If you own a home, are married, have kids, or really just live in this world, you know how easy it is to accumulate documents. Some are important records you need safeguard; some just feel important. Where do you store yours?
Do your loved ones a favor and organise these important documents, so in case
something happens to you, they can easily make financial decisions and act on
your behalf.
The Important Documents You Need to Keep
Depending what type of documents you're dealing with, you need to store some of them for certain periods of time, others you can digitise, and others you can throw away. Lets start with the important documents:
In general, you want to keep physical copies of anything related to state or federal matters, including certifications, licenses, or deeds. The reason is twofold: you want to have easy access to these in case you need them, and they're also a pain to replace because you typically need to make a direct request to the government agency, which takes a lot of time. You should also include a document with the location of any physical documents within the above list.
As an online citizen, you don’t want to be that person. You know, the one whose password was so easy to guess that his email account was broken into and you now keep getting upset emails from people who have been spammed, with XXX site marketing from your email account.
You’ve learned that passwords like “brisbane”, “brisbane56”, and even “L0u|>Bris3r” are terrible because they’re easily guessed. You now know that the most important aspect of a password is its length combined with basic padding and character variation such as “/* Thunder is coming! */”, “I live <em>in brisbane</em>!”, or “1.big.BANG@brisbane.com.au”.
In fact, you’re probably clever enough that you don’t create or remember most of your passwords anymore. You use a password manager to automatically generate and store unique and completely random passwords for all of your accounts. This has simplified your life so that you only have to remember your “master password” that will get you into where you keep all the rest of your usernames and passwords.
You also understand that your email account credentials are a skeleton key for almost everything. For this reason, you probably realise it is critical to protect your email login with “two-factor” authentication. That is, your email account should at least be protected by:
a) Something you know (your password) and
b)Something you have (your cellphone), that creates or receives a one-time
use code when you want to login.
On top of all of this, you try your best to follow the trusty advice that your passwords should be ones that nobody could guess and you never ever write them down, or keep them in your wallet.
But what if something happens to you? If you’ve done everything “right,” then your master password and all your second factor details go with you.
And then there are your encrypted files. Maybe you’re keeping a private journal for your children to read when they grow up. Wherever you fall on the spectrum, what do you do with such encrypted data?
Modern encryption is very good. If you use a decent encryption program with a good password/key, then it’s very likely that no one, not even a major government, could decrypt the file even after hundreds of years. Encryption is great for keeping prying eyes out, but it could sadden survivors that you want to have access to your data. The thought of something being lost forever might make you almost yearn for the days when you just put everything into a good safe that’s rated by how many minutes it might slow somebody down.
Let’s borrow an ancient yet incredibly useful idea: if it’s really important to get your facts right about something, be sure to have at least two or three witnesses. This is especially true concerning matters of life and death but it also comes up when protecting really valuable things.
By the 20th century, this “two-man rule” was implemented in hardware to protect nuclear missiles from being launched by a lone rogue person without proper authorization. The main vault at Fort Knox is locked by multiple combinations such that no single person is entrusted with all of them. On the Internet, the master key for protecting the new secure domain name system (DNSSEC) is split between among 7 people from 6 different countries such that at least 5 people are needed to reconstruct it in the event of an Internet catastrophe.
If this idea is good enough for protecting nuclear weapons, the Fort Knox vault, and one of the most critical security aspects on the Internet, it’s probably good enough for your password list. Besides, it can make a somewhat uncomfortable process a little more fun.
Let’s start with a simple example. Let’s say that your master password is “1.big.BOOM@thunder.com.au”. You could just write it out on a piece of paper and then use scissors to cut it up. This would work if you wanted to split it among 2 people, but it has some notable downsides:
Fortunately, some clever mathematics can fix these issues.
VillageMall has uniquely combined a number of traditional cryptographic and
mobile technologies, together with a geographical redundant cloud storage to automate all of this to hopefully make the whole process painless.
Now comes the hard part: you have to select three people you trust. You should have high confidence in anyone you’d entrust with a secret piece. It’s easy to get caught up in gee-whiz cryptography and miss fundamentals: you ultimately have to trust something, especially with important matters. VillageMall secret splitter provides a trust circuit breaker just in case (because even well-meaning people can lose important things. If you trust no one, then you can’t have anyone help you if something happens. Typically the people you trust will be the closest to you, your family, and professionals like accountants and lawyers.
For demonstration purposes, let’s say you trust 3 people.
You now have to distribute these secret pieces. You could do all sorts of clever things like send letters to people that will be delivered far in the future or read them over the phone. However, distributing them in person is a pretty good option:
It can make the family table discussions even more fun:
Let’s pretend that something happened to you. Two of the three family members that you gave pieces to would come together and agree that “something” indeed has happened to you. What happens now?
Well, either you included a note with each secret piece or you emailed them previously with instructions, they simply visit VillageMall, enter their "pieces" The pieces come together and provide access to the previously stored encrypted data.
Secure Family Documents implements a “(n of m) threshold cryptosystem” which can be thought of as a mathematical generalisation of the physical two-man rule. The idea is that you split up a secret into pieces (called “shares”) and require at least a threshold of “n” shares to be present in order to recover the secret. If you have less than “n” shares, you gain no information about the secret. Whatever threshold you use, it’s really important that each “shareholder” know the threshold number of shares.
You can be quite creative in setting the threshold and distributing shares. For example, you can trust your spouse more by giving her more shares than anyone else. The key idea is that a share is an atomic unit of trust. You can give more than one unit of trust to a person, but you can never give less.
Another important practical concern is that you should consider adding redundancy to any threshold system. This is easily achieved by creating more shares than the threshold number. The reason is that if you’re going out of your way to use a threshold system, then you probably want to make sure you have a backup plan in case one or more of the shares are unavailable.
Setup
Sample message, we email to your parties, or simply copy and put into an envelope.
"Dear Tom,
Here is the latest secrets, as of 10/1/2014, I discussed with you.
If something happens to me, then you will be able to use this secret,
along with the secrets distributed to others, to access our "Family Documents".
Your secrets
4e-1-f84424343cd26e29341a
Hopefully you will not need this for a really long time, but it's here in case.
Thanks
John Smith
Instructions
1. You will need at least 2 secrets to access the Family Documents
2. Get together the minimum required set of 2 secrets from yourself and the
holders listed below
3. Go to https://www.familydocuments.biz/account_recovery.aspx
4. Enter in the account tom.smith@myemailaddress.com.au
5. Enter in at least 2 secrets
6. You will be granted access to our secure Family Documents
Holders of Secrets
Sue Smith, Jane Smith, Harry Smith"
Operation
Add your documents, to your secure storage, using your VillageMall
Single Sign On account.
All of your documents are encrypted in transit, i.e. while you are uploading
to our Secure Storage, and also encrypted at rest, i.e. while stored in our
secure storage.
Note, your access to our Service can optionally make use of
Googles' Multi-Factor-Authenticator on your mobile phone, or any
Time-based One-time Password (TOTP) device or phone application,
the choice is yours.
Yes, this is better security than your current on-line bank account, which
typically is old world (read archaic, or minimal) access security, unless you
are a business and pay big bucks.
Recovery, secure access to your parties
In the event that access is required to the Family Documents, your parties
get together and access our online recovery site, details were included in the
instructions above, and enter in the account detail, plus their individual secret
pieces into our "Recovery Access" logon screen as below.
If the following conditions are meet:
then access is provided to the Family Documents within the account, identified by the account email address.
Examples
Want to allow access for three children and your accountant or lawyer, but
prevent the three children access on their own.
Set the threshold to 4, give a share to each child, and three shares to your
accountant.
This requires your accountant to get at least one share from your children, and
your children need your accountant to access, i.e. all three children cannot
access alone.
If one of your children is more mature than the others, and you want to allow
your children alone to access, give 2 shares to the mature child, and then the
mature plus all the other children can access the account without the need for
the accountant. The accountant plus one child can still access your account.
Almost all access risks can be managed with a combination of threshold setting, and distributed shares to your parties.
The important thing is that this all just works, VillageMall has been developing high assurance security solutions for Military, Governments world wide for the last 20 years, and now this same technologies can be applied to your most trusted documents..
Your piece of mind, for you and your family is just $20 per year, for up to 25 secure Documents, and up to 6 key Parties.
Accountants and legal firms, contact us for Practice pricing.
Take a look on the Web, or follow the links below:
Technical Details