Comment by bitexploder
18 days ago
Low tech: I put my secret manager password in a physical journal that is locked in a fire proof, water proof vault and hidden somewhere only my partner and myself know where it is. I use a password manager. Everything else goes in the password manager.
This is what I do too, but be warned about “fire proof” - a fire that results in the total loss of your house will create enough heat for enough time that fireproof gun safes and smaller fireproof lockboxes will be destroyed, or even if not, their contents will get hot enough to combust anyway.
A bank safe deposit box offers a different security profile that’s probably more robust against fire because banks burn less often than houses.
It’s probably not practical to really be robust against fire without being buried several feet deep.
Just went through this. Sample size one:
While the fire resulted in the total loss of the house it was actually the water from the fire department not the heat that did proportionally more damage.
As a mental model you shouldn’t think of it as “what if my house burns down?” so much as “what if nice strangers roll up to my windows and chainsaw through my roof and spray 50,000 gallons of water in here?”
Yes everything in the mechanical room melted but everything in the rest of the house got hot, smoky, soaked and then moldy.
For root of trust materiel like social security cards, cash, passports put in a ziplock bag in a fireproof, waterproof safe. But for other storage I use clear “Ezy Storage” brand stackable 50L tubs labeled with Homebox QR codes. In the US, Target and Home Depot frequently stock them. I am very anti black and yellow tubs.
The majority of work post-fire goes to itemizing your house inventory for insurance. Even cataloging all your bathroom’s soaps by brand name rather than generic can make $100 difference. Multiply that by 500x different things.
From a threat model perspective I look at rooms from a “what would be salvageable in here if I emptied a swimming pool’s worth of water from some fire sprinklers”. Furniture and TVs are easy to replace. Other stuff less so.
We did that with major hail damage a few years ago. I learned that in a disaster, you should count on everything being junk, and you're lucky if you can salvage anything. We also learned the value of itemized lists.
1500/piece for 20 junk windows I was building a greenhouse with that I dug out of the trash the year before. $250 for a bird feeder because they couldn't find one outside of specialty stores. $40k instead of 10k for a new roof on the shed because it was heavier gauge metal than standard.
Exact replacements can be expensive, but you need to make sure your insurance has 100% replacement instead of adjusted for age or like-kind replacements.
After that experience, we itemized EVERYTHING in the house with make, model, serial number, and color. It was a bitch to get set up, but took the value of our home contents from around 75k to over 250k for exact replacements.
Copies of these records along with our master password for our keepass database are in two bank deposit boxes about 45 minutes apart. For $50/year we can sleep easy.
5 replies →
My insurance agent has recommended that once a year or so I carefully walk through the house with a video recorder, opening every cabinet and drawer and tool box and so on. It's easier than constructing a detailed inventory, but gives you the raw data you need to construct one in the unlikely even that you need it.
2 replies →
> I am very anti black and yellow tubs.
Would you mind sharing more about these tubs and why you are against them?
3 replies →
This is very interesting and will inform changes in how I secure some items. Thanks for the new perspective.
>put in a ziplock bag in a fireproof, waterproof safe
In the event of a fire, the bag will melt and coat everything in plastic. This may be undesirable.
https://en.wikipedia.org/wiki/2025_Gelsenkirchen_heist
In December 2025, items worth an estimated €30 million were stolen from a Sparkasse bank in the Gelsenkirchen suburb of Buer, Germany. The thieves used a large drill to break into the bank's underground vault and proceeded to crack over 3,000 safe deposit boxes.
Don’t need events that extreme. Regular branch banks have stuff go missing from the safety deposit boxes shockingly regularly. The locks aren’t particularly secure and various people are able to access them. It can be hard to find articles about them because they don’t make the news like the more remarkable incidents do. Examples of boring security box failures (but that were noteworthy in other ways so they did make the news): Jennifer Morsch, Roberta Glassman, Lianna Sarabekyan (multiple customers affected), Philip Poniz, Wells Fargo in Cape Coral FL, Wells Fargo Katy TX (many customers affected, blamed on road construction down the street), lots of individual stories where banks just totally stopped following their own procedures on ID checking and logging.
The vast majority of these don’t make the news because there’s no proof there was even anything inside the box in the first place so anyone could be lying.
> Mr. Pluard, who tracks legal filings and news reports, estimates that around 33,000 boxes a year are harmed by accidents, natural disasters and thefts.
> Oddly, the bank returned to him five watches that weren’t his. “They were the wrong color, the wrong size — totally different than what I had,” Mr. Poniz said. “I had no idea where they came from.”
https://archive.is/j8e6x
3 replies →
Yes but your house has to burn down and you have to simultaneously lose your memory.
If your house and PC burn, restore from online backup.
If your brain burns, spouse restores from vault.
This assumes having a spouse.
2 replies →
Another solution is to engrave your secret on something that’s stable up to household fire temperatures.
A real innovation from the Bitcoin world! There are several physical password store systems that they have suggested for this kind of use case. The simplest is basically using a nail to punch out a password onto a piece of sheet metal.
7 replies →
That inventory will be available for seizure by court order for any variety of reasons, and you won't ever know about it until it's too late.
Something you keep in your home that no one knows about won't be inventoried.
Floor safes do better than above-ground safes.
Only thing about safe deposit boxes - make sure that things needed in the event of your death, especially your will, are not there.
The bank will seal the box as soon as they discover you are dead, and require a court order. Without a will, the executor will be whatever statutory person your state calls for.
>robust
Is there a better class of safe one could use that might be more successful even if not a guarantee? F/e even with a safe deposit box, one might still have some lower-tier items that would be impractical to store in one but you might want to do better than just out in the open.
Yea, bankbox is probably the best choice. In the extremely unlikely case the bank box gets robbed you will find out about it and can rotate the key.
Well just hope your house doesn't burn down and you lose all your memories at the same time.
I know there’s metal plates you can self stamp for crypto wallets. I’m sure you can do the same for this purpose.
do you store stuff in a bank? could you tell me more about it? my account gives me access to one for free and been meaning to put a yubikey there for a while but never have
I do. I have a small safe deposit box in my local branch for about $1 a year.
It's great if you want to store some documents. But don't expect _real_ security. It's guarded by a minimum-wage employee, and the keys are usually laughably insecure. Banks know this, so they cap their liability for the loss of the deposit box at around $1000.
So don't even think about storing gold bars there, like they do in movies.
There _are_ companies that provide safe storage for high-value items, but they are pretty exotic.
1 reply →
Safe deposit boxes are not safe. There are many stories of peoples stuff going missing.
ex: https://www.cbc.ca/news/safety-deposit-box-protection-1.7338...
https://archive.is/www.nytimes.com/2019/07/19/business/safe-...
5 replies →
This. A physical safe provides something that you can't do digitally: It's hard, but not impossible to get in without credentials.
On the internet, it's either: Public for anyone in the whole world, or impossible to recover if anything goes wrong.
I've broken into Physical Safes using nothing more than a drill with a half inch bit (I was young and didn't want to drag myself to harbor freight to sacrifice a more suitable tool). Enough boreholes and I had access.
In hindsight, looking harder for the key would probably have been fruitful.
Nothing says you cannot trivially encode the paper password. Those in the know understand that you need to append “BoomShakalaka”, replace “A” with “Q”, or some other super simple modification to what is recorded.
Maybe the NSA would be willing to brute force the infinite variations from that starting seed, but it is still effectively locked for mortals.
3 replies →
Alternative - my partner and I (and also two other close contacts) have password managers that contain each of the other one's secret. This was less an effort to help with the memory loss scenario and more of an effort to deal with death and access to services (especially to cease subscriptions and the like).
In a lower trust scenario you could probably use a lawyer as a broker of the secret (potentially even as part of a will).
Password managers like bitwarden also have emergency access features which can do this, with the caveat of trusting them to enforce the requirement of access only being granted after a notification to the account holder is not denied in some time period (but unlike the lawyer you're not trusting them with the secret directly)
Apple has this thing called Legacy Contact which allows the same but then built in to the whole Apple account. This includes devices as well as the iCloud ~~and attached keychains. Granted, it is another hoop to jump through compared to presharing keys with each other.~~
It would be nice if your Apple account could be unlocked with some other keys as well apart from the primary one, but I guess that is what Apple calls the “Legacy Contact Key”.
Edit: okay so the keychain is excluded from this. So back to storing each others passwords in eachothers keychain…
I didn't know about bit warden doing this until today! I definitely have to look closer into it, been using 1password for more than a decade and I keep being disappointed. I'd definitely like off-sourcing this to someone instead of building it myself
So if you and your partner die, whoever is part of your family is fck.
Bitwarden allows a quite large number of emergency contacts.
There are two rules: 1. You need to be a paying customer when setting up. 2. The other person needs to have a Bitwarden account.
this is honestly a very pragmatic solution. the amount of life-long relationships i've seen vanish overnight has got me to reconsider my choices when it comes to single points of failure.
I like the idea of the lawyer, unlike normal people, they like sticking to their promises.
In general whatever kind of backup plan you have for when you die could also work in this scenario, you may just need to think harder about anything that you do not want have revealed when you die.
sometimes simpler is the best. I am always on the move so vaults don't jive well with me. my concern would be for something to still happen to it, too. I'm trying to go by the principle of not putting all my eggs on one basket.
I'd advise sharing that knowledge with one trusted person outside your household too, especially if you and your partner have dependants.