A friend of a relative had their house burglarized over a weekend. The burglars took their time and took apart everything, cutting all pictures out of their frames, etc. If a written password existed, they would have found it.
The "give it to an attorney" plan would also worry me, unless I knew exactly who/what/when/where/why/how access was controlled and GUARANTEED (after all, an attorney's system could break down as easily as any other).
> The burglars took their time and took apart everything, cutting all pictures out of their frames, etc. If a written password existed, they would have found it.
That seems astonishingly thorough, as if it must have been targeted? The burglaries I've heard of locally just grab the most reachable items, especially car keys.
> GUARANTEED
The thing with giving it to an attorney is you would have an contract, and I would expect them to explain very clearly what liability they would have in the event of this kind of mistake. I would also expect them to be good at keeping paper secrets in boxes, that's a very traditional practice.
You could probably use Shamir Secret Sharing so you'd need to have k out of n parts to recover the information. Downside is that this complicates what is supposed to be simple.
edit: I see other commenters shared this idea too.
Also true. Slightly weird instruction though :D "Here are 5 keys for 5 people, if something happens to me you'll need any 3 of those keys, then the neighbor kid will be able to help you get the password".
Just give the attorney a sealed printed list of 10,000 numbered passwords. Someone with the passwords won't know what they are for. Even if they can guess that one of them is for your email account and they know your email account, they'll have to try thousands of passwords before they find the right one.
In your house, and maybe with trusted friends, keep the instructions sheet with logins and a reference to the relevant password number. "To access my email account, username is foo@gmail.com and use password #5122 from the password list".
You could also use a simple one-time-pad here to split the password. Generate two alphabetic passwords, one for your attorney and one for a trusted friend. Actual password is these mixed with alphabetic rotation character-by-character (anyone ought to be able to figure out how to do this given a short guide).
Simple, and provably useless to an adversary unless they have both passwords (aside from knowing password length/format with one).
My parents had a break-in as well but they collect all kinds of paper notes and irrelevant stuff, magazines etc. Their documents are organized according to some eldritch principle - it's all there but you'll need some time to find it. The burglars gave up and only took a camera.
Ideally this should be stored at a safety deposit box in that case. There are certainly risks with having this information all in one place like you said.
Unfortunately safe deposit boxes aren't available everywhere - newly built banks often don't have them, and some banks that have them no longer accept new customers. --They're expensive to build and maintain, and they're seen as being in a somewhat grey area with regards to KYC laws.
Having a safe at home is an option, but it needs to be mounted properly to prevent a burglar from being able to simply carry it out and try and access later.
At the end of the day, your best bet is to keep instructions on accessing your data (minus the actual code that is needed) somewhere it can easily be found by your family, and make sure that one or more family members have copies of the code but don't know the full details of where to use it without those instructions.
Cutting paintings from frames allow them to be rolled up and be easily transported (much less obtrusive or easy to spot compared to a picture in a frame). They can then be fenced like other merchandise.
The "give it to an attorney" plan would also worry me, unless I knew exactly who/what/when/where/why/how access was controlled and GUARANTEED (after all, an attorney's system could break down as easily as any other).