Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Securely Store Private Information For Posterity?

Posted by timothy on from the more-mysterious-to-go-all-jason-bourne dept.

An anonymous reader writes "In the event of my untimely demise, my wife and family will need access to all of my private data (email, phone, laptop password, SSN, etc) and financial accounts and passwords (banks, 401(k), mortgage, insurance, etc). What's the best way to securely store all that data knowing the data is somewhat volatile (e.g. password changes) and also that someone else who is not technically savvy will need to access the most up to date version of it? Suggestions include a printed copy in a safe deposit box, an encrypted file, a secure server in the cloud, or maybe a commercial product."

38 of 257 comments (clear)

  1. Answer in the question by Anonymous Coward · · Score: 4, Insightful

    Safety deposit box is probably the only reasonable solution. A file stored in the cloud or on a hard drive is likely to get deleted or the service will die before you do. Any documents/passwords/items your family needs should be stored in a safety deposit box. If the data changes frequently and your family absolutely needs access to it, which is unlikely, then keep them written down in a safe at home and make sure your family has the combination.

    1. Re:Answer in the question by Anonymous Coward · · Score: 2, Insightful

      In addition, storing the information out of your house protects you in the event of a fire, etc.

    2. Re:Answer in the question by kerashi · · Score: 2

      This. Don't expect your family to know how to get into your digital copy, and don't expect it to last as long as good, old-fashioned paper. A safety deposit box is great for long-term documents, and a small fire-proof safe at home is good enough for keeping frequently-changed things like passwords. Note that you should not keep REALLY important documents in a home safe, especially a small one, as a thief can simply pick it up, walk out, and drill the lock at his convenience.

    3. Re:Answer in the question by fahrbot-bot · · Score: 5, Informative

      Safety deposit box is probably the only reasonable solution.

      Access can be an issue. Ensure that your spouse (or someone else you trust) is listed with the bank for the safe deposit box (not just the associated bank accounts). If not, no one - and I mean NO ONE - will have access to the box contents without either a court order or until after probate of your will and new ownership of the box is established. And no, Power of Attorney won't work as that expires when you die.

      It should be obvious from the above that your Will should not be stored in a safe deposit box - especially one registered in only your name, or you and your spouse (if you die together, no access to your Wills). A better place for your Will is a home safe, your lawyer or accountant.

      IANAL, but did have to work through all this when my wife died in 2006....

      --
      It must have been something you assimilated. . . .
    4. Re:Answer in the question by KhabaLox · · Score: 2

      I've never seen a concealed fire safe.

      I guess it worked then.

      --
      Ceci n'est pas un sig.
  2. Easy, look at what was already posted here. by Milharis · · Score: 5, Informative

    Not even a year ago, almost the same thing.
    http://ask.slashdot.org/story/11/11/01/1414234/ask-slashdot-how-to-securely-share-passwords

    1. Re:Easy, look at what was already posted here. by boaworm · · Score: 3, Funny

      Not even a year ago, almost the same thing.
      http://ask.slashdot.org/story/11/11/01/1414234/ask-slashdot-how-to-securely-share-passwords

      The first post in this thread:
      why care? (Score:1)
      by Anonymous Coward on Saturday July 07, @01:29PM (#40576481)
      you're dead

      The first post in the 1 year old thread:
      Dont worry about it (Score:5, Insightful)
      by Anonymous Coward on Tuesday November 01 2011, @01:03PM (#37909302)
      You'll be dead.

      Anyone sees a pattern? :-)

      --
      Probable impossibilities are to be preferred to improbable possibilities.
      Aristotele
  3. Wuala + Dropbox by Troed · · Score: 2

    Wuala - http://wuala.com/

    Like Dropbox, but with actual security - i.e, client side encryption. You can also share information with groups of others etc.

    LastPass - http://lastpass.com/

    Solves all password problems, and all you have to make sure is that the master password is accessible after your death. Like, in your will.

    --
    it's in my head
    1. Re:Wuala + Dropbox by Nightshade · · Score: 5, Insightful

      um... no. cloud vendors can disappear without notice in which case you're out of luck. lastpass was hacked last year so that isn't the safest choice either. see http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud so this is a real problem. the fact that you;re thinking about this means you're planning which is like better than probably 80% of people out there. so what i would do is come up with something that works for you and have your spouse/next of kin actually try to follow the agreed procedure without you around and have them report back on problem areas. a lot of businesses have disaster recovery plans which they try to play out once or twice a year. trying it definitely finds some problem areas.

    2. Re:Wuala + Dropbox by Troed · · Score: 3, Informative

      No, it wasn't hacked, and that won't change just because you keep repeating it. If you don't select a bad password on purpose (LastPass rates it) you have nothing to fear from brute force tools. Rainbow tables don't help with services that understand salting - and LastPass most definitely know their stuff as compared to a lot of other services.

      No LastPass accounts were compromised from the incident that _maybe_ happened. I fail to understand why you seem to purposely want to misrepresent the facts. Your two links have not supported your statements, at all.

      LastPass + Wuala is still the best, and most secure, way to solve the question asked.

      --
      it's in my head
  4. encryption? by girlintraining · · Score: 4, Informative

    Encryption is when you want to keep people out. In the scenario you've outlined, you need to let people in, but only certain people. That screams physical security. Your online passwords and all that crap can all be bypassed by a court order, which would be issued to the executor of your estate, authorizing the holder(s) of your assets to grant access to them. You don't need to keep a record of your passwords anywhere... once you're dead, they can just reset them. The rest might have value to you, but it is unlikely to have value to anyone else. Nobody's going to care about your licensed copy of Microsoft Office, or need to decrypt your secret collection of porn, music, and videos.

    This is not a technical problem. This is a legal problem. This is the wrong forum to answer those kind of questions. You need to make a list of what assets you want (it's called a will) to pass on, and then simply make sure those assets are accessible. Call the companies up that maintain your online stuff and ask them. You don't have to worry about banks, mortgages, or physical assets: That's the executor of estate's job to sort out. Your Will provides all the legal power necessary.

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:encryption? by Instine · · Score: 5, Insightful

      My wife passed this year. And in reality, its not this simple. The first issue here is that dealing with court orders is the last thing you want to be doing. Your head is a mess. A real big mess. The question here is a great one. How do you make it easy, is the point. What you suggest sounds easy. But in practice, I promise, it's not.

      And its not just legal documents you want access to. It's a friend's email address, or a recipe for her favourite cake. Even if you can get a court order to do this, would you?

      This is a digital problem with a complex human coating. I want to hear the solution to the question asked, as asked. I don't have the answer.

      --
      Because you can - or because you should?
    2. Re:encryption? by girlintraining · · Score: 4, Interesting

      It's not supposed to be easy. If it were easy, there'd be a healthy criminal underground taking advantage of it. The legal system isn't designed to be easily co-opted; It takes time, showing up in person, and proving your identity... and that's just to get your foot in the door. You look at court orders and lawyers as a problem, but they aren't -- they're the solution.

      But go ahead and put your faith in technological solutions that require no human interaction and grant full access to everything you own, love, and are. I'm sure nothing bad will happen.

      --
      #fuckbeta #iamslashdot #dicemustdie
    3. Re:encryption? by DarkOx · · Score: 2

      Sorry to hear about your loss, it must be hard to talk about this stuff with it all being so recent. I just wanted say thank you for adding your experience and insight to this conversation, especially if it was hard for you.

      --
      Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
  5. Mod parent up. by khasim · · Score: 5, Insightful

    Any documents/passwords/items your family needs should be stored in a safety deposit box.

    Let me expand that a bit.

    If your family absolutely needs the information MAKE SURE IT IS IN A PHYSICAL FORMAT and stored in a secure location.

    Electronic formats are not reliable enough for critical information. Particularly if your family members are not sufficiently tech savvy.

    1. Re:Mod parent up. by RsG · · Score: 4, Informative

      Yep, most of the stuff (banks, 401(k), mortgage, insurance, etc) listed in the summary would be best suited to paper. And safety deposit boxes are the way to go.

      For the stuff like email and online banking, might I suggest setting up a main email account with a stable password that is as strong as you can make it? I.e. twenty characters, alphanumeric, no words in the dictionary?

      You don't need to use this account for your regular email, you just use it to reset your other passwords when needed. So you've got "yournameherebackupaccount@____.com" on every online form for password recovery, and the backup accounts password is written down someplace secure, and too strong to need resetting. Pretty sure you can even set up a "forgot my password" option for your regular email provider (I recall doing something like that with gmail in any case).

      Once you become metabolically challenged, your family just needs to access the one account, using the password saved in your deposit box, and reset the passwords on everything else for their own access. Since the password is saved in a deposit box, your bank becomes the gatekeeper for it, and they're pretty good at that job.

      --
      Erotic is when you use a feather. Exotic is when you use the whole chicken.
    2. Re:Mod parent up. by Anonymous Coward · · Score: 4, Insightful

      All of these are important suggestions, but you need to make sure that the ownership paperwork on the safe deposit box includes your spouse or "personal representative." Otherwise they don't have direct access to it. They would have to either have a power of attorney that grants them access to it or get a court order allowing access to it, either in probate or a guardianship/conservatorship situation. Because people forget to allow such access but shove their will in there, it is not completely uncommon for a probate proceeding to be opened without the will being able to be provided, the safety deposit box probated, then once the contents of box are found to contain the will, the will is then entered into the probate and the rest of the property taken care of. As you can tell, that is a longer and more expensive proposition.

    3. Re:Mod parent up. by Anonymous Coward · · Score: 2, Informative

      I just wanted to clear something up in that AC's post: a power of attorney won't work if you are dead and if the spouses is not allowed access to the box on the paperwork with the bank, that just leaves the probate procedure of your state before they will even let you take a look inside.

    4. Re:Mod parent up. by Whip · · Score: 4, Informative

      The magic words you're looking for on accounts are "with rights of survivorship," which will give the named individuals direct access even after one dies. It's something you can just ask for on a joint account (if they don't give you the choice directly). I have my savings & investment accounts (and my deposit box) set up this way -- the last thing I want is for my partner to have no access to funds immediately after my passing.

  6. Punched Cards by Anne+Thwacks · · Score: 3, Funny
    Dump the whole lot to punched cards. No one will read punched cards unless they are desperate, but if they are desperate, the technology can be built from scratch.

    If in Europe, you might prefer paper tape, but I doubt it.

    PS Anyone got an open source program to print card images onto A4 paper? (readable by Lottery hardware)

    --
    Sent from my ASR33 using ASCII
  7. Re: Safe Deposit Boxes by AlienSexist · · Score: 3, Informative

    It might be worth mentioning that Banks will provide access to your Safe Deposit Box to law enforcement in various circumstances. I'm confident you can dig up news articles of consumer complaints that police accessed private SDBs with little (if any) proper process or authority. I've also come to understand that banks are required to turn over SDBs to the state in the event that the account holder dies so that the contained property can be included Probate into the estate for valuation and taxation purposes. If your credentials are in there it widens the scope of what can be seized for probate or snooped upon.

  8. Re:All of the above by Anonymous Coward · · Score: 3, Insightful

    The "cloud" (both free or commercial) is very far to being a suitable solution for long term, secure store for private data. See the megaupload cease or even the stories of AWS outrage.

    Anything network attached or even IT related is not suitable for what you are looking for. Probably the best solution is paper copies in a safe box with off site back up copies in safe-deposit box.

  9. post its by yorgasor · · Score: 3, Funny

    Easy, just write them on post-its and attach it to your monitor at work. It's the most secure location there is.

    --
    Looking for a computer support specialist for your small business? Check out
  10. If RPGs have taught me anything... by dadioflex · · Score: 4, Funny

    ...it's that your valuable information should be transcribed onto a special medallion, which is then quartered with each quarter piece buried in a deadly dungeon in a far flung corner of the land. That's what passed for "Cloud" storage in my day. (yes yes I know.)

  11. Esay by Yoda222 · · Score: 2, Funny

    I put everything on megaupload

  12. Save Public Information, not Secret. by edibobb · · Score: 2

    It's very common for people to die without leaving this information behind, and there are methods in place to handle it. There is some security risk in having to modify the "private data stash" every time you change a password, account information, etc. Instead, it might be better to list the accounts, etc., and leave instructions on how to access them after your death or incapacitation, without the passwords. Since proof will be required for this type of access, your "private data stash" won't have to be so secret and you can eliminate a security risk.

  13. Envelope with your signature on the flap by Nutria · · Score: 3, Interesting

    Allowing access only to your heirs, and only when you're dead is impossible unless you've got *lots* of money. After 9/11 and the destruction of Swiss banking secrecyt, it's probably impossible.

    But you don't have that much money.

    So, since as others have mentioned, law enforcement can get your stuff if they really, really want it, all you can reasonably hope for is to make your documents tamper obvious

    Thus...

    1. Print out accounts, passwords, etc.
    2. Put them in a "safety lined" envelope, sealing it closed just like normal.
    3. Write your signature across the edge of the flap.
    4. Further seal it with packing tape.

    So, if someone tries to steam open the envelope and then reseal it, you'll notice since they won't be able to exactly line up the two halves of the envelope and thus your signature will be misaligned.

    (This is a variation on the old displaced strand of hair trick.)

    --
    "I don't know, therefore Aliens" Wafflebox1
  14. Re:why care? by fustakrakich · · Score: 5, Funny

    Hm, can you name for me all the famous nihilists who did something other than be raving, depressed nihilists?

    Does it matter?

    --
    “He’s not deformed, he’s just drunk!”
  15. Slashdot by cowboy76Spain · · Score: 3, Funny

    My way is getting the info into an /. article.

    After that, the editors will take care that it is periodically available again as if it was a new article.

    --
    Why can't /. have a rich-text editor? Editing your own HTML is so XXth century.
  16. Re:why care? by Anonymous Coward · · Score: 2, Funny

    So have her "taken care of" before you die... make sure it looks like an accident so they won't suspect you.

  17. Paper and pen. Keep it simple. by ip_freely_2000 · · Score: 2

    There's a plain looking red notebook in my desk drawer. The first five pages are blank. I've written down username/passwords and account numbers for everything. I've told her it's there and I keep it updated. I don't pretend the information is at risk from a meth-induced burglar. The FBI is not coming knocking. I have not discovered a secret to the universe. My method is simple and immediately available to my wife or daughter if it's needed.

  18. Re:All of the above by __aaltlg1547 · · Score: 2

    FLASH memory degrades over time, albeit slowly. If stored safely, it can store data reliably for about 10 years. I think the best bet is actually good old fashioned paper, locked in a safe deposit box or on file with a trusted attorney (or both). The attorney should certainly know about your safe deposit box at the least.

  19. Re:why care? by philip.paradis · · Score: 2

    Egoism is an accepted term.

    --
    Write failed: Broken pipe
  20. Safety deposit box a bad idea by bwrbwr · · Score: 2

    In my experience, a Safety deposit box is a bad idea, at least if that's the only place you've stored things. Depending on the laws where you're located, as soon as a bank is notified of a death, the Safety deposit box is sealed. The box can be searched, if a will if found, it is sent to the court (not given to the family). Any other items can only be released via probate court order, which could take weeks or months. You may be able to work around limitations by having other names on the box, but the last thing you want to do in the aftermath of such an event is to dance around some banks procedures. Safety deposit boxes have significant legal encumbrances, give your loved ones a less difficult means to access your data.

  21. If you have substantial assets, you need a trust by durdur · · Score: 3, Insightful

    A family trust can pass assets to your surviving spouse or other beneficiaries without having to go through probate. (it can provide some tax advantages, too). Put your bank account and other assets, including title to your house, in the name of the trust, and then the trust document controls what happens to them when you die.

  22. Signs of imminent demise. by GrantRobertson · · Score: 2

    I'm supposed to trust my most important personal information to an internet-based company who's home page cannot gracefully fail when I have JavaScript turned off? Really?

  23. Re:If you have substantial assets, you need a trus by KhabaLox · · Score: 3, Informative

    I don't have mod points, so I'll just repeat for emphasis.

    Set up a Family Trust and make sure all of your assets are in it. Besides avoiding the hassle of probate, you can gain some tax advantages potentially, and (this last part may not be unique to Trusts) easily lay out your wishes for who will take care of your minor children should you and your spouse die together.

    --
    Ceci n'est pas un sig.
  24. Re:WTF? Secrets? by GrantRobertson · · Score: 2

    Your wife (if you actually have one) must have an incredible memory. And she must be pretty cool headed as well, to be able to remember all of your passwords in what - you hope - will be the worst time of her life.

    I'm guessing you have never been married or you would realize how simplistic this notion is.

    Just as an aside: Do you record all of your conversations you have with friends where you may have complained about your wife (or even just asked a close friend for guidance on how to deal with some issue) and then replay those recordings for your wife (again, if you have one)? I thought not.

    Most people do not want to know every detail of what is going on in their spouse's life. All truly healthy relationships also include privacy. People need to know they can write an e-mail to their friends asking for help with an issue without worrying about their spouse being able to read it any time they want.

    Conflating "having some privacy" with "not including your family in your life" is both a false dichotomy and terribly naive.