Oddbean new post about | logout
mrecheese 🧀 | 11 months ago (raw) | root | parent | reply | flag 
 I keep thinking about this. You said the restoration device would be left with trusted friend(s). So let the friend do the verification. Two keys needed to restore the account. Perhaps two TOTP codes, generated by two yubikeys. The friend won't give their TOTP out if it's not the owner of the account. TOTP lets them verify the person remotely if needed. The account owner goes for their stashed key, friend gives it to them, owner TOTP goes in, friend TOTP goes in, account restored. Tie all these various codes to the account during initial setup.
Vitor Pamplona | 11 months ago (raw) | root | parent | reply | flag 
 We can't let a friend have any roles on the recovery process because that creates legal liability on the friend to keep the information (which is medical) secure. In the US, if a friend has access, the friend must be HIPAA trained and compliant. So, instead, what we want is to use the friend's physical security to host encrypted information that only the owner of the account can decrypt.
mrecheese 🧀 | 11 months ago (raw) | root | parent | reply | flag 
 Ah I see. I didn't realize it was that formal. Dang, biometrics is the way, then. Back to square one.