[HN Gopher] Ask HN: Have you set up a procedure to disclose your...
___________________________________________________________________
Ask HN: Have you set up a procedure to disclose your passwords in
case of death?
After coming back from my home country where the insecurity is a
big part of the daily life (armed robbery, kidnapping, murder), I
started thinking of what would happen if something happened to me
and how would I be able to ease the burden on my love ones to
manage my digital assets (cancel subscriptions, keep my digital
libraries, etc). So I ask: do you have a procedure in place to
grant or transfer access in case of death? My first idea would be
using a password manager for everything, list every device used for
2SA and confine within my will a master password.
Author : bsjaux628
Score : 149 points
Date : 2022-10-31 18:02 UTC (4 hours ago)
| lostcolony wrote:
| Lastpass has this as a built in feature for at least their family
| plan. You can set another account to be an emergency access
| account. The owner of that account can initiate a request for
| access to your passwords. You'll get an email informing you of
| the request, and you have a configurable amount of time to reject
| it. Failure to do so will lead to them getting access to your
| vault.
|
| Not sure the security mechanics involved that allow for it, but
| it seemed like a very neat product for this very thing (and I've
| added requesting access to the death checklist I gave to my
| wife), since it means I'm not having to provide my password to
| anyone (or even get it out of my head and enclose it somewhere
| physical), but my wife can still get access to it in the event of
| my death (or my being incapacitated for a sufficiently long
| period of time that she needs it).
| StanislavPetrov wrote:
| No, I want all my accounts to be forever lost when I die!
| gwencoraluna wrote:
| Hi, last month I have discovered, Legapass, a French startup who
| solve this problem. I use Legapass to secure the transmission of
| my digital assets and even more my cryptocurrencies.
| jedberg wrote:
| My master password is written down in a sealed envelope, which
| has been placed in a secret place that my wife knows (but always
| forgets). My lawyer has a sealed envelope with the location of
| the secret place, and my will has instructions to give that
| envelope to my wife (in case she forgets the secret place, which
| is often). The will also says who gets ownership of the secret
| place and the envelope in the case with both die together.
|
| When my kids get older they'll move to the top of the access list
| for the envelope with the location of the secret place and
| ownership of said place.
| hinata08 wrote:
| Why don't you encrypt your password twice, give the resulting
| file or string to both of them, replicated twice or more ?
|
| And each one of them has the password for one of the two
| encryption layers ?
|
| This way it won't get lost.
| jedberg wrote:
| My family isn't that technically savvy and would probably
| require help with the decryption, but I'd be dead.
| layer8 wrote:
| There's probably a way to low-tech it by printing half of
| each password glyph (with a suitably ambiguous design) on
| transparent slides that you need to overlay with each other
| to be able to read the password.
| hinata08 wrote:
| oh, that's a good point, indeed.
|
| I didn't factor in the technical ability of my relatives. I
| guess I should.
| ska wrote:
| > I guess I should.
|
| Not just technical ability, but state of mind etc.
| Anything needed quickly (not everyone will have such)
| should be straightforwardly accessible by someone who is
| both distracted and busy.
| hinata08 wrote:
| I used to sort my data into organised archives on USB
| HDDs, until I went to college.
|
| Then I found it time consuming and began to just dump
| home folders and SD cards onto SATA HDDs for back ups
|
| And now I haven't even done back ups since I began to
| work.
|
| Tagging some USB stuff would be the most straightforward
| for them, I guess. A bit like a "play me if I don't come
| back" VHS as seen in movies.
|
| And I would include the letters to unsubscribe to
| everything, and GDPR requests to delete my data as
| mentioned by the creator of the thread in
|
| >So I ask: do you have a procedure in place to grant or
| transfer access in case of death?
| onychomys wrote:
| Gonna suck if you die in a house fire that also burns up that
| sealed envelope, though.
| poisonborz wrote:
| The self-hostable Bitwarden server also has this functionality.
|
| https://bitwarden.com/help/emergency-access/
| ubermonkey wrote:
| I have.
|
| I had most of this done already, but about a year ago a friend of
| mine -- very healthy! younger than me! -- literally dropped dead.
| It was a bolt from the blue, for sure, and the trouble that
| followed for his widow was a wake-up call.
|
| For some reason, he and his wife weren't on a "family" plan with
| Apple, which meant, from Apple's POV, they were just two
| customers, and lawyer letters and whatnot would be required to
| get her access to even his pictures on the phone.
|
| Apple NOW has a feature that allows you to nominate a "digital
| legacy contact" for your Apple data. If you're on iOS, I
| RECOMMEND IN THE STRONGEST POSSIBLE TERMS THAT YOU CONFIGURE THIS
| IMMEDIATELY.
|
| https://support.apple.com/en-us/HT208510
|
| As for the rest of my digital life, everything is in a password
| manager, and my wife understands that the master password for
| said vault is in the safe.
| GGO wrote:
| How do you protect against government accessing your safe,
| getting your master password and accessing all your digital
| files. If I am not mistaken, Fifth Amendment protects one from
| incriminating themselves by giving up their own password, but
| in your case they just need to confiscate and open your safe.
| whatatita wrote:
| > How do you protect against government
|
| In general; you don't. If the gov. wants to make you do
| something, you're going to have to do it. In many western
| countries, that's only a vague threat, an many others it's a
| lot more real.
|
| Theoretically, you could have two components to the password:
| something long and random that is written down, and something
| easily remembered and personal. A special moment, a place, an
| anniversary only the two of you would know, etc.
| firecall wrote:
| Don't keep anything behind that password that the government
| doesn't already have access to!
|
| Government already has access to banking and phone records,
| most online accounts and data from Apple, MS and Google.
| [deleted]
| sib wrote:
| I prefer to think of the NSA as my cloud backup provider of
| last resort, paid for by my (overly abundant) tax dollars and
| responsive to a FOIA request ;)
|
| /s
| _Algernon_ wrote:
| https://xkcd.com/538/
| rrwo wrote:
| If they get a warrant from a court, they can open the safe.
|
| As the question is about granting access to accounts after
| death, it seems an odd worry. The government is also likely
| to get access to your data from your Google, Facebook, etc.
| If you have a server in the cloud, they can probably go to
| your hosting provider to get physical access.
|
| So unless you have data in secret offshore servers in
| countries that won't cooperate with the US government, then a
| safe is not your weakest link.
| ubermonkey wrote:
| I don't.
|
| If one has something going on such that state-level actors
| might want nefarious / adversarial access, well, one should
| be taking MUCH MORE SERIOUS STEPS about personal digital
| security.
|
| Your "regular everyday normal m _f_ er" (as the song
| apparently incessantly looped on Instagram goes) has no such
| enemies. My personal digital opsec is designed to keep me and
| mine safe from likely threats, and the threats I face are
| pretty banal -- brute force attacks, mostly. I am 100%
| unconcerned about governmental intrusion into my safe to gain
| access to, e.g., my online banking passwords.
| delecti wrote:
| If the feds want your data and are willing to confiscate your
| safe to get it, they can probably get your data without
| confiscating your safe.
| dstick wrote:
| Same here. In fact, I took it one step further and drafted a
| document that outlines all the important business contacts I
| have the she would need to contact in case of my death. To
| liquidate assets, and/or help with keeping the businesses I
| have running. Online services, hosting providers, etc.
| Firmwarrior wrote:
| Man, that's probably the smart way to go.. I just told my
| wife to take my half-assedly secured computer to one of my
| tech friends to break into it
| ubermonkey wrote:
| That's a good idea.
| mikeflstfi wrote:
| I've done the same with taking the password manager approach
| and putting the master password in the safe. I've also place a
| "death envelope" in there that outlines who would need to be
| notified from my employer and other important contacts. We also
| have "safe opening" class every so often.
| butterlesstoast wrote:
| Wow this was quite possibly the most helpful Hacker News
| comment to date.
| modeless wrote:
| Google has Inactive Account Manager, which is a dead man's
| switch for your account. Everyone should set that up too.
| https://support.google.com/accounts/answer/3036546?hl=en
| sinclairX86 wrote:
| Anecdote: I'm the account manager for most family members.
| One day my sister was angry with me, removed me as the
| account manager, and some months later locked herself out of
| her account after having trashed her phone and forgot her
| password.
| w_for_wumbo wrote:
| I like that they have this, it means if I ever go missing
| unexpectedly that there'll be someone who can access my last
| known location, and access to social media comms to
| understand why.
| diamondap wrote:
| Yes. Password manager with all essential entries shared between
| spouses. Plus a written document describing how to get into the
| password manager should we both go. We shared the location of the
| document with key people.
|
| Still, there's probably more we could do, and a number of bases
| left uncovered. For example, we each have a number of monthly
| subscriptions that are auto-drafted but won't need to continue
| after death. We should identify those and have cancellation
| plans.
|
| Plus we both have lots of crap, and possibly some important in
| various online/cloud storage services. Even with password access,
| it would be hard for survivors to know what to look at and why.
|
| And then there are the accounts with two-factor auth. What if one
| of us goes with our phone? Oy!
| NamTaf wrote:
| No.
|
| Things that really matter (banks, etc.) have well-established
| next-of-kin processes. You can cause problems if you subvert
| them, as there's processes to go through to prove who might have
| claim to the estate and if necessary divide it between multiple
| parties. Similarly, subscriptions will just bounce once you
| inform the banks of the death and they freeze further
| transactions as part of said process. In my experience, your next
| of kin don't want to be dealing with cancelling a bunch of
| subscriptions when they're already planning your funeral,
| informing loved ones, etc. - there's already heaps of shit you
| have to consider and it's a very stressful, emotional time.
|
| Giving over passwords implies that you expect someone to log in
| and do something with them, so it's not really important for them
| to have it for these reasons.
|
| Secondly, I doubt any of my next of kin care about e.g. my Steam
| library or my Reddit account. As I've gotten older, I've realised
| that people don't really want to inherit the overwhelming
| majority of your stuff (they have their own stuff). If you think
| someone really does want something in particular, you can have
| that conversation with them specifically, but that's going to be
| very few and far between.
| paranoidrobot wrote:
| > Things that really matter (banks, etc.) have well-established
| next-of-kin processes.
|
| I would say that the exception might be for local/non-cloud
| things - for instance your phone, laptop, NAS, etc.
|
| If you are the controller/admin of data that might be good for
| others to have (family photos/videos/etc) - then setting up
| some process for handing passwords over for that to Next of Kin
| would be good.
|
| As for services, utilities, etc - having literally just been
| through this in the past few weeks, it's incredibly frustrating
| that so many businesses don't have well established and
| functional processes for dealing with accounts owned by the
| deceased.
|
| The executor reached out to the services that needed to be
| terminated with sale of the house, and without fail they all
| screwed up in some dumb way. Most of them keep insisting on
| only being able to talk to the deceased person, even when
| you're the executor of the estate. (And they don't understand
| that, either).
|
| We ended up having to send registered tracked letters to their
| formal mailing addresses for several because of how insistent
| they were on sticking to their "only the account holder can
| make changes" script. Despite them having copies of the death
| certificate, extracts from the will, etc.
| jmathai wrote:
| In case of my death, I want to make it as easy as possible for
| my wife to carry on. Having access to our accounts (which I
| mostly manage) so she can do whatever she needs is a lot more
| important than the well-established processes you mentioned.
| Those processes would have gone to her anyway.
|
| If we both die, then our extended family will have to work
| through the legal system but our will + a lawyer should help
| out a lot.
|
| Edit: To answer the original question - I documented how my
| wife could do this before going on a week long motorcycle ride
| in 2019 :).
| jakub_g wrote:
| The tricky thing is that if no one from family knows you have
| $$$ in Bank Foo, this money can just lie there unclaimed
| forever (until taken by the government after N years).
|
| Even if theoretically those institutions should proactively
| search for deceased owners' heirs in some jurisdictions, I
| wouldn't trust this to happen.
|
| At least listing all banks, stocks accounts & insurances you
| have might be really useful. Just set a yearly reminder to self
| in calendar to send such an email to your closest family
| member.
| hn_user2 wrote:
| I have all the documents and photos shared in iCloud already that
| I want shared. I am fine with everything else being
| irretrievable.
|
| Anything I am proud of has been shared in a shared iCloud Drive.
| Any important documents (life insurance), etc has been shared in
| an iCloud Drive. Any photos I want shared are already in shared
| albums. Financial accounts already have a beneficiary.
| stavros wrote:
| I created https://www.deadmansswitch.net a while ago for this
| purpose, though I wouldn't use any third party app for passwords.
| "The password is printed and hidden in X" is a good message,
| though.
| Apreche wrote:
| As long as they can get into the email, they can eventually get
| into everything else. If there are second factors in the way, I
| have backup codes printed out and stored in a safe location that
| they will be able to access. And this only matters if the
| official facilities, e.g.: Apple Legacy Contact, don't pan out.
| flobosg wrote:
| Related:
|
| * Cheat sheet for if I'm gone -
| https://news.ycombinator.com/item?id=31748553
|
| * What to Do Before You Die: A Tech Checklist -
| https://archive.is/dy81b
| Raidion wrote:
| I just have the computer and emails passwords and my phone pin
| stored in a safe place. I have a few critical MFA codes stored as
| well in case my phone suffers the same fate I do.
|
| Any other important password can be reset from those things and
| discovery of accounts can be done via email and credit card
| statements.
|
| My odds of dying in the next year are remote enough that I don't
| feel the need to get the process perfectly laid out when it
| probably change in the >40+ years I expect to live.
| browningstreet wrote:
| My son has biometric access to my phone. From there, he can do
| everything. It works for me.
|
| My son is the one human who matters the most to me -- there's a
| letter in there for him, too. I add to it periodically.
| cryptonector wrote:
| What if the phone is destroyed or lost or stolen?
| oxfeed65261 wrote:
| At least on an iPhone, biometric access won't work if the phone
| has been powered off, such as due to the battery running out.
| jonas-w wrote:
| On my Samsung, it is probably the same on iPhone, i always
| need to enter my pin/password to be able to unlock it after a
| restart. After that 99% works with Biometric access but some
| things still need the pin/password.
| ASalazarMX wrote:
| As others have said, lock code is safer. iPhones sometimes will
| demand the code instead of biometrics from time to time. Also,
| any app protected with biometrics can be unlocked with the
| code, so the code is the safer bet.
| anonu wrote:
| We need an on blockchain escrow service with smart contracts.
| smegsicle wrote:
| it's the only way to be sure
| jakub_g wrote:
| I didn't do anything with digital things yet, although I've
| created a doc (literally just an email) with "where to look for
| my money just in case":
|
| - insurances
|
| - bank accounts
|
| - stocks
|
| with names of institutions, emails etc.
|
| This is especially tricky since I live abroad in a country whose
| language no one else from my family speaks; so I included some
| links to a list of dual-language lawyers who could potentially
| help handling the cases; plus contact points to a few close
| friends who could be of help too.
| sdevonoes wrote:
| The most important asset I have is my bank account. In case of
| death, wife can take over (the only thing needed from wife is to
| proof she's my wife... so pretty much her ID card and marriage
| papers). That's it. Subscriptions? GitHub account with private
| side projects? Digital libraries? HN account? Email? All of that
| is not that important. If my wife has access to my bank account
| she can either transfer all of it to hers and effectively
| cancelling all my subscriptions or reject individual
| subscriptions manually.
| matwood wrote:
| I agree, but also make sure your life insurance is setup
| properly along with retirement/brokerage/crypto accounts.
|
| I would also suggest things like your primary Google and/or
| Apple account to make sure she ends up with access to photo
| libraries and the like.
|
| After that, most things are less important.
| ja3k wrote:
| A note on photos: If you use Google Photos you can have
| photos with a specific person automatically added to a shared
| album. So my wife can always see every photo I take of her or
| our daughter. I just did it for day to day convenience but
| it'll also come in handy if I pass since she'll have all the
| most important photos already.
|
| Though after seeing this thread I went ahead and just gave
| her access to my photos once I go inactive using this
| service:
| https://support.google.com/accounts/answer/3036546?hl=en
| twobitshifter wrote:
| There is the situation where you and your spouse both die in m
| accident. Depending on whether you have kids you might want a
| Plan B as well.
| jmathai wrote:
| Having a will is the correct Plan B.
|
| It needs to be Plan A, as well. But a shortcut to get access
| to your accounts without having to go through a will and
| lawyer will be appreciated by your wife if only you die.
| darkhorn wrote:
| What if you have children? In Turkey the bank account can be
| taken over only by legal inheritors, and all of them should be
| present together physically at the same time in the bank with a
| document, most of the time obtained from notary, called
| inheritance document (plus a document that shows that there is
| no debt). Inheritors in a normal family are spouse and
| children. Ratio for inheritance for a children and spouse are
| different. Spouse gets most of the inheritance.
| actually_a_dog wrote:
| Yep, 95% of anyone's needs in this regard can be taken care of
| by a spouse or relative, possibly with the aid of a death
| certificate. I highly doubt anyone would be interested in
| taking over most of my digital files.
| fourmajor wrote:
| Yes, I have set this up to give my wife access after 14 days:
| https://www.lastpass.com/features/emergency-access The long delay
| is simply for security purposes so there's not instant access for
| someone who hacks _her_ accounts.
|
| > Give someone you trust access to your vault. When your trusted
| contact requests Emergency Access, you can decline their request
| within the specified waiting period. Otherwise, your vault is
| added to their LastPass account.
| bombcar wrote:
| The _real_ last pass!
| taberiand wrote:
| Are there any technical details of how this works on the
| backend?
|
| I thought LastPass only kept encrypted user data that only the
| master password can decrypt. Would this process mean they keep
| an accessible copy?
|
| I suppose the process could be to encrypt my master password
| with a public key generated by the spouse account (with the
| private key stored in their encrypted bundle), that LastPass
| servers can store and provide on delayed request?
| jaywalk wrote:
| I would imagine it involves something like encrypting _your_
| master password (or more likely some other encryption key
| that won 't change) with _their_ master password as if it
| were anything else they had stored in their account. The
| difference is that it 's blocked by the time delay.
| taberiand wrote:
| I think something like that might be how it's done. I don't
| think they could use the master password directly (at least
| I hope not, wouldn't that mean transmission of a master
| password from the client?), though I suppose they might
| have a mechanism of generating a consistent key pair just
| from the master password.
|
| However it works, I think LastPass should have a technical
| section that describes the mechanism in more detail
| whatatita wrote:
| I believe, when you set this up, they re-encrypt your data
| with the other user's keys so it's never accessible by
| Lastpass.
| taberiand wrote:
| I think the problem with that would be the copy would go
| stale fairly quickly right? I suppose the process could
| make it so the data set is encrypted with all associated
| keys everytime it's uploaded from the client
| selykg wrote:
| Shared key.
|
| You have a key, which encrypts a shared key.
|
| Your spouse has a key, which encrypts the same shared
| key.
|
| Vault is encrypted with the shared key.
|
| Access is controlled separately. But upon successful
| share, their existing key can decrypt the shared key
| which decrypts the vault.
| bryanlarsen wrote:
| Bitwarden has this feature too.
| jacooper wrote:
| Where?
| bryanlarsen wrote:
| https://bitwarden.com/help/emergency-access/
|
| requires premium or self-hosting. But it doesn't expire if
| you stop paying.
| aamoscodes wrote:
| There's a service named Everplans that walks you through
| passwords, important documents, making an end of life plan, other
| stuff. They released a whole book on it that I haven't finished
| yet.
|
| You setup contacts in the app and the contacts confirm they want
| to be involved. They receive a special link (or some other access
| method, I can't remember) and when you die, your contacts can say
| "(person) died, give me access to their information."
|
| A confirmation is sent to the person that setup the account, they
| have a pre-determined amount of time to block the request. If the
| request is ignored the data is released to either some or all
| contacts. It's pretty slick but I would be terrified to start a
| business like that, with something like this you can't just let
| the business go under if things aren't going well.
| rwky wrote:
| I use syncthing to sync a keepass database between my wife's
| laptop and my own. We also have off site backups which she can
| access. If we're both dead then it doesn't matter we've no
| dependants. Where possible our financial accounts are all joint.
| epc wrote:
| I rely on a combination of 1Password and some offline SSDs. Key
| passwords/passphrases are in our shared safe. Nothing is perfect.
| While in theory, in the US at least, your executor should be able
| to gain access to whatever is necessary, in my personal
| experience as a two-time executor companies and organizations are
| rarely prepared to deal with estate issues. It's a lot easier to
| tell my spouse "all of the passwords are here".
|
| Previous related discussion:
| https://news.ycombinator.com/item?id=31027766#31031202
| marginalia_nu wrote:
| I just use the same password everywhere, only a matter of time
| before it is publicly available.
| harrywynn wrote:
| I created https://pingmy.life specifically to email my wife if I
| don't check in after a set period of time. It'll send her a PDF I
| put together with details on how to access the important life
| bits. I'm hoping it doesn't get triggered anytime soon.
| humanistbot wrote:
| Looks like it is down, not great for such a vital service!
| another_devy wrote:
| It got hugged!
| nonameiguess wrote:
| Not really. I'm honestly kind of surprised at the preparation
| some people have put into the expectation they might die soon.
| All of our accounts are joint and I'm not hiding any assets. I
| have pretty sizable life insurance policies that will make her a
| millionaire overnight. If a porn subscription refuses to cancel
| when she shows a death certificate, I'm guessing she can find a
| way to cope. I know she can cancel my debit card all the
| subscriptions charge because I accidentally canceled hers just
| last week. I don't think I have anything I would call a digital
| library. Not really much of a data hoarder. I don't rewatch
| movies much and haven't take photos regularly since 2002 or so,
| and most of those I never bothered to develop, though I actually
| still have the film in a shoebox in the closet if she wants to
| try.
| bombcar wrote:
| One thing to consider, is that even if you have 2FA keys and full
| access to an account and _can_ do things with it, you may be
| illegally doing such after the account-holder 's death.
|
| For example, depending on how your bank account is setup, it may
| be legal for your wife to take money from it while you are alive
| but become illegal after death until probate is complete. The
| reality is nobody cares because 90% of the time the surviving
| spouse gets everything anyway, but it's there.
|
| Check your local laws.
| eastbound wrote:
| This. I have set up automatic wire so my employees receive one
| or two month automatically, but the truth is, it's probably
| illegal for the to receive that money.
|
| Same goes for next of kin's access to my accounts. Uncharted
| territory, but those are assets, and I don't think people
| should be able to peruse assets of a defunct.
| bombcar wrote:
| If you care you could discuss it with a business/estate
| lawyer and setup some sort of a trust - but the complications
| may be not worth it.
|
| It'd only come up in an adversarial inheritance scenario so
| make sure you have a bulletproof will.
| tiku wrote:
| I have made an encrypted USB disk with a manual, then handed my
| parents a part of my key and another part is in my house where
| only they would find it. Also a name of a friend that could help
| them with it etc.
| Decabytes wrote:
| I use a password manager. I regularly remind my wife what the
| passphrase is
| jasonpeacock wrote:
| More importantly, do you have instructions and descriptions of
| everything?
|
| Sure, my wife could access my accounts, but she'll be lost -
| which are important? which can be ignored? What do you do once
| you have access?
|
| Where are all the bank accounts, credit cards, loans, and how are
| they setup w/autopayments & withdrawls?
|
| Ditto for insurance policies, your random toys and tech stuff.
| E.g. what should be done with your random websites/URLs - let
| them expire, archive them, ?
|
| And my social accounts too...
|
| It's not good enough to just go over it together one night, you
| need clear documentation that can be quickly referenced and
| followed during a time of immense stress and grief. And then keep
| those docs updated!
| onychomys wrote:
| It seems a little weird that your wife is so removed from the
| financial side of your setup. Does she really not know where
| your credit accounts are and how much are on them?
| Darkphibre wrote:
| Not the OP, but for my prior relationship my ex _wanted_ to
| be divested of that knowledge. I tried early on to keep them
| abreast of what was going on, but they were "not a numbers
| person," and whenever I tried to explain our complicated
| financial structures and how assets were liquidated and
| passed through various accounts to accomplish large projects
| their eyes glazed over. So, they trusted me to keep us
| solvent, and I made just about any request of theirs happen
| (which sometimes required a _lot_ of juggling).
|
| All relationships are different. :)
| rlayton2 wrote:
| My partner is the same. I have a document that says "here
| is the name of our accountant. I recommend you do X for
| now".
| CommieBobDole wrote:
| No. Nothing that I have protected by a password is of any use or
| interest to anyone but me. When I die, the things that have
| actual value will migrate wherever they're going to via the
| normal legal processes. Anything else will die with me.
| gnfargbl wrote:
| I have the appropriate tarsnap key printed out and stored in a
| physical location known to my loved ones.
|
| They're not particularly keen on the idea of having to type in
| two pages of private key but as I point out, it's both (a) a good
| opportunity to learn about OCR and (b) not my problem.
| stavros wrote:
| OCR doesn't help when you have to find the wrong character in
| two pages of random stuff. QR codes are your friend.
| cperciva wrote:
| That's why the Tarsnap key file format includes a checksum on
| each line, so tarsnap can tell you which line to look for the
| OCR (or typing) error on.
|
| When I was writing this code I wasn't sure if it would ever
| matter but figured "hey, why not..." -- but I've probably had
| a dozen emails since then from users thanking me for
| including those.
| stavros wrote:
| Oh nice, I didn't realize it was a custom format.
| mbreese wrote:
| I came to say the same. I've had long encryptions keys
| printed out as QR codes and it works surprisingly well. You
| can still have the text of the key, but the QR code makes it
| a much easier process.
|
| Especially in a situation where you won't be around to help
| troubleshoot.
| conductr wrote:
| And whoever does help has the keys to the kingdom
| SoftTalker wrote:
| It's not really necessary (though it might be helpful). For
| important accounts (financial, mostly) there will be a policy and
| process for granting access to the estate upon presentation of
| acceptable proof of death.
|
| A credit report will identify any open credit accounts and those
| creditors can also be instructed to provide payoff information
| and close the accounts.
|
| The main thing you will need to handle the death are lots of
| certified copies of the death certificate. One per account,
| generally, and copies/digital scans are not accepted.
| whatatita wrote:
| > A credit report will identify any open credit accounts
|
| In the US, for most traditional assets, sure, but not
| necessarily elsewhere. If you have accounts your
| spouse/partner/next of kin doesn't know about, then you should
| list them somewhere and include that list in your end-of-life
| paperwork.
| cudgy wrote:
| Who cares about the debt? Trust me. The debtors will find your
| estate and if they don't, your dead anyway.
|
| The main area to record would be asset accounts, valuables held
| in safe deposit boxes, files, or secret locations holding
| things like cash, stamps, coins, treasury certificates,
| partnership agreements, titles, deeds, etc.
| SoftTalker wrote:
| Well, if the estate has any assets, the creditors legally
| have a claim. Just makes things smoother and quicker to
| identify all of them up front.
| ErrantX wrote:
| More important is what you want done with it all, or at least
| what it all means.
|
| My wife knows my password already (this is sensible redundancy).
| But she doesn't know what I use or do, or who I might like her to
| tell etc.
|
| So by all means leave your password, but also leave a digital
| "will".
| lyptt wrote:
| I've set up a Legacy Contact with my Apple ID, since that
| provides access to all of my data, with a close friend in the
| event of my death. It was fairly easy to set everything up and I
| just had to provide their email address and send them a document
| produced after the setup was complete.
|
| It's definitely given me peace of mind, as I wouldn't want them
| to be in a situation where my entire digital life was lost to
| them. They would also then be able to close all of my accounts
| and notify others of my passing.
| throwbigdata wrote:
| Consider looking into Shamir's Secret Sharing Scheme.
|
| I am toying with starting an online service/company where users
| would elect a backup group where M of N people in the group can
| unlock the secrets. Use case would be secrets, passwords, Trusts,
| Instructions.
|
| This issue confronted me when we put our living trust docs in our
| safe bit didn't have a good way for our executor to get into the
| safe.
|
| Would any of you use this service? Secure s3/Dropbox with SSSS
| access. Secure online safety deposit box with multiparty
| encryption.
| dvh wrote:
| No. I don't want them to see unfinished projects.
| eastbound wrote:
| "If you're not ashamed when you launch, you've launched too
| late."
| [deleted]
| [deleted]
| dewey wrote:
| I did that recently as a backup measure, 1Password comes with a
| good "emergency kit" that you can print out and store in a safe
| place. It has instructions on how to access the vault and the
| password in plain text.
|
| The big advantage of a password manager that is consumer friendly
| (Like 1Password) is that you can store everything in there
| (documents, passport, notes) and it will be accessible to whoever
| needs access to it. Not some obscure command line knowledge
| necessary.
|
| It is also a lot easier than having hundreds of papers / letters
| in your house. Even if it's not about the security aspect, having
| everything in one place is a big advantage.
| kevinsky wrote:
| Bitwarden has an emergency contact feature if you have a premium
| membership. My wife and our lawyer have emergency access. They
| can request it anytime. If I approve they have access right away
| or if I reject it is denied. If I cannot or do not take action
| access is granted after five days. It's well thought out and a
| nice feature for $10/year https://bitwarden.com/help/emergency-
| access/
| nanomonkey wrote:
| I use Dark Crystal (https://darkcrystal.pw/) to distribute my
| secrets within my social network (scuttlebutt and email mostly).
| It utilizes Shamir's Secret sharing.
| ggm wrote:
| Yes. A password manager and a written document in my successors
| hands with the passphrases for it and the home laptop with
| crypted disk. Plus Google account handover logic with dead man's
| switch, and list of domain and virtual host providers.
| LeoPanthera wrote:
| My husband and I share a 1Password library. We initially toyed
| with the idea of having a separate "shared" library but deciding
| what we did and didn't want to share seemed like a lot of effort
| so now we just share everything.
| codegeek wrote:
| Here is what I am thinking:
|
| - Setup keypassx with all key accounts/passwords
|
| - Setup 2FA on a phone app such as Google Authenticator. Then
| make a backup on another phone (you can copy Authenticator app
| data on another phone easily). Bonus: setup Authy app on a
| desktop as well.
|
| - Record a video of you showing anything critical
|
| - Write down any details that only you know.
|
| -Put all this in a simple HTML/Markdown page and save on an
| encrypted disk and/or S3. For backup, save a copy on a flash
| drive.
|
| - Keep the encryption key and flash drive in a physical locker
| that only is accessible to your spouse (if any) or anyone else
| whom you want to. If you are using a physical 2FA device such as
| Yubikey, then keep a copy in this locker as well.
|
| - Make a Will which explains who/how can access all this if you
| die suddenly.
| nprateem wrote:
| Or just use a password manager as usual but distribute your
| password with shamir split between several trustworthy parties,
| one of whom would be a solicitor or someone like that (along
| with your will)
| throwawaaarrgh wrote:
| Seems a little overkill? 2FA isn't even really necessary if you
| have a password manager. Write down the master passwords on
| some paper, put it with the rest of your documents in a fire
| safe. Access to someone's email account is the biggest thing
| you need anyway since everything can be reset through it.
| Loughla wrote:
| I have. I have a password manager containing everything, with the
| password to that enclosed in my end of life paperwork with the
| lawyer/in the bank vault. My will spells out who is to do what
| with that information.
| martin8412 wrote:
| Absolutely not. Everything dies with me.
| pessimizer wrote:
| I'm only afraid that if I go quickly, I won't be able to
| destroy everything I've written and drawn. If I want people to
| know something of me, I'll present it to them. I'm not looking
| to be mined for content after death and recontextualized.
|
| My passwords and encryption are to enforce that policy
| digitally.
| autotune wrote:
| My dog has likely seen me type in my password at some point, but
| otherwise, no one else gets access even after death.
| hinata08 wrote:
| I think the same
|
| Why would anyone access my Discord account, or my kawaii and
| punk music playlists on Deezer. This quality content goes with
| me into the grave.
|
| OK content is unencrypted on my computer, anyway
| TehShrike wrote:
| Like many others here, I also have a 1Password account shared
| with my wife so she has access to all of our accounts.
|
| Besides that, I have a tag called `after-he-dies` with some
| secure notes in it, including a note that tags every account at a
| bank or investment account where we have money, so that she won't
| risk losing 20k or something because she doesn't know where every
| money account is or whatever.
|
| That tag also includes a note with instructions for how to make
| sure that the accounts that automated bills pull out of don't run
| out of money.
| 7402 wrote:
| Printed list in safe deposit box.
| dontbenebby wrote:
| I am gonna drop my will in the little library thingy with a copy
| of sun tzu later, for now I wanna let kids enjoy the holiday
| without having to wander around some stoner.
|
| (My passphrases will cause a nuclear war if read in open court,
| fuck around and find out, consent matters.)
| xupybd wrote:
| I have printed keys at work. For my personal stuff no I don't.
|
| My fathers friend had a stroke. He was left alive but not able to
| use more than a few words. It was a huge problem trying to make
| arrangements for him. If we'd had even his phone password months
| could have been saved.
| [deleted]
| spiffytech wrote:
| I've set up Bitwarden granting time-delayed emergency access to a
| couple of family members.
|
| I've also left a thumb drive with a Bitwarden export and printed
| paper in a safe place for my family, describing how to access
| everything important.
|
| I trust my family not to abuse that, but if I was less trusting
| I'd look at Samir's Secret Sharing to ensure family members had
| to collaborate to retrieve my sensitive info. Or leave the data
| with a lawyer.
|
| I made sure to pass on my 2FA secrets too.
| chris1993 wrote:
| Yes, I've done this with bitwarden which has the option to grant
| full access after a grace period.
| chrizel wrote:
| I'm using 1Password Family with my partner which provides the
| functionality for defined users to recover all passwords for the
| other user. [^1]
|
| So in case of my death or my partners death, we can recover each
| others passwords.
|
| [^1]: https://support.1password.com/recovery/
___________________________________________________________________
(page generated 2022-10-31 23:00 UTC)