Slashdot Mirror
Ask Slashdot: How To Securely Share Passwords?
THE_WELL_HUNG_OYSTER writes "My tech-savvy father died suddenly and unexpectedly. He did everything online: bill-pay, banking, eBay sales (and other auction sites), PayPal, investing, etc. When he died, he still had online auctions up for sale, items I had no idea how to fulfill when sold. He still had unprocessed auction refunds, people claiming they returned items and are waiting for a refund. Fortunately, he left Gmail open and logged in when he died, so I was able to configure his account to forward to mine for any future emails he received. He even had his health insurance automatically debited from his checking account (who needs health insurance when they're dead?) I had no way to log into these systems to cancel pending transactions. I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet). Meanwhile, auctions were selling for items I had no idea how to fulfill; debits from his checking account were occurring even though they were irrelevant; etc. You get the idea. How can I share my login credentials with my siblings so they don't have to go through this when I'm gone? I change my passwords every month and never use the same password on more than one site. I don't want my siblings to be able to impersonate me unless I'm dead, so publishing a monthly list to them won't help and would be insecure."
You'll be dead.
I use KeePass with the Firefox plugin.
I am a free slashdotter. I will not be modded, blogged, DRM'd, patented, podcasted or RFID'd. My life is my own.
http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
Give shares to relatives and trusted friends.
Palm trees and 8
I don't think it'll be too hard.
If you keep your passwords securely in a master storage system (IE: KeePass or the like), and keep the master password for that in a physical location that your siblings will be able to get access to in the event of your demise, then they can use that to get access to all the accounts you held.
Think along the lines of those "snap cards" that were in 1980's cold war movies. The sibs have to break it open to get the master password paper, so you know it continues to be secure. There could even be instructions on the paper along with the password.
You can't ever *securely* share your password. The best you could do would be give your password to someone you trust (relative, friend, janitor, etc) and hope they don't abuse your trust ... I guess the best you could do would be make a google doc that you update monthly, but don't update the google doc password. In your will, reveal the google doc password.
Set up a password safe and seal the master password in with your will. Make sure your siblings know how to get access to it.
This has the additional advantage of preventing you from having to memorize your new passwords.
God is imaginary
Use KeePass to manage your passwords, keep your KeePass master password in a safety deposit box.
Write them down.
Leave the sheet of paper in your desk drawer, locked if you're paranoid.
Done.
Call them, give in person, or postal mail on a piece of paper.
Using some kind of password manager, either a third-party service or a local application, would make that kind problem easier to solve.
I keep my passwords in Lastpass (any similar program will do) and then keep the master password in my safe deposit box at the bank.
I also keep a list of all important accounts and sites (banking, etc.) so that whoever it may concern will be able to know where to find what is important.
My wife knows this, and she would then be able to access all relevant accounts, as well as know which accounts are important.
Make it a part of your will. Store your passwords in a physical deposit box and have your relatives be given the key upon your death.
Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).
Alternatively setup a dead man switch.
Otherwise you have to source trust form somewhere.
We had a similar issue when my father passed away. We quickly realized that we could easily pretend to be him, just tell people his SSN and other personal information, and we were able to handle nearly every circumstance. It was an eye opening experience just how easy it is to pretend to be someone else. This was about 7 years ago so things may be different. I assume that you can still get away with it more often than not.
What we did was get his personal information, spread it out on the table, and then call up the institution. When they asked a question it was a simple matter of looking up the information as necessary.
Buy an Ironkey, keep all your user login creds in that device's credential manager and share the Ironkey's creds with your chosen next of kin or what have you.
How about keeping your passwords "locally" at your house, so upon your death, they can get to them *in* your house? You could keep them somewhere locked, where your siblings wouldn't normally be into. But, when they needed them, they could login to your computer and have the passwords nearby?
I know people that keep their passwords in software "lockers" that require a master password, but then all of the passwords are there. Even if this were an online service, you could keep the master password to yourself until you died, but then have it written down (or something) in the house.
My father-in-law has a bunch of important papers in his house, in a folder labeled, "when I die," so we can access everything. Life insurance, etc., but you could keep your master password there with those important documents.
Place your passwords into a secure repository (like KeePass) and keep it updated. Give the password to the repository and other containers (I keep my KeePass in a TrueCrypt container) to someone you trust to execute when you die. An attorney. A trusted friend. Etc.
If required, make the password a two-part thing and give each part to different people.
I have something like this in place:
Use a password management tool (e.g. 1Password) which has your different accounts/credentials.
Prepare a document (e.g. will) that will disclose the password management tool's master password to your next of kin or designated executor.
In addition, I prepared a list of 'emergency documents' that contains all the pertinent info I have (passports, social security numbers, tax documents, etc) in both electronic and paper forms.
It's a convenience for me that I have access to all of this at my finger tips, but I imagine it would be a great convenience / time-saver for what is already a trying and difficult time.
On Android, there's an app called 'Pocket' that can store all kinds of information (passwords, SSN, credit card numbers, insurance numbers, license plates, etc). It's AES-256 encrypted, for what its worth, and can sync across devices. My wife and I use it to keep track of all our information.
Have an encrypted list of your passwords available, and give the passphrase to your lawyer to be given to your family upon your death (or store it in safety deposit box and give key to lawyer, anything like that).
As long as you use the same passphrase whenever you update your list, there shouldn't be any issues.
Check this Wikipedia article
It contains a list of services you can use to "inherit" your personal info when you die.
Lastpass - and a sealed envelope with your master password.
Or, last pass and share passwords you can allow.
While Last pass is likely to vanish after x years, there will be some similar solution in the future.
The sealed envelope is pretty good, provided you can leave it somewhere someone else [and not everyone else] can get to it.
-Greg
give a sealed envelope with a lastpass one-time password in it to one relative,
give a sealed envelope with a copy of the grid (2nd factor of authentication) to a second relative.
Tell them together they can access the LastPass account if you die.
Since your passwords change so often, it wouldn't really help to put it in your will. You could however have a master file with all of your passwords that is encrypted and updated monthly. The encryption key for that could be with your lawyer who handles your will, trusted sibling who will be the executor, etc. They would have the password, but keep the file on a thumb drive or some other device in your possession. To be more secure, you could keep the device with the encrypted file in a safe deposit box. They will then need to take a death certificate and proof of executorship to the bank to get into the box. That way they won't have easy access to the device until after you are gone. Just need to go over it beforehand with whoever is going to handle it for you.
...and a place for paper, pen, filesafe, key.
Geeks like to think that they can ignore politics, you can leave politics alone, but politics won't leave you alone.-rms
Have a standing arrangement with your lawyer - send him a letter every month with instructions that the letter is only to be opened in the event of your death and to destroy the previous month's letter. The letter of course contains all the passwords and a list of people the list of passwords is to be given to. He'll probably charge you a monthly fee for the service.
If that's too expensive, I'm sure a PO Box is cheaper, and leave the key with your spouse/siblings.
Set up a series of convoluted and ambiguous riddles and puzzles to lead your survivors on a wild adventure to recover your secret code.
s/[stupid comments]/[intelligent discourse]/gi
There are still a couple uses for a physical bank aside from notary service...
Rent a tiny bank safe deposit box for about 10 years prepaid. It doesn't cost very much, although I suppose it depends on local competition and your income level... Place copies of relevant documents in safe deposit box. Along with some silver and gold coins, unused but valuable jewelry, etc. Certified copies of birth cert, photocopies of documents like passport, etc.
Make sure all the details of the deposit box are in your will.
If you're going biometric / 2-factor, luckily for you biometrics are easily faked, cannot be changed and are extremely insecure, so a fingerprint will do, an outline of your hand will do, retina picture will do. You don't need to actually put an eye or finger in the safe deposit box.
"Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
Lets go with simple, because tech can fail.
Put a list in a sealed envelope in your bank safety deposit box and tell them it's there (and if you can't wait for them to get the death certificate, put someone you trust as a key holder). You could save trips by pre-determining them a year in advance, so you only have to go once every 11 or 12 months.
You could make it a little easier to accomplish regularly, by using a fire safe, somewhere in you house.
You could give a piece of the passwords to each of your siblings, so that two or more have to get together.
If you're going to keep your passwords, or a master password, in the house, then you probably should invest in a fireproof, waterproof safe and keep it in there. Otherwise there's a small, but not-zero, chance, that if the reason you die is a fire or flood, the password might be lost with you.
I'm thinking I'm going to keep a local copy in a safe, and maybe give a copy to an estate lawyer or something to hold in trust until I die. That way, hopefully one of the two copies will survive.
I keep all my passwords on my phone in an encrypted database. The people that matter know my master password on that database, but they don't (currently) have physical access to my phone. That will change after I'm gone.
Ignorance killed the cat. Curiosity was framed.
Check out these possibilities: http://mylifescoop.com/featured-stories/2010/10/7-resources-for-handling-digital-life-after-death.html
If you wanted to control your passwords yourself you could store your accounts/passwords in a KeePass database. Use http://www.greatgoodbye.com/ to send an email with your password to the KeePass database to your trusted siblings. You could store your KeePass database in dropbox and share it with your family members (it's encrypted with AES) so it would be secure. The only way anyone would access your accounts is with the password, obviously.
Use a single email account for the purpose of account and password recovery. Post the account and password on a yellow sticky note and/or will that information somewhere. Then, all they have to do is the "Forgot Password" thing and they will gain access to everything else.
5000 mechanisms exist.. You're just pissed that he didn't plan ahead the same way your siblings will whine when you forget to include the password to your My Little Pony collectibles site or whatever other oversight you're going to forget.
It's not a technical problem, it's an implementation one.
If that's not techy enough, what about a secret key attached to your will, and encrypting the latest password with the associated public key? Store in some (electronic) box the will knows where to find. That sort of thing.
My wife and I both have written down our most commonly used passwords including our OSX Keychain passwords. These go into an envelope which has our signatures over the seal and then placed in a lockbox. If someone happened one either/both of us the details on these passwords are in our wills.
You could try something like:
(Alternately, this could be something a lawyer could help with -- something like holding passwords in trust, only to be given up in the event of X, Y, Z...)
Yes, it's a pain in the ass. But it would work, and it would mean your executor/spouse/etc would only have one set of people to convince that you're dead.
Carousel is a lie!
This isn't a difficult problem.
Print them out and put that piece of paper where you have all the other "if I die" pieces of paper. For example, your will, insurance policies, titles/deeds to any real property.
For example, a bank safe deposit box or on file with your lawyer if you have one. Just for geek sake, I also have digital scans in PDF form of every one of those pieces of paper. They're burned to a CD and kept in a small fireproof safe in my house.
In the event of a "bug out" emergency, I grab the small safe (really a lockbox) and go. Both my wife and I have keys to it, and all my adult kids know where to get the keys if needed. (Hell, even the 3 year old knows -- which has presented problems a couple times when he flushed one set of keys. But, that is a different story.)
Learning HOW to think is more important than learning WHAT to think.
1) Create a secret key (not public key).
2) Encrypt the secret key with a strong passphrase (50 to 70 random characters).
3) Create a password file, and encrypt it with the key from (1).
4) Distribute the encrypted password file from (3) each month to your siblings via email.
5) One time only, share the passphrase from (2) with your siblings using the following:
http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing
In short, you can pick how many of them must collaborate to get the passphrase out. If you really don't trust them, get a lawyer to hold a key number of shares to meet the threshold (see the link) and retain said lawyer with instructions in your last will and testament.
This can also act as a method for recovering all your passwords in the event of a disaster (up to an including nearly an ELE).
Debian has a package with an implementation called 'ssss'.
Just use the same password. No one wants to have to run a cracker to gain access to your system anyway.
My mom wanted to get into their Morningstar account and didn't have the password. I called and explained the situation -- basically that her husband was deceased and she needed the password, and I said I'd call on her behalf. What steps do I need to take to get it? The rest of the conversation:
Operator: "What's the username he has the account under?"
Me: "Uh, billsmith2222 is the username."
Operator: "OK, let's see... looks like the password is Sarajane. The 'S' is uppercase."
Me: -- Stunned silence --- "Thanks?"
I was glad it went so quick, as I had expected to have to send a death cert and jump through god knows what other hoops, but it freaked me out how casually they gave it to me. I mean, I didn't do anything to verify that I was even any relation to the account. All I had was the username. Obviously someone was new, disgruntled, or just plain stupid, but it worked in my favor for once.
Sweet informative mod.
I use a simple mnemonic password formula that incorporates the name of whatever I'm securing with the password. For example each websites password will use some characters from its URL, so it is then unique and I don't have to memorize a thousand of them.
If you really want to be secure, keep an encrypted file with a list of all your passwords and account information. Put the password (or decryption key) in a safe deposit box, and leave instructions in your will on how to access the relevant information.
On a similar, but related topic...
How do I ensure all the pr0n on my computer gets erased after I die so my wife/kids don't find it??
How about something like diffie hellman where you don't exactly share a password, but you arrive at one.
I've posted this previously but I keep thinking it deserves merit:
Dead Man's Switch
Its a project that emails you periodically. If you don't respond it fires off a pre-defined message to a set of individuals you've chosen. Full disclaimer here, I have nothing to do with the project and I have not yet tested it myself but it doesn't seem like a difficult system to set up.... cron job + mail server + port listening app.
This may be useful. Of course it has the same problem of any on-line service you may think of: you will probably outlast it.
I heard Matt Yoder talk about a "Death Envelope" on Pauldotcom Security Weekly. He gave a presentation about it at DefCon. The slides are here.
3 stage affair.
I have a friend let's call him Andrew whose machine I have a log in to. On that machine is a list of instructions of what to do on my death. Andrew does not know this file is on his machine but knows I use his machine for various random things.
Another friend called Brian who knows about this file but does not have access to it. To access the file he'd have to contact Andrew who would login as root and therefore be able to read the file and pass it onto Brian..
As part of these instructions most passwords are on another encrypted file on my local machine which my partner has a login to. The really secure ones are actually hidden at a relative's house - I'm not saying which one though or how but again that information is in the file on Andrew's machine. Andrew however does not have access to that relative's house without asking that relative. Similarly that relative is not going to let a virtual stranger go digging around in their house without good reason.
Now if Brian or Andrew wanted to they would have a fair chance of getting access to some stuff but they would have to both violate the trust I have in them and co-operate in doing so. They would also know where all the other stuff is stored and how to get it. My partner could go digging on my computer and accidentally find the file with my facebook, slashdot etc password in it, however that password file does not have the passwords to the email or banking or anything else. My relatives could discover what i hid at their house but without the information from Brian & Andrew it would mean nothing to them.
The chances of all my friends and relatives having to simultaneously turn against me make me think this is a fairly secure method. No one link in the chain makes it insecure. Much better than any online single password service that I know...
Besides I like the idea that my last act is to get all my friends and relatives together in a cross country treasure hunt!
"The weirdest thing about a mind, is that every answer that you find, is the basis of a brand new cliche" -
"Hide" your passwords in a wordsearch puzzles and have someone pass them out at your funeral. It'll occupy the kids while their parents grieve for you, and by the end, they'll have found all your passwords so your relatives can get in on some of that sweet sweet cash. You'll be remembered for one hell of a funeral!
Me and my wife use ClipperZ as our password storing solution. In my account I have the password to her account and vice versa. In addition we have the master passwords written down and distributed to a friend in case of emergency.
Personally this is what I do.
I have all my passwords and other needed info in a text file that I keep adding to. I rar up that text file into a self-extracting exe which is password protected (with a 16+ character randomly generated password) and doesn't show the file names, and has a non-descript name which no one would guess is passwords.
I have that file on my home computer which no one has access to but myself. I also put copies of that file on 3 different thumb drives. Ones kept on my keys, one is in a firebox and the other is on my desk. I update the file now and then and I back it up in all those locations.
I also print out the list of passwords and put them in the fire box too, the old papers get shredded and tossed into a fire.
I also keep the main password for the file in a few places in pieces so that anyone seeing it would never guess what they mean or what order they are suppose to be in.
Its over kill but I never have to worry about someone getting my passwords accidentally. And yes its as big of a pain as it sounds to do all this, because I also do change my passwords now and then and changing that big of a file is annoying. :)
What is temp is rated for and how long? Is your safe near an edge wall, or in the center of the house where all that burning wood will colapse on top of it and bbq it?
Guns in fireproof safes are ruined to house fires, paper would get chard.
I understand the situation more than most, dad is coming up on two years and left us with the same deal. email accounts, e-trade, online bills. Granted I'm the youngest of the family so what we did was record all important logins in a notebook which lives in a small firesafe. The point of this was so i wouldn't go through a repeat later in life. As for you worried about your siblings impersonating you, I'm not sure if you referring to like Facebook accounts and such or actual broker accounts, which you don't want your siblings cashing out and ruining you financially. Make a list in a secure place and just sit them down and say "look, this is for when I'm not around, not for your amusement" if they take you seriously as an older sibling, they will listen.
I have a "If I die" folder in my filing cabinet, which includes stuff like my will, life insurance info, billing info, bank info...
In addition I started creating a .txt file with important computer information, logins, account info, etc... I put that txt file on a USB drive and put it in the folder. If I change any important account, or password I insert the USB stick, update the txt file and put it back.
My wife also has a folder similar to that. I figured it was a simple way of doing it.
-wondergod-
Actually as far as bank accounts go... I don't think you can legally "pretend" to be a dead person by writing checks in their name or logging in to their back account. In any event you need official death certificate plus will papers to access old accounts. My power of attorney papers expired when my parent did. I had to re-access the accounts as the executor of the will. Continuing a business via Ebay or otherwise is probably fine, as you are acting as an agent of the business not impersonating the deceased.
Also, my condolences, losing a parent unexpectedly is a massive depressing event. The headache added due to all the legal / paperwork stuff the state imposes is not fair. It seems to me that only the truly wealthy can afford to let someone else take care of the paperwork crap and be correctly prepared.
I'm a good cook. I'm a fantastic eater. - Steven Brust
Last pass works great for that. Lastpass.com
One thing is to not allow for any company or organization to regularly automatically debit your account even when alive. It's best to have 100% control over that type of thing at all times. Other than that you'll be dead anyway, so you shouldn't have anything to worry about.
> I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet)
Then, they were right not to help you. Perhaps you shouldn't be taking such actions until your right to do so has been established
There is a site that will do just that: http://passmywill.com/
Saxtus
Lifehacker recently had an article on a service called "death switch" http://www.deathswitch.com/ Basically it e-mails you asking if you are still alive, if you don't respond back, after 3 e-mails, it sends out the assigned message to who you specified. It does cost $20 a year
and keep them locked in your desk. We do this at home. No one can hack our locked desk drawer without physical access. We can still change our passwords and update the information on our pad which happens to be a cheap and small ledger book from the local office supply store.
No need to make it complicated. It's not that we're that interesting of a target in the first place.
These comments are my own and do not necessarily reflect the views or opinions of my employer or colleagues...
Anything important (bank accounts, real estate, pensions, insurance) will be handled properly and legally when you provide a copy of the death certificate and, in some cases, a copy of the will.
Ebay auctions? Email accounts? Who gives a fuck?
If you want to be nice tell ebay/google/yahoo/ms/whoever that he's dead and an auto-responder stating that fact would be helpful.
Can I haz ur Cred's.
I'll pass them along when your gone!
KTHXBYE!
Sorry but, "Well_Hung_Oyster"? Seriously? (And the filter made me upcap it, nice huh?)
As someone else pointed out, write the passwords down and leave them in your desk drawer. Lock the drawer and make sure your family knows where it is. If you're more paranoid, get a safety deposit box. Once a month put your passwords in the box and make sure your relatives can get access when you pass. Don't make this more complicated than it needs to be.
The second you say "lawyer", you lose (not just money, but time and effort). The guy's objective is to avoid spending time, effort, and money.
In the midst of your situation, it may help to remember you aren't responsible for your father's debts, including any issues with the auctions, sales, returns, etc. Don't fill the orders or accept the returns. Don't deal with it; it's not your problem. You have enough to deal with. If anyone asks you what you're going to do about it, tell them: nothing. Remind them the man they have a contract with is no longer here to honor it.
Sorry to hear about your fathers sudden and unexpected death. My heart goes out to you and your family.
Securely storing passwords isn't that hard. Finding a way for your family to continue a business is very challenging.
In May of this year, I was diagnosed with cancer; I had a week before a severe operation During that week, my wife and I had to make the horrible plans: what if I die on the operating table? What if I'm unable to leave the hospital for the next 6 months?
Some stuff is obvious: Get to an competent probate lawyer to make a proper will. She also set up durable powers of attorney, medical life/death forms, put the house into joint custody, set up simple trust for the kids.
I run a small business from my home; it takes in about $100,000 per year, of which $40,000 is profit. There's an inventory, as well as a homebrew invoicing system to handle each order. Paypal, credit cards, commercial bank accounts.
Problems were compounded by my technophobic wife - she needs help to log in to see the bank balances. And oh, but we have plenty of those - probably 10 accounts at two banks. Plus retirement accounts & IRA's & Keoghs.
I wrote down every account & password. Dozens of 'em. Photocopied the sheet & put one copy in the family photo album. Main thing was to say what each account was used for (and under what circumstances you should go there) Plenty of accounts are I accessed only once a year (Tax time!). The hard part was teaching my wife (and trusted 15 year old son) how/when to access various accounts & websites. For example, the business website is built on dreamweaver, hosted at one site, the orders flow through site2, and the actual invoices are done at home in Filemaker. My son knows the business, but it's a pretty complex layout, with 15 years of cruft and byterot.
It was very important to catalog what was valuable (three domain names up for renewal in 2016) and what wasn't (boxes of receipts, electronics gear, and disk backups)
I learned that my wife simply couldn't deal with the complex online system that I'd built. With a month of training, my son could, but he saw little value in the online business. Worse, he was in denial: "Dad, you aren't going to die, the doctors will fix you up"
Then there's the open-source software that I work on. What do I do with my half-baked code? How do I close up things at Git Hub? How do I tell someone my plans? (this is easy - just toss it out)
We think that the safe storage of passwords is difficult. Nope - the hard problem is finding someone who can take over from where you leave off. It's the nature of mortality.
Keep your passwords in kepass, on your phone, computer, wherever. In fact, I have my phone automatically rsync'd to my server and tablet to give the best chance of survival. (Try doing that on an iPhone.) Have the master code to get in stored in a safe deposit box. Since it isn't a password you use anywhere else, no need to change it monthly.
=================
Unix is very user friendly, it's just picky about who its friends are.
Write down everything you want to share on a piece of paper and seal it in an envelope. Store the envelope with other important documents. Tell your spouse and maybe another family member or close friend of its existence. Every time you update your passwords or other information, shred the old one and make a new one. Envelopes and paper are cheap. If you're extra paranoid, use some method to mark the envelope so you can tell if it has been tampered with, and don't tell anyone.
Obfuscate your list and split it into N pieces. Then N relatives have to work together to violate your privacy or steal your money. Maybe keep the Nth piece in your safety deposit box. No messiness with encryption keys that they won't understand anyway.
Your biggest problem is the monthly password change-up. Your family will probably lose interest in keeping the pieces of random text you send them once a month. Maybe make the old password pieces redeemable for a dime when you give them a new one? That would give them an immediate incentive to hold on to a seemingly meaningless piece of paper/data file.
No idea how it is where you live, but where I live it isn't your account to change. Not until somebody else says so.
I could not even get to the safe where my parents keep their papers if they died or get to the bank accounts till they are assigned to me.
Why would it be different with online things?
What _you_ could do is see to it that your will includes all the websites, so the people who inherit whatever you leave behind will be able to do so legally with the help of the company.
So you do the same with your online stuff as you do with your offline stuff: put it in your will.
Don't fight for your country, if your country does not fight for you.
the original and best dead mans switch
Sorry about your father dying so suddenly.
Dilute! Dilute! OK!
Put the passwords in a sealed envelope known to a few specific family members. Probably near the will. You can tell if it has been accessed... To further the scheme you can let them verbally know that the password is scrambled in some manner such as "Last 4 chars are in reverse order" or similar. The fact it is offline protects it from anything except for direct physical access by someone who already knows it exists and it keeps it under your physical control until you aren't there.
Keep a list of updated passwords in your wallet.
I'm sure someone will go though your wallet when you die.
Don't know something? Look it up. Still don't know? Then ask.
Since I didn't see any yet posted, I just wanted to express my warmest condolences for the loss of your father.
I lost mine three years ago and I am glad he took all his dark secrets with him.
Frankly, if you can't trust your siblings to not impersonate you while you're alive, what makes you think you'll be able to rely on them when you're dead? The tasks you're describing following your farm purchase are typically handled by whoever you name as your executor. Failing that, it's your spouse, your closest relative, or, as a last resort, a disinterested third party referred to as an "administrator of the estate". That person then has the legal authority to demand access to your accounts. It takes time, and doubtless numerous faxes, but that's how it goes.
All you need to name someone an executor is a piece of paper stating same and witnessed by a notary. In some cases, if your spouse is your executor, you can give them power of attorney (limited to a given account) by just faxing a signed piece of paper, no witness necessary. It depends on the company, but I know that Bank of America only requires a signed statement, not a notarized document.
Your other option is to pick someone that you trust, and tell them your passwords (or reset information). If you don't trust anyone to the extent that you'd give them that information, why are you worried about leaving them with bills and so forth? F 'em.
This unbiased moderation brought to you by the Porcine Aviation Group!
give encrypted files to siblings. give private keys to trusted friend(s).
Join the Slashcott! Feb 10 thru Feb 17!
So it's a dead man's switch, with a 90 day delay (in case you are only temporarily out of commission but not yet dead). As soon as you stop updating it, the password becomes the one that will be at the bottom of the list in three months (and will move off the bottom in four).
Note that this scheme is not meant to protect against criminals, governments, or other unsavory types (including priests, rabbis, meddling kids with a dog in a stoner van), only against your loved ones discovering it prematurely.
Note to USPTO: I consider this post to represent prior art to any invention claiming ownership of any idea expressed within. Take out the big red X stamp and mark (Apple|Microsoft|Google)'s patent application with it NOW.
Given that your minimum requirements are 1) having different passwords for each site, and 2) changing them once a month, it's probably a good idea to have an algorithm that allows you to come up with your password. The algorithm could take the name of the company/website and the current month (or month & year....something time-related) as inputs, do "something" with them (jumble, transpose, use your Little Orphan Annie Secret Decoder Ring, etc) to get your password. You can also factor in rules for putting numbers, symbols, uppercase, etc. It just has to be consistent. Now all you have to do is protect the algorithm, not the individual passwords. The algorithm can be written down and put in a safe deposit box.
Using an algorithm can eliminate the need to write down passwords, unless your algorithm is so convoluted that you can't calculate it in your head. If you suspect that your algorithm has been compromised, just change it. Granted, websites have varying requirements (some take symbols, some don't), so it's not perfect.
I had a similar situation when I went traveling for a year. I created a message containing all my passwords and xor'ed it with 5 keys. Then set out each unique key to a person I trusted. Here is the code:
http://pastebin.com/8vtdGeBS
I have a file system structure called ~/details, within that I have directories for things, such as ebay, amazon etc. All login details are stored in files which are encrypted with gpg to myself and to my wife. Should I die, she knows already how to access the data. Other things can be encrypted to a key that you give your solicitors, they can read them when you die. Works for me, I'm already dead.
Why UNIX?
I went through something like this a couple of years ago when my father passed away. He had online accounts, bills and so on. In most cases you are stuck. Banks are very fussy about executorship and won't help until you get it. And if you access an account after the death date you can get into trouble, so be careful.
You may be able to get some accounts frozen by sending the death certificate. Banks are generally ok about that.
As far as the auctions, try calling the customer service line of the auction. I am sure that you are not the first that this has happened to.
In most cases whoever ends up as executor will have to write letters to people that were paid stuff that was not appropriate like insurance after your fathers death.
There are some things that will go on for a very long time afterwards. Like political junk mail.
Remember that you are not personally responsible for the debts. The estate is.
Don't leave it in your will.
First, the Will will not be read for a while - sometime weeks - after the death. So if you want something with a quick turn around time (like e-Bay) then don't.
Second, a Will is a public document - which maans anybody can get ahold of it. Another issue.
In most cases leaving instructions with your trusted lawyer should be sufficent - unless you are truely paranoid. (and considering this is /. ....)
You hear stories about carelessness in maintaining passwords: they're easily guessable, or they're written on a piece of paper stuck to the back of the monitor, that kind of thing. One has to do a cost-benefit analysis on how secure/paranoid one wants to be, the more secure, the more inconvenient and expensive. However, it sounds like, in this particular situation, the passwords could be written on something that looks like something else, a bunch of telephone numbers or laundry list or other 'back of the envelope' kind of document and kept in a semi secure place like a locked drawer of a desk. You could tell your siblings about it verbally, but they wouldn't easily break in to get to the paper while you're alive and healthy. Some posters have mentioned subpoenas. The original question didn't mention concern on that point, but I suppose if everybody was closed mouth about it, the law wouldn't know enough to issue a subpoena until the relatives actually started using those passwords, in which case there's nothing to be done about it anyway.
In theory, theory and practice are the same; in practice they're different. (Yogi Berra & A. Einstein)
I have found it impossible to keep a printed password list up to date.
1) Keep passwords in an encrypted file. Change them whenever you want.
2) Distribute encrypted file as needed for backup and authorized access. (e.g. wife knows where to access the current encrypted file, and on any password change push the encrypted file to each family member/trustee in order 1) to have a current offsite backup, 2) so they have the file.)
3) The final step is to keep the encryption key for that file on paper, in a sealed envelope, where it is accessible, and access is detectable. If you change the encryption key, create a new sealed envelope. If an envelope is compromised, change all passwords and the encryption key. For example, you might keep redundant envelopes in a safe at home, in a joint safe deposit box (beware: a single-owner safe deposit box is sealed upon death of the owner pending probate), and with your will at your attorney.
By replicating the above steps as desired you can partition your password storage however you desire in order to accommodate different levels of trust among your trustees.
By using a loosely structured plain-text file I can also keep other important information there -- list of financial accounts/assets, important serial numbers, key contacts, ...
You might want to include in your envelope(s) a page of instructions on how to access and decrypt the file. Tailor the instructions to the level of your audience, or at the very least such that a person reasonably skilled could follow them to decrypt your passwords.
Condolences for your loss.
Unfortunately many companies do not have good procedures in place to handle the death of a customer, adding frustration to an already unhappy time. However, it is the good ones who do require the death certificate.
You need to be executor in order to settle his affairs. These companies asking for death certificates aren't just doing it for their own security purposes. They are legally required to act only on instruction from your father or someone he has expressly authorised them to recognise as an agent (an executor is a form of agent that everyone is obliged to recognise).
There are many reasons for this. There are related frauds committed against people still alive, and frauds against the deceased. Families squabble a lot over these and related matters so the institutions rightfully want to ensure they deal with the appointed person. Even with the best of intentions, the deceased may have wanted someone specific to settle their affairs and the particular person might not be it.
As regards you personally, record passwords in an encrypted file, Keypass or whatever, and leave your lawyer with instructions and a sealed envelope containing the password to your encrypted file. Alternately use a safety deposit box, the bank is usually the first place anyone goes with the death certificates and they will advise of the box - however they charge an annual fee.
More importantly, arrange your will and set who will be executor while you're at your lawyer.
Bury the master password in a box. Leave a treasure map in your will.
Might as well make it fun for someone.
The best advice I can give you is to do what I do: Use a single, central, BillPay system through your bank.
In other words, NEVER let a company "take money from your account". That's out of your control, which is bad.
If someone wants to get paid, you will voluntarily pay them - by check, cash, or online Bill Pay that you set up.
You can even sent up monthly payments - but at least YOU control it, and can turn it off anytime you want.
This way, when you die, someone else can take over your bills more easily - and no money is being taken without that person's permission/control.
Another good thing to do is to write down your most important accounts & passwords, and file them in a safe and secure place,
where your inheritors / spouse knows about and can get to in an emergency.
I pay all the bills at my house. But I made sure to leave a special message that I know my wife would be able to find, in case I'm incapacitated in someway.
Actually she will need the help of one of my computer friends to get to all my passwords; which I documented in the letter I wrote her.
Hopefully she will never have to see it.
Sounds like the system worked as designed. It shouldn't be easy to just declare someone dead and transfer all their accounts over to another person. You actually WANT people to have go through the 'hassle' of getting the death certificate, administering the estate, etc. Death is messy, but it is even messier if the person turns out to still be alive and tries to get their life back. It takes time to sort it out.
I'm not sure why when your father died you didn't just fax the bank the death certificate and have them freeze his accounts like they are supposed to. All the tasks you want to accomplish have prescribed legal methods for accomplishing them. As other people have said, assign an executor or hire an attorney and don't worry about it. If you don't trust your siblings in life, why are trusting them to properly manage your estate?
A contact is a legal agreement between two parties. Living parties. If an auction ends and the seller is dead, no contract is formed. Whether you can convince ebay of that is a different question.
The same principle applies to most other contracts: health insurance is automatically terminated, you just have to tell them that it happened. Messing around with the deceased's credentials is not going to solve the problem, unless it is a trivial matter.
Of course it is worth thinking about those trivial matters, too. Facebook account - could be useful at least to inform some friends. Email is certainly useful, just to monitor what is coming in. I would recommend a sealed envelop in a safe place - and if you are paranoid encrypt it with an agreed one-time pad.
On the WELL_HUNG loss.
Snark has its place, but first, have some simple regard for a man who's lost his Father.
"To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness."
-- Lady Augusta Bracknell
"Flyin' in just a sweet place,
Never been known to fail..."
Check out: https://www.foreveralive.com/
Mothore OUT!
1. Record all your passwords
2. Place them in an envelope.
3. Place the envelope in a spaceworthy, superluminal-drive equipped vessel.
4. Send the vessel close to the event horizon of a black hole
5. Contract with an organization to send a message (via superluminal communications) to the vessel upon your death, ordering it to enter the black hole
6. Give your relatives/interested parties the location of the black hole
7. Have your relatives analyze the Hawking radiation from the black hole to recover the passwords
8. Profit!
No, no, you're not thinking; you're just being logical. --Niels Bohr
Depending on your state, it may be allowable to have language in the will that says, "Refer to this other list that will be in the top lefthand drawer of my work table..." etc. Some states allow you to reference an external document, so don't. Some let you if it is fixed at the same time as the will, some let the list change even after the will is executed. Again, talk to your probate attorney to figure out your best options.
Write them down. Leave the sheet of paper in your desk drawer, locked if you're paranoid. Done.
Write it on paper but put it in a safe deposit box at a bank. If you are concerned about the delay in getting a death certificate to transfer ownership of the box then make your heir/successor a co-owner of the box.
store your passwords some were (say a password protected excel file) then put the password to that system in a sealed envelope that others can find. you can change passwords as often as you want.. you will know if someone opens the envelope (mark it somehow).
I don't depend on hardware (that might fail) or storage media (having any luck with those 5-1/4 floppies, these days?) but protect my list with physical security. I keep a notebook up to date, and store it safely. My trusted next of kin know where it is and how to get it.
And if my hardware fails, I have a backup that can survive flood (been there--notebook data fully rescued) and probably survive fire.
My bank refuses to talk to me about my wife's account. Even with her sitting next to me telling them it is OK. Now when they ask for Jennifer, I say I'm her, in by best husky voice, provide the last 4 of the SSN, and magically I have full access to her account. I mean come on... I'm a 40 year old guy with an unmistakably male voice. How can they possible accept that I'm Jennifer? They don't give a shit about fraud. They just want to be able to tick their little boxes.
No, they are simply being courteous and respecting your choice and privacy regarding gender reassignment. :-)
I keep all my/wife's online password stored in a secure password program. 1password for Mac works really well, but there are many out there for all different type of platforms. Once a week, when I return home from traveling, I backup my password file to my wife's mac, my mac mini server and to a online backup service. I keep the master password to the password file, written down, sealed in a envelop and keep in a 8 hour fireproof rated safe @ my house and a second copy @ my parents place 200 miles away(parents safe is only rated for 1 hour). I also keep two offsite backups of all our digital media (15 years of digital photography, home movies, music, purchased movies, bank records, tax returns,....) One offsite backup is an archival backup on blu-ray disks and the second is a rotating disk based storage system (basically 2 x 4tb disks enclosures that are rotated to an offsite storage location weekly.) Yea, yea... You can say this maybe a little over board. But it is my/wife's disaster recover plan for my online self's and years worth of data and memory's...
You're a dumbass. No wonder you need help.
It doesn't mean much now, it's built for the future.
What about some kind of dead man switch? Like it emails you once a week, and if you fail to respond to the email within (24 hrs) it will send a password file to a designate.
--
$tar -xvf
What you do is take 1 letter of your password (you are using at least a 24-36 character password aren't you?) and go some place foreign, the further away the better. In fact, the more inhospitable the better as well. Bury that letter some place dramatic (water falls, large trees, graves, etc ...) Leave your family members a note in your will with the list of locations (and if you were a nice person in life, leave the locations in the correct order.) Repeat this for all of your passwords (A different one for each site, remember!) You may need to repeat this monthly, or yearly, depending on your password rotation scheme. As an added bonus, have your family film the expedition and make an indie documentary, it will help to cover the cost of your funeral expenses as well as debt incurred spreading the password around.
That should do it.
How about having a law office write up your living; part of what the law office does with your living will is hold onto it (obviously). When you pass, part of the living will is that the information they have will be passed on to the children.
Good ol' days processes still work.
Changing passwords every month seems excessive. I use a different password for every site (banking, eBay, etc.) and keep the master list encrypted with http://www.truecrypt.org/ along with other sensitive info. Every year, I print out the passwords (and fake mother's maiden name, etc.) for most sites on paper and place them in the same envelope as my will, in a strong box / safe in the house.
When I die, whatever is in the TrueCrypt partition and whatever passwords I chose not to print die with me. My family will be able to recover all other account info without problem.
I handle websites for a company that runs pubs and restaurants - luckily I'm the only one who needs the (large number!) of login details on a day-to-day basis, but as a backup I submit a folder with hard copies of them each month. These go directly to a senior manager with the company who stores them in a safe. This, and my own vaguely encrypted version, are the only copies.
As a backup the data center I use for hosting has contact details for the senior manager in question, along with written instructions to allow them access to the accounts should anything happen to me. (Oh, and posting as AC for security too!)
If you're really serious about it, have a password-safe (like, for example, KeePassX). I assume you have some spot where you keep important papers - include a big note there about the password-safe, where to find it, and where people can find the password to open it. Depending on your level of trust, you can put the password with your important papers, or somewhere safer. Just don't put it somewhere so safe that they need a death certificate to get at it, or you're back to square 1.
That said, unexpected death always leaves something of a mess - that's just the way things are.
Enjoy life! This is not a dress rehearsal.
As far as the bank account processing debit transactions, march down to the local bank with a copy of a certified death certificate immediately and freeze the account. Banks have the power to do that in the event of the death of a client. Have done it for years.
As far as the Auctions, IANAL, consult legal counsel, but to the best of my knowledge
Anything unsold at the time of his death is now part of the Estate. If you are the executor of his estate (and have been designated so by a Probate Court) and want to dispose of the items, you could reach out to the winner's of the auctions and see if they still want to complete the transaction. Otherwise, the winners have a contract with a dead man. IOW, no sale. People demanding refunds will have to file claims with the appropriate probate court against the Estate for those refunds.
Just because you have access doesn't mean you are allowed to. Take eBay for instance, once the seller passes away, the ownership of the item being sold transfers to someone else (and that's not necessarily the closest or only remaining relative). So even if you could finish the transaction and ship the item, you might very well break the law. Same goes for any other accounts such as PayPal. As for insurances and other services, you will have to contact them anyway once you have a death certificate and they will refund you any outstanding balances.
Done.
Show me packet captures and log entires, or it never happened.
I stay away from this as much as possible. Why should I let companies take my money as fast as they can. I like the idea of letting the money sit for a few days collecting interest and upping my daily avg the bank sees in my account.
In firefox: Tools > Options > Passwords > Show Passwords > Show Passwords.
Isn't that how everyone remembers their passwords?
Put all your passwords and other data in a file. Encrypt it with your lawyer's and family members' public keys. Attach it to your will. Now they can only decrypt it together. Update it periodically with the changes.
With a free account it only allows you to share with one other person, which isn't ideal for your use case -- though I suppose you could always just share the passpack login credentials.
Passpack is very convenient because it's browser-based, but security is supposed to be pretty good because it's all encrypted on the client before being sent to the server, so passpack never has enough information to be able to recover your passwords. I haven't verified the code, but the architecture looks very well thought-out from a security perspective. Sharing is done by first generating public/private keypairs for both participants and then encrypting the shared keys with the recipient's public key (well, that's the gist; the details are more complex). That stuff is all mostly transparent to users, though (mostly because there is some setup that has to be done).
I have been using it to manage all of the keys I use for various web accounts, and for sharing the passwords with my wife. It allows me to use long, complex, unique passwords for all of my web accounts, and to do so fairly conveniently. My wife doesn't like it; she'd rather just have a single password we both know and use on all of the important sites, but she also recognizes why that's a bad idea, so she uses passpack -- and grumbles about it.
Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
We use gnupg+vim to share passwords and other secrets among my team. http://www.vim.org/scripts/script.php?script_id=661
To create a new encrypted secrets file, 'vim secrets.gpg'. Vim prompts you to specify recipients from your gpg keyring. Then vim opens a buffer; you write your secrets in the world's greatest text editor.* On write or close, vim prompts for your passphrase and encrypts the file to the recipient keys you specified, saving it as ascii-armored gpg.
Open an existing file with a .gpg extension, and vim prompts for your passphrase, decrypts the file, and opens it in a new buffer. On write or close, it re-encrypts the file to its configured recipients.
For easy sharing and revisioning, we keep these gpg files in a mercurial repository. This gives us a distributed, free, scalable, and reasonably secure solution.
*There's a similar gnupg plugin for emacs, if you're of that heretical religion.
1. Ignore anything on here except the advice: "Go see a lawyer"
2. You will want to see either a probate lawyer or estate attorney, they have different names. One of each if you have the choice!
3. Find one that has any technology experience, or experience dealing with digital records
4. If in doubt see Item #1 above
Short answer: Lawyer up!
The approach that I would take is to distribute decryption software and a key or one time pad to anyone I felt was appropriate, siblings, executor, whoever, and then be sure to always keep an encrypted copy of my passwords and account info on the computer or a flash drive. The only down side is that the information has to always be kept current, must be updated after every change. But even if the computer or flash drive are stolen the information should be safe as long as the thief isn't one of the people holding the decryption key and doesn't know who those people are.
This, of course, assumes that the flash drive or data file can make its way to someone after you pass on. I had seen a program years ago that promised to do things like send such files after you were dead (or delete all of your porn), but it was so unreliable that it was useless, would take action with no warning on minor events such as recovery from extended power outage, repair of failed system, or incorrect clock setting. A good dead man's switch program would be the prefect match for such an encrypted file.
I'm an American. I love this country and the freedoms that we used to have.
Keep all your passwords in an encrypted file with something like passwordsafe. Then keep the password and directions for getting to it in your will. Simple!
You might be interested in http://www.securesafe.com/en/ this is a system that actually allows to define people to receive access to your data/passwords. http://www.securesafe.com/en/features/inheritance.html
Do or do not, there is no try.
In this day and age, keeping track of accounts and passwords is a bit more complex than before. You should have different passwords and even account names for each account if possible and they should be secure passwords. There is other information like what the "secret" questions were which in some cases are hard even for you to remember what you replied with.
Using an password wallet (I use B-folders), allows you to keep track of these things with a master access password which makes it easy to do, but a lot more secure and portable than writing them down on paper.
Providing your Lawyer with information on how to obtain that access password along with other legal paperwork you need to pass along should make it easy to do what you are asking.
If you make it too complicated, you simply won't do it... so use a tool that you yourself can use at the same time and there is no big deal about it.
My condolences to you and your family. Sorry for your loss and that you're having to deal with stuff like this right now. Best of luck sorting everything out.
Install a hardware keylogger inside your keyboard (or just buy an external usb hardware keylogger -- this is less secure for the paranoid) and have the password that accesses the keylogger written on a piece of paper with instructions on how to use it in your wallet. Tell your relatives that you have a keylogger in (or attached to) your keyboard and that instructions on how to use it can be found inside your wallet if you die. Run a monthly script that simply types all of your passwords out one by one in a notepad so the keylogger catches them. If you die, your relatives will find the piece of paper, access the contents of your hardware keylogger, and collect all the information. If you are paranoid about someone breaking open your keyboard, stealing the flash memory, and somehow accessing it contents, I'm sure you could put an encrypting stage between the read and write stages (given you are making this keylogger yourself with a microcontroller). ...Or you could just use an online service that holds sets of passwords and secures them with a master password, but that's not as fun, is it?
Put a cryptic note into an envelope that is to be stored with your will. The note will lead your family members to a statue or monument in a big city, which will have a clue to some other location, then another, etc... Only the people you chose will ever be able to complete it.
My wife and I each have Password Safe (or Password Gorilla on my Linux boxes) installed. You can download it at http://passwordsafe.sourceforge.net/. We store our logins and sensitive digital information inside the encrypted password safe. The password safe files are stored on our hard disk drives and a cloud service (Dropbox). Inside the password safe is instructions on how to access each others password safe. These instructions are also stored in a physical safe along with other important documents and a list of where we keep our wills, birth certificates, etc. The combination to the physical safe is stored in each of our password safes. The combination to the physical safe is also shared with relatives we trust to take care of our affairs should both of us die unexpectedly or be otherwise incapacitated.
-- Stu
/. ID under 2,000. I feel old now.
I run a company http://www.lifeensured.com/ that exist for the explicit purpose of preventing these kinds of issues when someone passes away. We've got several happy customers, are backed by an irrevocable trust and get a feed of people who have passed away from the social security administration (in addition to letting people select someone to verify that they have passed away)
We've also put together http://www.deceasedaccount.com/ where we reviewed all of the privacy policies for major sites and pulled out the processes they require if someone passes away. We also had a lawyer pull relevant laws which you can use to help get access to things from internet companies if you are having trouble.
For the security minded. When we take a password, it is encrypted with a 2048 bit public key. The private key is stored offline. We only decrepit passwords when we have verified one of our clients has passed away and the process involves a human who has undergone a background check.
Contracts made with your dead father a null and void at his death. The folks dealing with him through eBay are just out of luck. If they are nice to you, maybe you should consider helping them out, but that's all you're own good will, legally they have no claims (or, maybe they do have claims, and they can take them up with the executor of your father's estate, and will have to get in line, assuming that there's any estate to claim against). The banks should respond more rapidly, but will require a death certificate. Once you have shown them the death certificate, they should be able to shut down the automated bill pays, and maybe even claw back some of the payments that went out after the date of death.
As for making this stuff easier on your own survivors: I'll second the safe deposit box idea. Just put a list of your passwords in the safe deposit box. It's a bit of a pain to keep it up to date, but not too bad. I just keep a list of passwords in my desk, and my survivors have been told about it. I only tell the folks that I can actually trust, so there's no question of anyone impersonating me (or, no question worth fretting over). Keeping that list in a safe deposit box would offer 1) better security (burglars wouldn't find it, for example), and 2) also protects the list from being destroyed in a house fire. (Man! I gotta go get a safe deposit box!)
just a ghost in the machine.
I think the easiest thing to do would be to use layered encryption. I.e. put a password-protected keypass file in a truecrypt volume, which is in a secure rar file that is PGP'd. Each layer would have a separate password and/or key file. Give the password for each layer to two or three people (redundancy in case one of them dies before you do). Make sure that there is no overlap (i.e. don't let any one person or group of people such as a husband and wife have the passwords to more than one layer of encryption). Optionally keep a listing of the people that have the passwords to make it easier to open the password list in the event of your death. It will be easier this way, but if you're worried about subpoenas you can omit it. As far as subpoenas, as long as you have a sufficient number of encryption layers, then you may not need to worry about them because opening your password vault would require a number of subpoenas equal to the number of layers of encryption, and even if they generate all those subpoenas, if you are relying on trusted friends, it's easy for one or several of them to claim that they no longer remember what you told them and it would be very difficult if not impossible for someone to prove otherwise.
The second part is making sure that the actual file itself remains available. I would recommend keeping it on a couple thumb drives in safe areas as well as distributing it to all the people that have parts of the password chain on a regular basis (i.e. every time you update it).
The one thing to keep in mind is that this scheme relies on the cryptographic algorithms' ability to protect your data. In 10 years, today's encryption may be relatively easy to break, so you'll probably want to keep it up to date.
Ignore the suggestions that require you to rely on third party services and software that may or may not be be available in the future as technology etc... changes.
Type your passwords on a sheet of paper. Put the paper in an appropriately rated safe. Give the combination in a sealed envelope to the appropriate trusted individual(s).
Done.
Seriously, it's that dead simple. And since you'll likely need a safe anyhow to keep important papers in, you might as well make full use of it.
Aside from that, what we did at my old workplace was keep a hard copy of our network password list in the safe. That way if we needed it, we'd just pull it out. Probably your easiest option
"... some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet)."
I should bloody well hope they wanted proof of executorship!
Why do so many people think that the problem of getting at a deceased relative's belongings is in any way a new phenomenon? People communicated before email was invented, they had secrets before PGP, and they most certainly used to die with a bunch of loose ends that needed sorting out.
You may WANT to get your hands on granny's Gmail account and grab her stuff as soon as possible, but the basic principle in law - that I am DAMN GLAD exists - is that only those people who have been granted the right to do so by due process should access these things.
FFS it's bad enough the erosion of privacy that's taken place since the net came in without potential criminals or idiots getting their hands on my passwords after I'm dead!
STOP THIS MADNESS!
"And the meaning of words; when they cease to function; when will it start worrying you?"
Password Manager with my pron collection as the key.
That way, my pron buddy can "remove" the important items from the password file before providing the rest to my family. I'm sure he will be sad, but still slightly happy.
Just write the passwords on yellow stickies, and keep them beside your monitor.
why not do the opposite, instead of having them only get the password when you die, have you die if they get the password?
stick it in a box which you can check for having been opened, if it has been opened, kill yourself.
Just print out a hard copy and stick it in a safe (presuming that [i] you have a safe, and [ii] you can trust everyone in your house that has access to your safe).
If you suddenly die, they'll look through your safe and find the passwords. Heck, even label the safe "important documents" so they remember to look (if they think it's just a gun safe or something, they may not think to review the contents).
Dealing with burglary of the passwords:
If your home is burglarized, change your passwords immediately.
Don't forget to treat any computers left in your home as "tainted" and to re-install your operating system from known-to-be-safe media prior to changing your passwords (your own level of paranoia will determine what you believe to be safe media).
1. Place all of this important information into a file.
2. Encrypt that file with a long (30 char) password.
3. Break the password into sections, (char 1-10, 11-20, 21-30, etc) and give each of your trusted family/friends a copy of the file, and a portion of the password.
.
.
.
4. Upon your death, they can communicate with each other to reassemble the full password, and access the file.
--- Generation X: The first generation to have SIG lines inferior to their parents... ---
Google isn't showing any good citations on this. Other than the obvious keylogger attack, what are you talking about?
The only thing I'd like to make sure happens after I die is that my porn collection be deleted. Some things, I'd rather the family not know about me.
This is exactly why simple elegant solutions like Passpack http://www.passpack.com/ were created. I'm sure there are lots of other options that function almost identically with allowing you to share passwords, but preventing the services themselves from being able to access them. It isn't a complicated problem.
I'm not sure why people post the most convoluted solutions on here. Encrypted drive? Really? How out of touch with reality are people that post things like this. Sure you and I know what to do with this, but the majority of family members will have their eyes glaze over after the will reads "Here is the password to my encrypted drive..."
Use a keyring, make a copy with a strong master password every so often, and give your lawyer a copy along with a copy of your will, and since any communication with a lawyer is also considered privileged, it was the side effect that no court order can ever disclose the password before you die.
It may not be legal for you (or your beneficiaries) to access your account(s) even if you/they have the passwords. There is a reason banks etc. ask for death certificates and wills. Especially if the will has not been executed yet (your siblings may decide to fight over it) you may be legally in hot water depending on your jurisdiction for even accessing any type of account, e-mail etc.
There is a huge issue with current sites (like eBay, Paypal, Facebook...) that simply don't have these processes implemented but you could legally ask or force them to give you access if you are the executor of the will (especially when they manage part of the estate as a traditional bank would).
If he had a (legal) business on eBay (check with a tax professional as you may also be inheriting a few years of unpaid income taxes) and you inherited that business by acceptance of the estate you will also have to fulfill the obligations (return money, products, fees etc.) so check with an eBay support person on how this can be done.
People always think that inheritance is a good thing (financially seen) but people have a lot of skeletons in the closet sometimes even hidden from their own children and wives which even if you accept an inheritance of a million dollar property, you also inherit the debts and obligations of said estate.
Custom electronics and digital signage for your business: www.evcircuits.com
Store all your credentials in a keychain that you can protect with a private key, and then keep the private key (or copy of it) in a safe. Put the combination to the safe in your will.
I run: Windows, OS X, Linux, FreeBSD. Just because you have a hammer, doesn't mean everything is a nail.
You can put the necessary information in your will. When you die, you can ask your lawyer to give it to your family.
Drop your new password off each month, with instructions to release to XYZ upon your death. Pain in the butt, but it securely keeps your passwords with a dead-safe fallback.
Vote monkeys into Congress. They are cheaper and more trustworthy.
These two should do it: http://www.deadmansswitch.net & http://passwordsafe.sourceforge.net
Have a cron send a password protected zip, excel, pgp self-extracting archive, whatever to one trusted friend.
Give the password to unlock it to a second, trusted friend.
It doesn't matter. When you die, it all becomes the executor's problem. People have been dying for millions of years. There is a system for it. Bottom line: Don't impersonate a dead person - it is illegal to do so. Just gather up all the information you can find and give it to the executor. To those people who have paid/ordered stuff from the dead person - tough luck really - but that is life.
Excuse me, but please get off my Pennisetum Clandestinum, eh!
Myself, i found long ago that the password requirements for my various systems exceeded my ability to manage them without some type of data base... I currently use an encrypted database application called KeePass... this application allows me to change my passwords on a daily basis if needed and still keep the same password. I gave my trusted relatives the password to this encrypted database in the copy of my will that they are holding in a sealed envelope... I suppose I could have put all this information on a USB memory stick, but the paper form will last longer and a sealed envelope will keep them from discovering the password until it is time for them to do so...
Ted
Check this out: http://www.securesafe.com/en/
Use the VI editor's encrypted file service. It uses "X" as a command. Do :help X to read about it.
Put into one encrypted file all of your passwords. In each text block of 4 or more lines put this data: URL, date, userid, password, comments
From time to time, print this entire file out. VI prints nicely with the ha (hardcopy) command.
Staple the pages together and drop it in the bottom of a desk drawer.
Tell your heir where to find this paper printout.
Bingo your heir has a clue to every important internet account and activity.
----------------
Other enhancements are, you can generate passwords 200 at a time and store them in the same file.
Password generators include apg, line numbering passwords can be done with wc -l
I put an asterisk in front of each password as I use it, to ensure each password is used only once.
-----------------
I have been doing this system for about 15 years. My password printout is 22 pages long.
I use this password storage method daily. No typing needed for passwords (use mouse copy), it is best for your personal Linux desk.
The whole scheme has only a few (but real) theft weaknesses.
Create an Extremely Long Password (like a sentence of 6+ words) and share part of it with each sibling. Tell them THIS if my master password. When you die, you leave instructions on how to combine the pieces of the password they know into the full thing, and they have access to everything.
1 - print out your passwords. Define a decent standard so zero can be distinguished from "o", and lowercase "L" can be told apart from uppercase "I" (you may want to avoid Arial - use Courier or OCR-A instead - clarity is critical).
2 - take an envelope and write a date on it. You know, "write* - the stuff you need a pen for?
3 - insert sheet in envelope, close it and sign across all seams. If you want to be extra safe, tape all seams (that also makes a mess of any attempt to open envelopes delivered with postal services, just a tip) - that will ensure you will always know someone has accessed the envelope.
4 - add to personal effects (safe storage of sorts)
Do this every time you update passwords and the problem is solved. It stops unauthorized use as you can detect an integrity breach of the envelope, and it provides the data to whoever has to handle the estate. And no high tech to confuse anyone, or to fail just when you need it.
In addition, I would make explicit stipulations in your will - combined with your death cert that will make life a bit easier with services.
Good luck, I know it's hard to do this on top of losing someone.
Insert
I just wrote down my passwords and list of the important online accounts that I have on a piece of paper and put that in my fireproof safe.
~Syberz
Bit of a PITA, but...
...because if you do forget (or keel over, or for whatever reason do not run the script), another script kicks in and your current P/W list is forwarded to the appropriate parties.
Manually run a small script each day on a home server. (If you're away from home you SSH in to run the script).
Do this every day, perhaps right after the coffee starts brewing. Make it a habit so you won't forget...
PITA part is remembering to do this every day. Sure wouldn't want to cron that as well, would kinda defeat the purpose.
SecureSafe seems to be exactly what you are looking for. It's a digital safe for passwords and documents with a data inheritance feature which will let you arrange to have passwords and files passed on automatically and securely to beneficiaries amongst your family, partners and friends in the event of an emergency or fatality.
Create a keepass database of all of the accounts. Share database and access key with trusted party, like family, friend, or lawyer.
SIG: HUP
I'm already involved with a service for businesses and freelancers that assists in this sort of problem.
Crisis Cover (https://CrisisCover.co.uk) is similar to a Dead Man’s Switch mentioned above, but it's a secure hosted solution so you don’t have to manage anything technical or worry about maintaining a server yourself. It doesn't purely rely on emails, it can use services like Twitter too, and there are quite a few more social media options coming shortly.
For companies or individuals dealing with lots of accounts (especially people heavily involved in the web), it's a big benefit to be able to get at and update the data fairly regularly if that's important to your business and how you operate. It's also a simple way of getting up and running with some protection very quickly (a few minutes in many cases) compared to some other options.
Maybe it's of use to someone here, (and of course we’d love to know what you think).
A.
Just save all of your stuff on your IronKey, give the intended person your master password to unlock the IronKey and save it in a Safety Deposit Box...
I have a mutable pact with a friend to remove all pr0n from our respective servers in the case of death. That is all that needs to be done, no one needs to inherit my ratio at the pr0n torrent site.
I like LASTPASS for many reasons. Mainly it keeps all the passwords available and up-to-date. You can use LASTPASS to create one time passwords, print them out and put in an envelope with your will, etc.
In the old days there were things called 'safes', which could be opened with a metal 'key'.
Surely you must know somebody who can be trusted with a copy of a key.
No sig today...
If you keep your passwords on your computer [choose your program], and give the master password to someone, what if the computer dies with you?
If your laptop was in the car when you ran into a pole, it doesn’t work anymore so how does anyone get your passwords? The house burns down and takes you and the computer with it. You are shot during a mugging and your tablet is taken during the mugging.
We now keep our data with us much of the time. The data and the person will die at the same time more often as time goes by.
If you’re willing to give your lawyer your master password, how much different is it to give him all of your passwords and keep them updated?
You do change your master password weekly also? That one needs just as much protection as any other password.
Sorry to hear about your loss.
There are online services that deal with accounts and passwords and making provision for passing them on when your no longer around. I signed up with http://www.icroak.com - quite a name! It was quick and easy to do