I periodically send my loved ones encrypted copies of my password vault. A copy of the decryption key is stored in my safe-deposit box, which they can access only after I am gone. This lets me update the contents of my password vault without having to visit the bank.
And actually, the safe-deposit box only holds one half of the decryption key. My loved ones have the other half in their respective safe-storage locations. This means a rogue bank employee can’t drill my box and do anything useful with the contents.
The password vault itself is a plaintext file that I decrypt and edit/grep as needed. I use the OpenSSL command-line tool for encryption and decryption. My loved ones either have this installed by default on MacOS, or have a Cygwin installation on Windows with which I have tested the commands. The safe-deposit box contains short and detailed instructions for use for my non-technical loved ones.
I also use the Google Chrome password manager with client-side encryption enabled. Whenever I change any important passwords, I’ll export its contents to my text file password vault.
And actually, the safe-deposit box only holds one half of the decryption key. My loved ones have the other half in their respective safe-storage locations. This means a rogue bank employee can’t drill my box and do anything useful with the contents.
The password vault itself is a plaintext file that I decrypt and edit/grep as needed. I use the OpenSSL command-line tool for encryption and decryption. My loved ones either have this installed by default on MacOS, or have a Cygwin installation on Windows with which I have tested the commands. The safe-deposit box contains short and detailed instructions for use for my non-technical loved ones.
I also use the Google Chrome password manager with client-side encryption enabled. Whenever I change any important passwords, I’ll export its contents to my text file password vault.