Ask Slashdot: How Do You Securely Store Private Information For Posterity?

← Back to Stories (view on slashdot.org)

Ask Slashdot: How Do You Securely Store Private Information For Posterity?

Posted by timothy on Saturday July 7, 2012 @05:28AM from the more-mysterious-to-go-all-jason-bourne dept.

An anonymous reader writes "In the event of my untimely demise, my wife and family will need access to all of my private data (email, phone, laptop password, SSN, etc) and financial accounts and passwords (banks, 401(k), mortgage, insurance, etc). What's the best way to securely store all that data knowing the data is somewhat volatile (e.g. password changes) and also that someone else who is not technically savvy will need to access the most up to date version of it? Suggestions include a printed copy in a safe deposit box, an encrypted file, a secure server in the cloud, or maybe a commercial product."

23 of 257 comments (clear)

Min score:

Reason:

Sort:

Answer in the question by Anonymous Coward · 2012-07-07 05:33 · Score: 4, Insightful

Safety deposit box is probably the only reasonable solution. A file stored in the cloud or on a hard drive is likely to get deleted or the service will die before you do. Any documents/passwords/items your family needs should be stored in a safety deposit box. If the data changes frequently and your family absolutely needs access to it, which is unlikely, then keep them written down in a safe at home and make sure your family has the combination.
1. Re:Answer in the question by fahrbot-bot · 2012-07-07 07:46 · Score: 5, Informative
  
  Safety deposit box is probably the only reasonable solution.
  
  Access can be an issue. Ensure that your spouse (or someone else you trust) is listed with the bank for the safe deposit box (not just the associated bank accounts). If not, no one - and I mean NO ONE - will have access to the box contents without either a court order or until after probate of your will and new ownership of the box is established. And no, Power of Attorney won't work as that expires when you die.
  It should be obvious from the above that your Will should not be stored in a safe deposit box - especially one registered in only your name, or you and your spouse (if you die together, no access to your Wills). A better place for your Will is a home safe, your lawyer or accountant.
  IANAL, but did have to work through all this when my wife died in 2006....
  
  --
  It must have been something you assimilated. . . .
Easy, look at what was already posted here. by Milharis · 2012-07-07 05:33 · Score: 5, Informative

Not even a year ago, almost the same thing.
http://ask.slashdot.org/story/11/11/01/1414234/ask-slashdot-how-to-securely-share-passwords
1. Re:Easy, look at what was already posted here. by boaworm · 2012-07-07 07:19 · Score: 3, Funny
  
  Not even a year ago, almost the same thing.
  http://ask.slashdot.org/story/11/11/01/1414234/ask-slashdot-how-to-securely-share-passwords
  The first post in this thread:
  why care? (Score:1)
  by Anonymous Coward on Saturday July 07, @01:29PM (#40576481)
  you're dead
  The first post in the 1 year old thread:
  Dont worry about it (Score:5, Insightful)
  by Anonymous Coward on Tuesday November 01 2011, @01:03PM (#37909302)
  You'll be dead.
  Anyone sees a pattern? :-)
  
  --
  Probable impossibilities are to be preferred to improbable possibilities.
  Aristotele
encryption? by girlintraining · 2012-07-07 05:35 · Score: 4, Informative

Encryption is when you want to keep people out. In the scenario you've outlined, you need to let people in, but only certain people. That screams physical security. Your online passwords and all that crap can all be bypassed by a court order, which would be issued to the executor of your estate, authorizing the holder(s) of your assets to grant access to them. You don't need to keep a record of your passwords anywhere... once you're dead, they can just reset them. The rest might have value to you, but it is unlikely to have value to anyone else. Nobody's going to care about your licensed copy of Microsoft Office, or need to decrypt your secret collection of porn, music, and videos.
This is not a technical problem. This is a legal problem. This is the wrong forum to answer those kind of questions. You need to make a list of what assets you want (it's called a will) to pass on, and then simply make sure those assets are accessible. Call the companies up that maintain your online stuff and ask them. You don't have to worry about banks, mortgages, or physical assets: That's the executor of estate's job to sort out. Your Will provides all the legal power necessary.

--
#fuckbeta #iamslashdot #dicemustdie
1. Re:encryption? by Instine · 2012-07-07 06:48 · Score: 5, Insightful
  
  My wife passed this year. And in reality, its not this simple. The first issue here is that dealing with court orders is the last thing you want to be doing. Your head is a mess. A real big mess. The question here is a great one. How do you make it easy, is the point. What you suggest sounds easy. But in practice, I promise, it's not.
  
  And its not just legal documents you want access to. It's a friend's email address, or a recipe for her favourite cake. Even if you can get a court order to do this, would you?
  
  This is a digital problem with a complex human coating. I want to hear the solution to the question asked, as asked. I don't have the answer.
  
  --
  Because you can - or because you should?
2. Re:encryption? by girlintraining · 2012-07-07 07:42 · Score: 4, Interesting
  
  It's not supposed to be easy. If it were easy, there'd be a healthy criminal underground taking advantage of it. The legal system isn't designed to be easily co-opted; It takes time, showing up in person, and proving your identity... and that's just to get your foot in the door. You look at court orders and lawyers as a problem, but they aren't -- they're the solution.
  But go ahead and put your faith in technological solutions that require no human interaction and grant full access to everything you own, love, and are. I'm sure nothing bad will happen.
  
  --
  #fuckbeta #iamslashdot #dicemustdie
Mod parent up. by khasim · 2012-07-07 05:42 · Score: 5, Insightful

Any documents/passwords/items your family needs should be stored in a safety deposit box.
Let me expand that a bit.
If your family absolutely needs the information MAKE SURE IT IS IN A PHYSICAL FORMAT and stored in a secure location.
Electronic formats are not reliable enough for critical information. Particularly if your family members are not sufficiently tech savvy.
1. Re:Mod parent up. by RsG · 2012-07-07 06:03 · Score: 4, Informative
  
  Yep, most of the stuff (banks, 401(k), mortgage, insurance, etc) listed in the summary would be best suited to paper. And safety deposit boxes are the way to go.
  For the stuff like email and online banking, might I suggest setting up a main email account with a stable password that is as strong as you can make it? I.e. twenty characters, alphanumeric, no words in the dictionary?
  You don't need to use this account for your regular email, you just use it to reset your other passwords when needed. So you've got "yournameherebackupaccount@____.com" on every online form for password recovery, and the backup accounts password is written down someplace secure, and too strong to need resetting. Pretty sure you can even set up a "forgot my password" option for your regular email provider (I recall doing something like that with gmail in any case).
  Once you become metabolically challenged, your family just needs to access the one account, using the password saved in your deposit box, and reset the passwords on everything else for their own access. Since the password is saved in a deposit box, your bank becomes the gatekeeper for it, and they're pretty good at that job.
  
  --
  Erotic is when you use a feather. Exotic is when you use the whole chicken.
2. Re:Mod parent up. by Anonymous Coward · 2012-07-07 06:22 · Score: 4, Insightful
  
  All of these are important suggestions, but you need to make sure that the ownership paperwork on the safe deposit box includes your spouse or "personal representative." Otherwise they don't have direct access to it. They would have to either have a power of attorney that grants them access to it or get a court order allowing access to it, either in probate or a guardianship/conservatorship situation. Because people forget to allow such access but shove their will in there, it is not completely uncommon for a probate proceeding to be opened without the will being able to be provided, the safety deposit box probated, then once the contents of box are found to contain the will, the will is then entered into the probate and the rest of the property taken care of. As you can tell, that is a longer and more expensive proposition.
3. Re:Mod parent up. by Whip · 2012-07-07 09:13 · Score: 4, Informative
  
  The magic words you're looking for on accounts are "with rights of survivorship," which will give the named individuals direct access even after one dies. It's something you can just ask for on a joint account (if they don't give you the choice directly). I have my savings & investment accounts (and my deposit box) set up this way -- the last thing I want is for my partner to have no access to funds immediately after my passing.
Punched Cards by Anne+Thwacks · 2012-07-07 05:42 · Score: 3, Funny

Dump the whole lot to punched cards. No one will read punched cards unless they are desperate, but if they are desperate, the technology can be built from scratch.
If in Europe, you might prefer paper tape, but I doubt it.
PS Anyone got an open source program to print card images onto A4 paper? (readable by Lottery hardware)

--
Sent from my ASR33 using ASCII
Re:Wuala + Dropbox by Nightshade · 2012-07-07 05:44 · Score: 5, Insightful

um... no. cloud vendors can disappear without notice in which case you're out of luck. lastpass was hacked last year so that isn't the safest choice either. see http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud so this is a real problem. the fact that you;re thinking about this means you're planning which is like better than probably 80% of people out there. so what i would do is come up with something that works for you and have your spouse/next of kin actually try to follow the agreed procedure without you around and have them report back on problem areas. a lot of businesses have disaster recovery plans which they try to play out once or twice a year. trying it definitely finds some problem areas.
Re: Safe Deposit Boxes by AlienSexist · 2012-07-07 05:47 · Score: 3, Informative

It might be worth mentioning that Banks will provide access to your Safe Deposit Box to law enforcement in various circumstances. I'm confident you can dig up news articles of consumer complaints that police accessed private SDBs with little (if any) proper process or authority. I've also come to understand that banks are required to turn over SDBs to the state in the event that the account holder dies so that the contained property can be included Probate into the estate for valuation and taxation purposes. If your credentials are in there it widens the scope of what can be seized for probate or snooped upon.
Re:All of the above by Anonymous Coward · 2012-07-07 05:48 · Score: 3, Insightful

The "cloud" (both free or commercial) is very far to being a suitable solution for long term, secure store for private data. See the megaupload cease or even the stories of AWS outrage.
Anything network attached or even IT related is not suitable for what you are looking for. Probably the best solution is paper copies in a safe box with off site back up copies in safe-deposit box.
post its by yorgasor · 2012-07-07 05:50 · Score: 3, Funny

Easy, just write them on post-its and attach it to your monitor at work. It's the most secure location there is.

--
Looking for a computer support specialist for your small business? Check out
If RPGs have taught me anything... by dadioflex · 2012-07-07 05:57 · Score: 4, Funny

...it's that your valuable information should be transcribed onto a special medallion, which is then quartered with each quarter piece buried in a deadly dungeon in a far flung corner of the land. That's what passed for "Cloud" storage in my day. (yes yes I know.)
Envelope with your signature on the flap by Nutria · 2012-07-07 06:07 · Score: 3, Interesting
Allowing access only to your heirs, and only when you're dead is impossible unless you've got *lots* of money. After 9/11 and the destruction of Swiss banking secrecyt, it's probably impossible.
But you don't have that much money.
So, since as others have mentioned, law enforcement can get your stuff if they really, really want it, all you can reasonably hope for is to make your documents tamper obvious
Thus...
1. Print out accounts, passwords, etc.
2. Put them in a "safety lined" envelope, sealing it closed just like normal.
3. Write your signature across the edge of the flap.
4. Further seal it with packing tape.
So, if someone tries to steam open the envelope and then reseal it, you'll notice since they won't be able to exactly line up the two halves of the envelope and thus your signature will be misaligned.
(This is a variation on the old displaced strand of hair trick.)
--
"I don't know, therefore Aliens" Wafflebox1
Re:why care? by fustakrakich · 2012-07-07 06:12 · Score: 5, Funny

Hm, can you name for me all the famous nihilists who did something other than be raving, depressed nihilists?
Does it matter?

--
“He’s not deformed, he’s just drunk!”
Re:Wuala + Dropbox by Troed · 2012-07-07 06:12 · Score: 3, Informative

No, it wasn't hacked, and that won't change just because you keep repeating it. If you don't select a bad password on purpose (LastPass rates it) you have nothing to fear from brute force tools. Rainbow tables don't help with services that understand salting - and LastPass most definitely know their stuff as compared to a lot of other services.
No LastPass accounts were compromised from the incident that _maybe_ happened. I fail to understand why you seem to purposely want to misrepresent the facts. Your two links have not supported your statements, at all.
LastPass + Wuala is still the best, and most secure, way to solve the question asked.

--
it's in my head
Slashdot by cowboy76Spain · 2012-07-07 06:22 · Score: 3, Funny

My way is getting the info into an /. article.
After that, the editors will take care that it is periodically available again as if it was a new article.

--
Why can't /. have a rich-text editor? Editing your own HTML is so XXth century.
If you have substantial assets, you need a trust by durdur · 2012-07-08 01:53 · Score: 3, Insightful

A family trust can pass assets to your surviving spouse or other beneficiaries without having to go through probate. (it can provide some tax advantages, too). Put your bank account and other assets, including title to your house, in the name of the trust, and then the trust document controls what happens to them when you die.
Re:If you have substantial assets, you need a trus by KhabaLox · 2012-07-08 04:16 · Score: 3, Informative

I don't have mod points, so I'll just repeat for emphasis.
Set up a Family Trust and make sure all of your assets are in it. Besides avoiding the hassle of probate, you can gain some tax advantages potentially, and (this last part may not be unique to Trusts) easily lay out your wishes for who will take care of your minor children should you and your spouse die together.

--
Ceci n'est pas un sig.