Show HN: If you lose your memory, how to regain access to your computer?

Posted by eljojo 3 hours ago

Show HN: If you lose your memory, how to regain access to your computer?(eljojo.github.io)

Due to bike-induced concussions, I've been worried for a while about losing my memory and not being able to log back in.

I combined shamir secret sharing (hashicorp vault's implementation) with age-encryption, and packaged it using WASM for a neat in-browser offline UX.

The idea is that if something happens to me, my friends and family would help me get back access to the data that matters most to me. 5 out of 7 friends need to agree for the vault to unlock.

Try out the demo in the website, it runs entirely in your browser!

82 points | 79 comments

bitexploder 2 hours ago|

Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.

repiret 59 minutes ago||

This is what I do too, but be warned about “fire proof” - a fire that results in the total loss of your house will create enough heat for enough time that fireproof gun safes and smaller fireproof lockboxes will be destroyed, or even if not, their contents will get hot enough to combust anyway.

A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses.

It’s probably not practical to really be robust against fire without being buried several feet deep.

Eduard 32 minutes ago|||

https://en.wikipedia.org/wiki/2025_Gelsenkirchen_heist

In December 2025, items worth an estimated €30 million were stolen from a Sparkasse bank in the Gelsenkirchen suburb of Buer, Germany. The thieves used a large drill to break into the bank's underground vault and proceeded to crack over 3,000 safe deposit boxes.

nerdsniper 13 minutes ago||

Don’t need events that extreme. Regular branch banks have stuff go missing from the safety deposit boxes shockingly regularly. The locks aren’t particularly secure and various people are able to access them. It can be hard to find articles about them because they don’t make the news like the more remarkable incidents do. Examples of boring security box failures (but that were noteworthy in other ways so they did make the news): Jennifer Morsch, Roberta Glassman, Lianna Sarabekyan (multiple customers affected), Philip Poniz, Wells Fargo in Cape Coral FL, Wells Fargo Katy TX (many customers affected, blamed on road construction down the street), lots of individual stories where banks just totally stopped following their own procedures on ID checking and logging.

The vast majority of these don’t make the news because there’s no proof there was even anything inside the box in the first place so anyone could be lying.

> Mr. Pluard, who tracks legal filings and news reports, estimates that around 33,000 boxes a year are harmed by accidents, natural disasters and thefts.

> Oddly, the bank returned to him five watches that weren’t his. “They were the wrong color, the wrong size — totally different than what I had,” Mr. Poniz said. “I had no idea where they came from.”

https://archive.is/j8e6x

ses1984 50 minutes ago||||

Another solution is to engrave your secret on something that’s stable up to household fire temperatures.

0cf8612b2e1e 34 minutes ago||

A real innovation from the Bitcoin world! There are several physical password store systems that they have suggested for this kind of use case. The simplest is basically using a nail to punch out a password onto a piece of sheet metal.

echoangle 28 minutes ago||

Just make sure that the metal you use has a high enough melting point.

eljojo 50 minutes ago||||

do you store stuff in a bank? could you tell me more about it? my account gives me access to one for free and been meaning to put a yubikey there for a while but never have

nightshift1 24 minutes ago|||

Safe deposit boxes are not safe. There are many stories of peoples stuff going missing.

ex: https://www.cbc.ca/news/safety-deposit-box-protection-1.7338...

https://archive.is/www.nytimes.com/2019/07/19/business/safe-...

cyberax 30 minutes ago|||

I do. I have a small safe deposit box in my local branch for about $1 a year.

It's great if you want to store some documents. But don't expect _real_ security. It's guarded by a minimum-wage employee, and the keys are usually laughably insecure. Banks know this, so they cap their liability for the loss of the deposit box at around $1000.

So don't even think about storing gold bars there, like they do in movies.

There _are_ companies that provide safe storage for high-value items, but they are pretty exotic.

eljojo 10 minutes ago||

that's... a really good perspective to have, thanks for sharing!

willmadden 19 minutes ago|||

Not true with deep basement floor safes and a waterproof bag or better yet a UL Class 350 box inside the floor safe.

maurycyz 1 hour ago|||

This. A physical safe provides something that you can't do digitally: It's hard, but not impossible to get in without credentials.

On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.

kylehotchkiss 1 hour ago||

I've broken into Physical Safes using nothing more than a drill with a half inch bit (I was young and didn't want to drag myself to harbor freight to sacrifice a more suitable tool). Enough boreholes and I had access.

In hindsight, looking harder for the key would probably have been fruitful.

0cf8612b2e1e 1 hour ago||

Nothing says you cannot trivially encode the paper password. Those in the know understand that you need to append “BoomShakalaka”, replace “A” with “Q”, or some other super simple modification to what is recorded.

Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.

mathstuf 40 minutes ago||

I've thought about making a "word search" and embedding the passphrase in it using a pattern (e.g., a subset of a Knight's tour, a space-filling curve overlay, or some other sampling algorithm).

unsnap_biceps 17 minutes ago||

https://www.passwordcard.org/en

I used to keep a password card in my wallet and had a pattern I would use.

munk-a 1 hour ago|||

Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).

In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).

rcxdude 1 hour ago|||

Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)

spockz 47 minutes ago|||

Apple has this thing called Legacy Contact which allows the same but then built in to the whole Apple account. This includes devices as well as the iCloud ~~and attached keychains. Granted, it is another hoop to jump through compared to presharing keys with each other.~~

It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”.

Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain…

eljojo 38 minutes ago|||

I didn't know about bit warden doing this until today! I definitely have to look closer into it, been using 1password for more than a decade and I keep being disappointed. I'd definitely like off-sourcing this to someone instead of building it myself

eljojo 38 minutes ago|||

this is honestly a very pragmatic solution. the amount of life-long relationships i've seen vanish overnight has got me to reconsider my choices when it comes to single points of failure.

I like the idea of the lawyer, unlike normal people, they like sticking to their promises.

eljojo 51 minutes ago|||

sometimes simpler is the best. I am always on the move so vaults don't jive well with me. my concern would be for something to still happen to it, too. I'm trying to go by the principle of not putting all my eggs on one basket.

rcxdude 1 hour ago||

In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.

econ 1 hour ago||

I like it. Perhaps you can use a weird idea of mine.

You can discard/modify part of a password before sending it to your backend. Then, when you log in the server has to brute force the missing part.

One could extend this with security questions like how many children pets and cars you own. What color was your car in 2024. Use that data to aid brute forcing.

The goal would be to be able to decrypt with fewer than 5 shards but make it as computation heavy as you like. If no one remembers the pink car it will take x hours longer.

ImPostingOnHN 7 minutes ago||

That is a neat take on "key strengthening", or "peppering":

https://crypto.stackexchange.com/questions/20578/definition-...

eljojo 1 hour ago||

ohhhh that's brutal haha! for context my app runs entirely clientside, but I get it, it's an interesting idea...

2color 31 minutes ago||

I like that more people are thinking solving some of the problems of digital inheritance we face. These are problems that are so important now that so much of our lives are digital and tapping into ones actual social circle seems the best way to do this.

Also, kudos for packaging it as a static web app. That's the one platform I'm willing to bet will still function in 10 years.

gingerlime 1 hour ago||

Other than passwords though, I also have stuff installed at home on a Synology NAS, a mail server, a VPS running some websites (my own, family, my wife's), Home Assistant, Family photos with backups etc etc.

I wonder who would not only have the passwords, but the know-how to manage the whole thing, at least to transition it to more managed services...

reddalo 40 minutes ago||

Me too. I'm starting to self-host more and more services for both me and my family, and I wonder what would happen should I meet a bus in a front-facing way.

thephyber 55 minutes ago|||

Don’t assume that anyone can.

If you want someone to be able to access it after you’re gone, either put 1000 BTC in it or leave instructions. Paper instructions in a physical fireproof safe is way easier to deal with than any digital encryption with no hints.

eljojo 52 minutes ago||

you're completely right! the app actually guides you on some of that, it generates a readme that gives you advise on what to document, but I agree you can't be too careful here, the passwords IS NOT ENOUGH.

You need to give people "a map" of where things are: https://github.com/eljojo/rememory/blob/main/internal/projec...

nippoo 1 hour ago||

This kind of thing, widely implemented, would be a game-changer for dealing with assets after someone's death! I maintain my family's IT infrastructure (Google Enterprise admin, webserver etc) and I've been tempted to write down 1/4 of my password manager root password and give it to each of my family members - but then we run into the problem where if any one of them loses their shard, it's unrecoverable. Some kind of ECC would be great - ideally where I could print it out onto various bits of paper with a user-definable redundancy, or better still, some kind of reciprocal system where (say) 8/10 members of a trusted friend group/family ring could unlock any other member's password...

rcxdude 1 hour ago||

Shamir secret sharing is the cryptographic thing that you want. You can can configure any M of N to be needed to recover the underlying secret.

(If you have a trusted third party, you can also enforce a cooling off period: e.g. that any attempt to access results in a notification to the account holder that if not denied within some time period, access is granted)

tmpfs 50 minutes ago|||

We care about this porblem and are actively working on it, like the OP we also settled on shamirs secret sharing with a time lock mechanism.

However, there is still the issue of the service provider going offline or out of business which we don't have a solution for yet.

We have started with a good password manager and will be adding digital inheritance/social recovery soon! [0]

Take a look, thoughts and feedback welcome.

[0]: https://saveoursecrets.com

eljojo 35 minutes ago||

services going offline is a big concern for me! that's why my solution is offline first, I like the idea of the encrypted backup living in my friend's email inbox and working entirely without internet. a true hard copy.

for the time lock mechanism, how do you go about it? I'm interested in exploring using drand time lock, but that also relies on the service continuing to run (which is admittedly very likely) https://github.com/drand/tlock

nandomrumber 1 hour ago|||

You can give your password, or part of it, to your estate lawyer to attach to your will.

This is obviously more cumbersome, and probably costly, if you intend on changing your password. I guess you could change the part of it you don’t store with them.

eljojo 1 hour ago||

yes! I am starting to do some planning on that myself, that's why I'm in that kind of mindset. If you know more people in this space, please share this with them! would love to get feedback

cbabraham 1 hour ago||

aw, friend of mine built this way back in the day

https://michael-solomon.net/keybearer

https://github.com/msolomon/keybearer

eljojo 55 minutes ago|

no way!!!! I searched for a long time for a solution like this, many could encrypt using shamir but none took an actual file with browser upload and easy UX. and like, 14 years ago? my hats down to you my friend.

my zip bundles are 1-2 megabytes due to all the wasm, and you achieved this on so little. impressive job!

I'd love to hear what you think about mine, one of the differences is that it creates a ZIP file containing the recovery app in it, as well as a PDF with instructions for non-technical friends. Overall trying to make the recovery experience as smooth as possible.

but cheers, your version is the only one that I found that does basically what mine does, all the others fall short one way or another!

thephyber 52 minutes ago||

I wonder how many thousands or millions of useful projects are so well hidden that they are effectively nonexistent.

eljojo 34 minutes ago||

you know, I've always thought that "If I know I have something... somewhere, but I don't know where that thing is is, I have effectively lost it"

mohn 22 minutes ago||

I agree with the sentiment, and the specific wording of your comment made me want to link to the classic bash.org quote[0] which has consistently been in the top 5 for a long time, but I just learned that we lost bash.org... :(

[0] https://web.archive.org/web/20230610235249/http://bash.org/?...

eljojo 16 minutes ago||

ayyyyyyyyyyyy lmao 100%

also RIP bash.org found out thru you :(

rawgabbit 1 hour ago||

For my personal passwords, I use Apple's password manager. It lets me share passwords with my family. I also created a folder on Apple's iCloud that I share.

https://support.apple.com/guide/iphone/share-passwords-iphe6...

https://support.apple.com/guide/icloud/share-files-and-folde...

eljojo 7 minutes ago||

I've been so tempted to try out the apple password manager, I'm fully vested in their ecosystem, but the lock in is too big for me to feel comfortable with.

This is the sort of stuff that terrifies me https://hey.paris/posts/appleid/

politelemon 55 minutes ago||

Despite the convenience factor, it isn't great to use a manager tied into your own ecosystem. It should exist outside, with the minor factor of lesser convenience.

mikkupikku 29 minutes ago||

I'm a firm believer in passwords on sticky notes.

(At home of course, people get pissy if you do this at work!)

ddtaylor 2 hours ago||

I suffered a traumatic brain injury (TBI) related to an e-bike accident two years ago. I woke up in the ICU after a short coma-like thing and the nurses/doctors asking me questions and it was clear I was answering for the 10th time or more, like we had all done this before, but I couldn't remember anything.

Thankfully my very long password I use for an encrypted Borgbackup I have was somewhere deep or untouched, but, otherwise I would have been fucked. Also, the backup codes Google told me they would always accept failed and it wasn't until I found a random unused Android device in a drawer that had been unused for a year was I able to get access back to my Google account of ~25 years.

ericbarrett 2 hours ago||

I also had old Google backup codes fail a few years ago. Anybody who hasn't regenerated them in a year or two, I recommend you do so.

lucenet 1 hour ago||

Well, this is disturbing news.

bornfreddy 33 minutes ago|||

I have (had?) a Google account tied to my email (which is on a domain I own). Not sure if I ever gave them my phone number, initially. Tried to login a few years back, correct password, but they insisted on me entering my phone. Finally I did - and they can't let me in because my "provider is not supported" and they can't send an SMS with the code, so I'm locked out. Tried every few months since then, no go. Fortunately I didn't lose much (except some family photos), but it is annoying as hell. I wouldn't trust Google with anything important. And yes, I tried with an brand new number on a new phone, unrelated provider. No dice. According to reddit I'm far from alone in this. So if you rely on a Google account for anything... Well, good luck!

Zambyte 1 hour ago||||

Google services are best treated as a liability.

tencentshill 1 hour ago|||

Make Google Takeouts a part of your backup routine.

eljojo 1 hour ago||

my stomach turned into a knot just reading your story. I know that feel of waking up surrounded by nurses not knowing what happened. I'm so glad you had proper backups!!!!!!!!!!

this exact story is why i built my app, thank you so much for sharing.

my hope is to basically make a next version of your plan that's distributed among friends.

cedws 1 hour ago|

I also gave this problem some thought: https://github.com/cedws/amnesia

eljojo 54 minutes ago|

oh hey, nice timing! good name too, I see we're both on the same wavelength there. I'll link you from my readme!

More comments...