Unlock to family member on death
A lightweight and easy-to-use password manager
Brought to you by:
dreichl
Menu
▾
▴
#1989 Unlock to family member on death
Could you add a feature to allow a family member to enter the database once the owner of the database is deceased.
To assist I came up with an idea or two.
It will have to be an opt-in feature where the user chooses to add a family member or not.
I had thought of E-mail as the option to unlock, but I think a much better idea to minimise security concerns as well as programming time would be a way of linking the Keepass databases together into a family database.
A key could be planted into another database to unlock the present database with a time out period for example 48 hours (could be user set) after which if the owner of the database has not opened the database and reset the time-out period, it will change the password of the database to the other databases' password allowing the family member into it.
I think this feature will be essential for most users going forward, the only present alternative is to store the password manually in the other database which will rapidly go out of date.
KeePass does not provide for, and is not likely to introduce a backdoor to password databases.
KeePass' current encryption key derivation process is not compatible with a stable backdoor because if the primary user changes the database Master Key, the encryption key is changed and the original encryption key is no longer valid.
A user that wishes to make the contents of their database available to trusted parities in the event of emergency can backup their database Master Key to a safe location such as a Bank Safe deposit box; or they can share their Master Key with the executor, beneficiaries or other trusted individual(s) (perhaps in a KeePass database that the trusted party can access). However in all cases, if the primary database owner changes the Master Key, all backup(s) must be updated because the superseded Master Key will no longer be valid.
To put it another way, any procedure that could be used to access a person's database after death could also potentially be used to access it "prematurely", i.e. illicitly. In the example given, all one needs to do to trigger the proposed emergency provisions is to copy the pertinent database(s) to a flash drive and set it aside for the specified period of time - or, even simpler, to advance the clock on the computer used to access it.
This request effectively is a duplicate of the other FR for multiple master keys / users. If this is implemented, FR 1989 extends this by a time-based information disclosure (disclosing the secondary master key), which requires a secure server and is out of scope of KeePass.
Best regards,
Dominik