Good discussion above on key management and the perils of inheritance. This is where my brain has been this weekend too.
I have not decided what I will do insofar as inheritance. It's tough. Because I do like the idea of leaving wealth for my children as an ultimate act of provision as their dad, yet I have seen what unearned wealth does to people. When you can buy all the heroin you want for your whole, shortened life, and are miserable... then why not? On the other hand who they are is primarily dependent on
their actions, not mine. I hope I have raised them moderately well... I certainly have not been perfect.
As to the technical ways of doing this. There are so many catch-22s. ESPECIALLY in the realm of self custody. Ultimately this is part of my reasoning behind why I think "banks" of one kind or another are still useful and needed. But those come with another set of horrible tradeoffs.
OK. Say you leave a seed phrase in a safe deposit box. Well, what if there is a court order for the bank to drill the box? From ANYONE. The government, family that has gone rogue, Craig Wright? Lol.
OK BIP-39 password then. That mitigates that at least somewhat. Then how do you store the password? In your, and your families memories? Scary weak, the human mind. Also what if you want to not reveal that password until it is necessary to avoid some of the "rogue family member scenario". You could back up the password on stainless steel too. Ugh. Now we are trapped in loops of storage. Also now our enemy becomes complexity.The more you do to complicate this whole process the more risk you incur. But if you make it too "simple" then again, risks. Use the same password as the WiFi router that all the family members know? Or some 32 character password like this one:
7=a1m'9?T7G0w5q{^QetXyV08^y7Tk4-
That password has 167 bits of entropy. It would be practically impossible to guess. Also practically impossible to remember. So we have to balance strength with memorability. Or at least ease of storage and retrieval. But if you store your password in the same vault as your seed, what good is it? And yet if you store them in two places now you are 2x as vulnerable to loss. Lose one half of the recipe, and it's as good as having lost all of it. By increasing "geolocation entropy" we are also increasing certain risks, while mitigating others.
Hold on... we are just getting started.
Aha! You might say. Use multisig!
I like it. This method can use "geolocation entropy" to our advantage! Now we can reduce much of our risk by storing our seeds in multiple places. And even if you stored the password WITH the seed (which I do not like, still) an attacker would not be able to get to anything that requires more than 1 key to access.
And yet, this too has some hidden risks. Did you know that you need all of your XPUBs (or zpubs or ypubs) if you are going to use the "x" number of keys in an x of y setup? In other words... There are scenarios where you can have 2 of 3 seeds in a 2 of 3 multisig setup and and be shit out of luck. So, you have to safeguard all of your xpubs as well. So you could store all three x pubs with each seed, but then you have also reduced your security somewhat. Because all an attacker needs in that scenario is two seeds, where if the XPUBs are elsewhere then the attacker cannot access anything with just 2. Now a view only electrum wallet or the like can take care of this. Gives you a way to send coins to storage and also a way to backup your 3 XPUBS. That view only wallet could be encrypted and stored electronically in an email, or USB key etc (This is it's own rabbit hole of risks that I will not go down lol).
Whew, I know. But that's not even all of it. (This is where you will see why I still like Monero)
Because we have another issue we have to consider. Your history on the blockchain.
Say you have a decoy wallet or two. You keep 10% of your holding in one key's address with no BIP39 password. That way when the $9 wrench (seriously.. they are printing shit tons, I do not think a good wrench is $5 even at Harbor Freight anymore) is hanging over your head and you give up your decoy wallet you have to have made sure your story is plausible. That wallet better not have originally held the 90% that was later sent to you "real" address. Because the attacker is not done with the wrench in that case. Going down this path is VERY nasty. You cannot hide a coin's history on the Bitcoin network, so one must go to great lengths to cover their tracks. Coinjoins, or transfers to and from an exchange, or other communal wallet, or certain uses of layer 2 transfers can help here. But this gets REALLY complicated really fast and has it's own costs and tradeoffs.
My advice? If you store an amount of wealth in Bitcoin that you are not comfortable just being lost in case you are injured or killed, then you'd better get to cracking on your strategies sooner, rather than later.
