'm just not enough of a hardened business person haha.

In your case with Bitwarden you're sharing access to your credentials and such
with your wife right now, today, right?

With Passbox I'm looking to defer that access for data that makes sense. In my
case I'm currently single and no one else has access to my iPhone but if I
passed then maybe my mom or best friend should have that - as a hypothetical.

~~~
jaysh
If you're sticking with recurring, you'll still need to keep the data for some
time after the payments stop. The PR will be disastrous for you if someone
passed away, and therefore the payments stop, and then all of their data is
lost (worse: now imagine consequential financial loss from the loss of their
data). I don't know whether you could be held liable for that or not.

~~~
mrdazm
Coincidentally just addressed that here:

[https://news.ycombinator.com/item?id=21344759](https://news.ycombinator.com/item?id=21344759)

------
latchkey
I use [https://www.deadmansswitch.net/](https://www.deadmansswitch.net/)

Saved a PGP encrypted message to some friends. One time fee of $20, but the
free tier is more than enough. Super simple UX. I click a link in an email
once a month.

------
kylekelly
My solution is to doubly encrypt a 7zip file with 2 separate passwords and
send each password to a different individual so that they need to cooperate in
order to access the information.

I wrote about it a while ago on my blog here:
[https://kylekelly.com/posts/share-your-
passwords/](https://kylekelly.com/posts/share-your-passwords/)

I'm wondering if I missed an obvious security issue with this solution?

~~~
gjs278
they cooperate and steal from you

------
achikin
Why not print all that data out and give it to someone you trust or keep it in
a deposit box which can be legally passed to your family?

~~~
mrdazm
Thanks for this. In my opinion that's not ideal because:

1\. They'd have access right then and there

2\. You could use a traditional password manager for that

3\. Data changes could become more of a hassle to keep up-to-date

------
bobbonew
I’m surprised there wasn’t a lifetime plan for $5.99. The cost to store that
amount of minimal data is moot. I would never pay monthly for something like
this - but would likely jump in a second for my aforementioned plan.

Good idea thinking out of the box with your SaaS. Good luck!

~~~
mrdazm
Thanks for your feedback and compliment!

As you can imagine I had to pick an approach and run with it. Nothing’s set in
stone and I’m considering the exceptional feedback throughout to see what
changes I should make that are mutually beneficial.

Taking pricing off the table would you be game to give the app a test drive
and email me your feedback/thoughts?

Thanks again!

------
Deadswitch
[https://deadswitch.com](https://deadswitch.com)

~~~
mrdazm
500 error here

------
troymc
This service (Passbox) seems to be equivalent to LastPass's "Emergency Access"
feature. See:

[https://support.logmeininc.com/lastpass/help/set-up-and-
mana...](https://support.logmeininc.com/lastpass/help/set-up-and-manage-
emergency-access-lp030013)

~~~
ropiwqefjnpoa
LastPass is cheaper too. Or if you're really cheap, leave your lastpass login
written down somewhere where friends and family will find it.

~~~
mrdazm
Thanks for this.

LP is cheaper depending on how many users you have. My current model allows
for unlimited trusted users (people who can request access to your account)
for the same price. LP charges per user.

------
offmycloud
If a person dies and their payment card stops working, does the account get
suspended for non-payment?

~~~
mrdazm
I haven’t coded anything for that yet but my thinking is to possibly have the
third party user pay the balance of what’s owed (probably up to a cap) to
access the account owners data. Reason being that without that anyone could
ride for free by using a card that is then canceled

Thanks for your question!

------
quickthrower2
Another solution is to share the data with friends and family why you are
living. Most services and passwords can go with you to the grave no dramas.
Bank accounts etc. would be covered by a will. Access to domains etc.:
Personal blog, who cares (just author in Github then someone can grab the
source if they want) anything valuable domain wise should be owned by a
company. That company should have procedures if you die and probably will
share passwords between trusted owners or employees.

~~~
mrdazm
I don't disagree with you here. I just aim to offer a one-stop shop to get
that access.

The ideal scenario too is for credentials, data, etc that's not currently
shared between people when alive. So I, for example, as a single dude don't
have anyone else with access to me iPhone, email, or Facebook. That's not
something I'd just hand over to anyone just in case. In a Passbox scenario
though then by all means!

------
mayneack
> Bank-Level Security (using AES Encryption)

I know what they're trying to do, but "bank level" doesn't inspire confidence.
Financial institutions have regularly clunky rules like max password sizes,
and I've gotten a plain text password emailed to me by a bank before. I also
feel like they're over represented in the Troy Hunt security shaming
([https://twitter.com/troyhunt](https://twitter.com/troyhunt)).

~~~
mrdazm
Thanks!

------
kangnkodos
My trusted friend decides to try to access all my online accounts, and
requests access to my Passbox. Passbox sends me an email informing me of the
request.

Oops. The email from Passbox ends up in my junk email folder by mistake. I
never see it.

After the waiting period, my trusted friend gets the information from Passbox
and proceeds to wreak havoc with all my online accounts.

No thanks.

~~~
mrdazm
Thanks for your comment!

Email is the current approach I decided to _start_ with but isn't the only way
to go about it. Voice calls, text messages and maybe even push notifications
(if a mobile app materializes) are feasible approaches too.

------
adam_ellsworth
For those (with gmail accounts) looking for other alternatives, Google
provides something like a "Dead-man's Switch":
[https://publicpolicy.googleblog.com/2013/04/plan-your-
digita...](https://publicpolicy.googleblog.com/2013/04/plan-your-digital-
afterlife-with.html)

------
miguelmota
Two concerns:

1\. I don't think I can trust a new 3rd party with private data

2\. I don't think this service will live long enough to be around for another
50+ years

This service makes sense for people who are highly likely to die or become in
a vegetable state someday soon like stuntmen or intense sport athletes

~~~
mrdazm
I’m with you on number 1. It’s going to be an interesting challenge to
overcome but I’m mindful that even the biggest of names today started from
scratch.

Understood on your second point but should it be wound down it’s easy to
contact everyone, provide a suitable sunset notice and allow off-boarding.

Thanks for your comments!

------
ken
You should line up the free and paid features, perhaps in a table. I can't
glance at a list of 8 items and a list of 10 items and distinguish what
changed between them, so I'm not sure what I'd be paying for.

~~~
mrdazm
Thanks for this comment!

------
LinuxBender
My method is to give half of a passphrase for a keypass file to family
members. My attorney will hand over the other half.

------
wheelerwj
There's another on, key2lyf.com which is really similar. I love these kind of
ideas.

~~~
mrdazm
Thanks for the head's up!

------
GaryNumanVevo
What if Passbox dies before I do?

~~~
mrdazm
[https://news.ycombinator.com/item?id=21344639](https://news.ycombinator.com/item?id=21344639)

------
Dolores12
Wouldn't it be nice to leave 60$/year to those you really care instead?

~~~
chacha2
$60 is a lot for something a notepad in your desk could achieve. Never mind
any additional security risks caused by this.

------
option_greek
I thought about doing this several times but backed off because of dark
connotations with death :)

~~~
mrdazm
It took me a while to even mention death in my copy but I know I have to
embrace it - it's part of life!

------
yellowsir
i rather die, then giving a 3.american company my PWs.

~~~
mrdazm
You'd really be giving the company garbled (read: encrypted) data and allowing
folks you care about access to your actual data/passwords/notes/whatever.

