Slashdot Mirror
Ask Slashdot: How To Bequeath Sensitive Information?
New submitter UrsaMajor987 (3604759) writes I recently retired after a long career in IT. I am not ready to kick the bucket quite yet, but having seen the difficulty created by people dying without a will and documenting what they have and where it is, I am busy doing just that. At the end of it all, I will have documentation on financial accounts, passwords, etc., which I will want to share with a few people who are pretty far away. I can always print a copy and have it delivered to them, but is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data. Does anyone have any suggestions? Is paper still the most secure way to go?
Find a young child to give all your memories to. Hopefully he doesn't run away after learning the horrible secrets of the IT world.
Put all of your files on a CD/DVD and mail it to them, with an explanation of what the files are. That way, the data's off-line until they need it and safe unless somebody breaks in who knows what to look for. And, if your friend's good at hiding things, it may still be safe. (As an example, put the disc in a DVD or Blu-ray case behind another one with a movie on it.)
Good, inexpensive web hosting
Write a parable, and share it orally.
There is this thing called encryption...
Even encrypted info isn't totally safe. From what I've been told, sensitive financial data like access codes, etc. should be stored somewhere disaster proof where your relatives know where to find it. You would think a safe deposit box might be the best way to go, but I've been advised not to do this. Apparently when the estate process begins, your associated safe deposit box access is frozen until the contents can be audited, before it's turned over to the executor. I guess this is a way to prevent people from stuffing $5M in cash in a bank vault somewhere.
A will naming a *competent* executor is apparently very important. You need to pick someone who can make tough financial decisions and carry out exactly what the will says if the rest of your family starts fighting over your money.
A paper record is good. So is a plaintext file well organized and placed on a USB flash drive. Both can be mailed and locked in a safety deposit box, which is about as secure as you can get. Both require physical access, which means any other encryption or security is more likely to confound your subjects than actually secure your data.
Is it just my observation, or are there way too many stupid people in the world?
Isn't that what lawyers are for?
Physics is like sex. Sure, it may give some practical results, but that's not why we do it
Hire a professional to write your will (and create a trust, if desired), and leave a copy with him and take a copy home. Leave a copy of the other information with your designated executor, as well as a copy at home (and maybe another copy in a bank safety deposit box, although it may be difficult for others to access after your death/incapacitation).
You can do your part to keep things secure. However, it is the recipient's responsibility to ensure that it is safe on their end.
Perhaps the one thing you can do is let your recipients know how important this stuff is to you, and likely for them. If the message comes across, they'll do their best to keep things secure.
I happen to be great at these things, so if you'd like, I'd be happy to tell your recipients!!
You could send them an encrypted file (#1) now with all the info you wish to share with them. Along with a password for a file that will arrive when you die. Then set up a service like deathswitch.com and have another encrypted file sent to them (#2). The password they already possess unlocks #2 and that contains the password(s) for #1.
you can do what my grandfather did
wrote up the entire list on paper form and electronic on a flash drive. He laced them in a safety deposit box and shared the key with his executor who in turn had a copy of his will.
When he did pass away it was a pretty smooth process getting all of the information needed to close accounts, collect on policies, etc. The only thing that had a hiccup was property in a state with different probate laws but that too worked itself out.
And...how are you going to handle updating information as you are forced to change your password for whatever reasons?
I don't have a good solution...I wish I did. There's no reason you can't change your email password today and die before you can document it (which if you're like most people might be a week later).
.. worked for me.
Ink may fade, paper may yellow, but should still be readable. Put it on a CD or USB drive, flip 1 bit, and you lose everything.
I want to delete my account but Slashdot doesn't allow it.
Put the passwords, etc on a piece of paper. Put that paper in a large envelope. Give that envelope to a firm that does document escrow (many law firms will do this) with instructions on who should be given a copy after your death. Let your friends and relatives know who has your escrowed docs. They provide proof of your death, and everyone gets a copy.
Why exactly are we reinventing the wheel here? This is old hat stuff. You don't need to trust anyone not to open their present early. Firms that do document escrow have better theft prevention techniques than anything you're likely to cobble together.
If you want to go super fancy, use USB keys encrypted with a pre-shared password instead of paper. Then you don't really have to trust the escrow folks.
Is paper still the most secure way to go?
Yes.
Specifically, paper, in a safe deposit box, and the key with a lawyer.
Won't all of your password information be obsolete after you change all of your passwords in 90 days?
I have tried to get my wife to use my Keepass database; she won't do it. She wants it all on a piece of paper. Most other people will too.
You can always read paper
Print account information, passwords, secret question/answers and seal in an envelope. Keep copy with will in fire safe. Send copy to relative
Use Acid-free paper and just print it out. If you want to be more clandestine and secure, then print out the information about the accounts and the credentials in two separate places. Like for instance:
Fed-ex the unlabeled passwords
USPS the un-passworded accounts list
The truth is, if you put it on a thumb drive, it might fail. If you put it on a CD it might fail (or 3 years from now, your grandma's iBookPro won't be able to read a CD).
As humans, we read paper documents that were created 100 years ago. It is a reliable data mechanism that is predictable and will out-live you for sure.
Plus it doesn't require that your executor be a cryptography nerd in order to make sure your wishes are followed.
Write down everything in paper, then lock it away in a fireproof box or a safety deposit box (or both).
I'm a fan of the phrase "we know how to secure a piece of paper". Not the sticky note taped to your desk that anyone can read and put back without your knowledge, but something really secure. You will know if your lock box has been stolen or broken in to; I would have no idea if someone broke into my e-mail or stole a file off of my computer or backup due to some weird exploit. If you want off-site safety, a deposit box is about as good as it gets with some assurance that no-one will go peeking. Let your close relatives and friends know where everything is so that when it is needed they can get to it, but they don't need access in the mean time if you have things you don't want them to know (or, you can give a copy of the key to someone if you want to... you have options, but you're still relatively safe in who accesses what).
I keep an encrypted online database of my passwords. Sort of. I use a 'modular' password. One word is different, the other is always the same. So in my will I have the same word (and it's l33t combinations) written down, along with the address of the database. So anyone dealing after my death will know ALL my codes. My wife of 30+ years also keeps a copy of it, and knows the super secret codes.
I started this after being in a coma, and my wife having to deal with my PDA bleeping about meetings to her until the battery died. Which made her cry even more.
Once it hits the other side..
---- Booth was a patriot ----
Even though the "ask a lawyer, not Slashdot" answer gets trotted out all the time, I think it's appropriate here. Lawyers do this sort of thing for a living. Probably cheaper in the long run to ask one.
I am not a crackpot.
Put it in secure notes. Give them all the login/password.
If they test it regularly, then have a locally cached copy if Lastpass goes belly up, which can be opened with Lastpass Pocket or whatever it's called now.
You still control it, yet it is remote and will be properly searched when you die. You can put a usb key in or some paper documents with the relevant information.
How long do you expect this to last before it's needed? DVDs and USB drives are common, but I see DVDs heading out at this point. Paper has the advantage that in 40 years it'll still be readable. Of course if your passwords change you'll have to update this information anyway. Assuming you update passwords occasionally because of a) good practice or b) some company gets hacked, I'd send it electronically and encrypted, so the person needs to actually enter a password to get to the data. Unless the recipient gets a keylogger installed, you should be safe. A text file encrypted with pgp is good for the knowledgeable recipient. For someone less savvy, I'd send them an encrypted tiddlywiki. Obviously give them the password over the phone, in person, or via snail mail.
Sometimes the truth is arrived at by adding all the little lies together and deducting them from all that is known.
All of my financial info is with Quicken on my PC. Everything else related to teh intertube world is recorded on a textfile on my PC with the passwords being represented as a cypher. The cypher is a one or two word comment relating to the password phrase I use (which I, in turn, munge to be first letter of each word or some other pattern, yadda) I've got the username/password cypherlist stored on my smartphone as well (Because I can't keep up anymore) and the cypher key is kept only as a hardcopy along with a hard copy of the textfile stored in a fireproof lockbox in my home. (The textfile points out the key is in the lockbox too).
I should probably just put the cypher key list in a separate lockbox (without any other username/account info) and geocache it to make it more fun for my heirs...
Yet you ask if there is any way to share this electronically? If I didn't know better this smells like yet another made-up headline filler by Timothy without much thought put into it.
I know you spent a lot of time on it and have a lot of great memories but nobody wants your porn stash.
Invest in a durable, compact laptop preloaded with Linux and only the necessary software to view the data. This should be fairly cheap because you won't need a WiFi card or ethernet port, nor a high-end graphics card. The bulk of the cost should be spent on a reliable hard drive. Once you have everything documented, encrypt the drive and stick it in a safe-deposit box next to your will. This way the data never has to be transported anywhere.
Pick a nice, long, secure passphrase. Use it to secure a GPG keypair. Back up this keypair in multiple locations, and with multiple people who know "This is the key that encrypts all of my digital stuff. My family will need it when I die.".
Use that keypair to encrypt all of your important passwords and data. Back up the encrypted files in multiple locations. Make sure your family knows where these locations are, and why thy and the files they contain are important.
Download a copy of http://passguardian.com/ . Load the saved copy (preferably in an offline PC) in a browser, and use it to convert your passphrase into several N of M parts. ie: Create 10 parts, and require at least 6 to reconstruct the passphrase.
Use something like http://goqr.me/ (or any other generator) to create QR codes for the 10 secret shares. Laser print the text share, QR code and some instructions onto a business card sized piece of paper, and have them laminated.
You now have 10 waterproof, hard to damage cards, any 6 of which will unlock your digital data. Distribute them to trusted parties and locations with instructions to use the shares once they hear and confirm your death. These parties don't have to be literate enough to merge and decrypt the data themselves, they just need to know that it is possible with their share. On your death, they will arrange to bring the shares and data together, and even if they have to hire a nerd to help them, they will unlock what they need.
... then roll it up, stick it in a tiny airtight canister and cram it faaar up your ass.
You state that you have a long career in IT, and at the same time you ask how to electronically hand over information generated within IT. Among those things, you even claim that you have passwords, meaning that they have been stored insecurly. This has "IT Janitor" written all over it, or possibly a concocted story.
Archive and encrypt using a symmetric algorithm and a suitable passphrase. Take the passphrase and run it through a threshold system, also known as information dispersal algorithm, secret sharing, whatever. With this you can split the passphrase into five shares that require any three to reconstruct it. Then give the archive and a share of the passphrase to five trusted folks (friends, relatives, lawyers, whatever) with instructions not to give out the share until you are dead. Presto, as long as you trust three of the five folks to keep their shares a secret nobody can get your stuff.
Encrypt the file with a secure password or key, maybe using AESCrypt. Email the encrypted file to the relevant parties. Put the password to the file in your will (keep it under appropriate trusted guard, to be released only on your death). As long as the will and the encrypted file are kept apart until after your death, the file will remain secure until then. You can also modify the encrypted file as things change, encrypt with the same password, and resend the file.
There's still the possibility that their computer is compromised after you die and they decrypt the file. They could reduce this risk by opening it only on a known-secure system (e.g. an Ubuntu LiveCD boot), if it really matters. In any case, this greatly reduces the security exposure by not have this file sitting around for years for anyone to read.
do {print "Mini-Geek Rules!\n";}
until ($TheEndOfTheWorld);
In this way only the people for which you have signed the "document", for instance a archived/compressed file, can un-encrypted it using their private keys; it could not be simpler. Mind you however no matter how secure is the transmission of this data and its subsequent un-encryption it does not guarantee the parties you'll share your data with will not leave the un-encrypted document(s) in a non-secure system but i guess that is not what you have asked.
Forget doing it digital. Your beneficiaries may have no idea how to decrypt something, or how to access whatever's become of some dead man's switch. Really, if I got hit by a bus tomorrow, even if I had things stored in quadruplicate across various flash drives, I'm not so confident anyone would know what to do with them.
Type the important stuff up, and seal it in an envelope (or several, if you're dividing things up amongst likely heirs). Present those things to an attorney and have him draw up a will. The attorney will retain those envelopes and ensure that things are done properly once you're gone. If your very important passwords change, revise the documents and stop by the lawyer's office with new copies in new envelopes. They might not even charge you anything for that.
I know we generally hate lawyers here, but this is one really worthy function that many of them can perform, and the courts know full well how to deal with written and physically signed documents. In the event that you outlive your lawyer, his or her office will retain custody of your will and your envelopes, or you can find a different lawyer.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
After being in IT for a "long career" you can't figure out how to encrypt a file and email it to people or better yet use a shared cloud storage that you can put your heavy encrypted file on that you can easily update at your own whim and they all get that copy instantly.
If you do not want them to have the decryption key, put that tidbit in your will to be handed out at the reading.
Where did you work in IT, Best Buy?
Take pictures of all the documents and send them via snapchat. Isn't this the kind of application it was made for (restrictred permission viewing)? It's, like, toooootally secure.
Many of the 'knowledge share' sessions ive taken part in have requested my notes and musings on the technologies ive handled. Cryptography is the most logical means of securing this data as we all know, but the method by which one achieves this should be carefully followed.
1. Choose a cypher whos strength is measured in the number of heat deaths of a cruel gods distant universe. Many will suggest a 256 bit cypher, but dont let that stop you from pursuing the correct size, a 256 megabyte cypher.
2. passwords for archives and files should be sized accordingly as the md5 sum of the number of office parking spaces multiplied by the number of empty toilet paper rolls in the nearest bathroom to the largest conference room. the password must only contain characters whos hexadecimal value falls between the number of chairs warmed by the morning sun in the main lobby, and the number of lights in the break room that flicker when first turned on.
3. You can never be too careful with USB drives. potting has long been a method of deterrence for unauthorized reverse engineering, but many dont know that a far more economical means of securing your USB data is to plunge it into an identical reproduction of a fifteenth century hessian crucible on the first blood moon of Rajab, the holy month of Allah.
4. your paper trail should be auditable, and the business should know to whom you've shared information in order to determine future knowledge owners and process managers of your data. a CMS like system (similar to sharepoint) can easily be constructed by liberally dredging your paper documents and binders in a mixture of polychlorinated dibenzodioxins and low-yield fissile byproducts. the checked out or viewed copies will then be easy to track using simple FEMA disaster response processes.
and congratulations on your retirement! give yourself a pat on the back because you deserve it. I hope my tips help you achieve a smooth and manageable transition.
Regards,
BOFH
Good people go to bed earlier.
So, what I would do is pick a few passphrases that are long and cryptographically secure. Print these out and store them in a safety deposit box, bequeathing said box to whomever you want to give this information to.
From there, the linux command-line utility gpg will work nicely.
gpg -c filename
Will prompt for a passphrase twice (use one on your sheet), and output "filename.gpg" leaving filename still in tact.
From there, you can do whatever you want with the encrypted file--store it on a USB and put it in the safety deposit, email it, whatever. No one will be able to do anything with it until they have the passphrase.
The other way I'd do that, which is more of the day-to-day stuff, is create two bitmessage accounts and just send it via that.
PGP encrypted email is also a good way to go, so long as the recipient has their private key properly protected.
why not send them just the private key for something that you keep in your possession? it sounds backwards, but you can change the contents anytime, and they can't access it until the file is taken from your cold, dead hands.
also, make sure no one steals the file. ; )
Unbelievable, and when you click "goto classic" you go to the homepage instead of the story link you clicked.
Dice has a total disrespect to their users, fire everyone who is in charge of this mess.
You will die exactly once (barring a zombie apocalypse, in the event of which I am going to disavow any credit for this post) so why reinvent the wheel if it's only going to get one turn anyway? Hire a reputable family lawyer, set up a will detailing your important documents (and whatever else you are giving away), name an executor, choose a safe place (in meatspace) for the documents to live in the meantime, and then enjoy your retirement.
You have no control of what happens once the data leaves your control - whether the data is held and transmitted electronically or held and transmitted physically.
That being said, though IANAL*, it seems that it's your executor who needs the data rather than people "pretty far away".
* And really, when it comes to drawing up a will, there should be one involved. It'll save everyone involved a whole ton grief in the long run if you set things up right in the first place.
Dearest Sir:
My name is William Saweto and I represent the First Security Bank of Nigeria. My employer and I would be honored to handle your business. We guarantee secure handling of private data in our protected cloud environment. I would be honored to discuss this matter further with you. Please feel free to contact me at any time at nota419@gmail.com.
Yours truly,
William Saweto, MBA, MSc, PhDBanking, KoC Fellow
I carry my financial information and rarely used passwords on a file on a USB flash drive. I then use Winzip to encrypt it.
You had a career in IT, not international espionage. You're also not a billionaire. Get over yourself and talk to a probate attorney.
1: Talk to a notary.
2: Digital methods can and will fail. Either on your end or because the recipient doesn't know how to use them properly.
Talk to a notary. These people have been handing over sensitive information about bank accounts, secret swiss safe deposit boxes and other stuff from one generation to the next for centuries, and you have a human who can work around any failures.
Sure, you can find 10 possible digital solutions on the pages of Applied Cryptography, but... goto 2
throw new Exception("you failed to follow the goto");
Assorted stuff I do sometimes: Lemuria.org
One of our clients does exactly this.
https://www.fidsafe.com/
I've never understood why blueray didn't fix this. Blueray has plenty of space now. Screw higher definition, I want
a disk that I can scratch 12 times with a razor blade and still get my data off. My guess is the only reason they
haven't done this is because they want the disk to only last a half dozen times before starting to degrade so you
have to buy the movie again.
Have we not learned anything from Sid Meier? Bury it on a deserted Caribbean island, draw a crude map with a red 'x' marking the approximate spot where your treasure is buried, then go to some bar on some other island and get really drunk and leave the map there with the bartender. Yarr..petarrr!!
You need a *legal* solution. This is something you should be talking to a layer about, and not /.
No one expects the Spanish Inquisition!
The proper way to do this is to hire a law firm to handle your estate and they hold the intellectual property until your passing at which time they seek out and deliver the goods. You can create a rather long list of succession this way, and ensure that no matter who else passes your data is relatively secure. (Imagine a scenario where you transferred the information on to someone, who then passed away and the information was handed to his/her next of kin before your passing, someone who may not know you or have the same intentions)
No need to reinvent the wheel. Spend a small amount of money and consult a competent lawyer.
They do this for a living and unlike you (and everybody else who isn't an actual legal professional) they understand the ins and outs of the law. This can matter a hell of a lot when dealing with stuff like wills and estates.
If you "memories" have ever traversed a public network. Your tax dollars at work.
Solve the problem of motivating someone to do your will after you're dead.
but is there any way to share this sort of information electronically
Write it by hand.
Photocopy it on an analog copier, or if you can't find one, use carbon paper.
Send it by post.
Safer than any encrypted email.
A pox on web designers who feel that window.innerWidth == screen.availWidth
I jsut picked up a HP 7", 16 GB jelly bean android tablet WITH 4G radio and SIM for $120. Intel NUCS are $200 with RAM and the OS on flash. Raspberry PI, BeagleBones, Intel Gallileo, Arduinos equipped with SD slots. Put your data on discrete hardware, and have at it.
Good-bye
The MOST important part is documenting where your assets are, and account numbers. After you die, your assets go into probate, and aren't just simply accessible via logging into your bank. So the username and password isn't really as important as you think it is.
Seriously, talk with a lawyer who's familiar with inheiritance in your state. Obviously documenting where all your assets are is very important, but don't just assume your loved ones are going to login to your account and transfer money out of it a few weeks after you're dead. That stuff gets locked into probate as soon as the financial institutions hear you're dead (with a few exclusions of course).
AccountKiller
No one has property rights in information ... and that means information cannot be "bequeathed"!
It can be TRANSFERRED upon your DEATH. Put it in the hands of someone you trust, who will see the foot-shaped dent in your bucket.
I registered deathapi.com a while ago, after an acquaintance passed away, for this reason specifically. At the time, I had imagined a system that you OAuth against w/ all of your relevant accounts w/ full admin access, and specify a recipient of those keys after some pre-determined length of inactivity (a year, say). The idea still has a lot of relevancy in my mind, but it's so morbid to think about.
Print it out in plaintext on paper and put it in a bank safety deposit box. The executor of your estate will get access to the box after you die, and the executor is the one that will need that information.
Very few people are capable of running encryption software successfully, so if you use that you are reasonably assured that your passwords will be lost after you die.
A more challenging problem than many posters think.
Sometimes, an old person passes away alone. Their only surviving relatives (and friends) may be elderly, with no computer experience. The lawyer who drafted the will may be out of the loop, and the executor of the will may not get informed of the death. The probate court likely doesn't care,
I worked with a forensic accountant, hired by the executor, to clean up the estate of a fairly wealthy widow. She had died with a will which hadn't been updated in 30 years. It was necessary to search out distant relatives, two of which knew nothing about the her (these people are called "Laughing Heirs")
Her financial paperwork was quite undocumented - she kept records in a shoeboxes, and only one shoebox was found after her death - the others apparently were discarded or lost in the shuffle. The main way that we figured out her net worth was to wait for annual statements & tax papers to arrive in the mail. Closing her estate took over a year.
If her accounts had been online and tax forms filed online, we would never have seen this, and those accounts wouldn't have been caught and distributed.
Throughout this, we were meticulously honest, and determined to get everything. This took far more effort than I expected. There were places where a dishonest person could have ripped off her estate, and plenty of opportunities to take shortcuts which would have lost money for the estate.
Lessons that I learned:
1) Secret passwords and encryption are a total blocker to a computer-incompetent. Lawyers, judges, and probate clerks are computer incompetents. An elderly accountant won't know how to use a linux shell account, even if given a password.
So: Absolutely draw up a will. Make sure that it includes a listing of all your bank accounts, stocks, etc. Be sure to list all your relatives & friends, and include their addresses, phone numbers, emails, and facebook pointers. And yes, include your own email account and password.
2) Your information seems really valuable to you. But when you die, the only things that probate court will consider is
- living relatives
- obvious financial assets
- real estate
Things like online information, login passwords, bitcoin purses, and intellectual property, will be ignored unless you explicitly call 'em out in your will, and indicate that these things have real value.
Don't assume that an intelligent, computer savvy person will be available.
Rather, assume that a busy, harried, computer illiterate friend-of-a-lawyer will spend less than an hour pawing through whatever records can be found in your top desk drawer.
In short, write your will the same way you write your source code, with detailed, easy to follow instructions.
Hi UrsaMajor987, I just read your post and wanted to let you know that we have setup a service that's tailored to your question, Our service is called Afternote. Like you we had this same issue of not having a way to save wishes and important information. You can start a free account on www.afternote.com. If you have any questions or good feedback you can always contact me. Kind regards Arnaud
First of all, I assume you are serious and not trolling (as some others who replied have asserted).
My son died in April of 2013. He lived with cancer for four years and then took four months to die. During that time, he ignored my pleas to create an estate plan with an attorney. I am still trying to unravel his estate. Divorced and without a will, his son (my grandson) is his sole heir. My grandson is 6 years old. After my son died, it was too late to create a trust for my grandson. Instead, I had to go to court (several hundreds of dollars in court fees, legal fees, and even appraisal fees) to be appointed the guardian of my grandson's inherited estate. (His mother is the guardian of his person.) I will then have to return to court every two years to report on the status of the guardianship. In the meantime, NO ONE had authority to pay my son's final bills. It took seven months after my son died before I had legal authority to collect his credit union accounts, IRA, Roth IRA, and multiple 401(k) accounts, by which time several bills had already been sent to collection. All the legitimate bills have now been paid, and all known assets have been collected (the last, just a week ago). In July, I will transfer the balance of my son's estate into my grandson's guardianship. That will not end the hassle as I will have to report the status to the court for the next 12 years.
I am thus on a campaign that every adult needs an estate plan. Even if you have no heirs, even if your estate is small, you need to provide binding instructions on how to handle your assets after you die.
Before my son started actually dying of cancer, my wife and I started a complete overhaul of our own estate plans. With the exception of our IRAs and Roth IRAs, all our assets are in trusts. We each are the other's beneficiary of the IRAs and Roth IRAs, with the trusts the contingent beneficiary. The trusts require two trustees, currently my wife and me. If one of us dies or becomes incapacitated, the replacement trustee is already identified in the trusts. When we are both dead, the replacement trustee must appoint another trustee to have two. CONTINUITY IS VERY IMPORTANT. Our credit unions, bank, and mutual fund group all have copies of the relevant portion of the trust documents to ensure they accept this continuity.
Now for the original question: In California, where my wife and I live, a bank safe deposit box is NOT sealed if one of us dies. The box remains available to the other persons who are listed at the bank -- with their signatures -- as having access to it, which includes our daughter and will eventually include our replacement trustee. The complete original documents for our estate plan are in the safe deposit box. Right now, I can see a ring binder with a copy. The replacement trustee has a copy. A list of all our accounts is in the safe deposit box. An inventory of our mutual funds (IRAs and Roth IRAs) is in the safe deposit box.
In a sealed envelope in the safe deposit box are a floppy disc, a compact disc, and a printout of my OpenPGP public and private keys and my OpenPGP passphrase (the latter otherwise exists only in my brain). (I chose three media since I have no way to predict what formats might become obsolete before I die.) That envelope also contains a list of all my important Internet passwords, which are encrypted on my PC.
I have an unencrypted list on my PC titled "Where Is It?" that describes where everything should be found: checkbooks, bank statements, insurance policies, durable powers of attorney for health care, mutual fund statements, deed to our house, etc. When I update this list, I E-mail a copy to our daughter; another copy is in the ring binder with our estate plan. Also in the ring binder is the paperwork for our purchase of burial plots.
Not so hard. Put all your passwords, sensitive account details etc. in a text file, gpg it with a good long complex password, burn the data to a CD, write the good long complex password in your safe or bank vault or whatever.
http://www.moserware.com/2011/11/life-death-and-splitting-secrets.html
My stuff is on a CD in the bookcase.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
FTA, "At the end of it all, I will have documentation on financial accounts, password, etc."
It sounds like you are documenting sensitive company or client information. As such it is beyond the scope of you as an individual to place any of this information in a private store. You need some sort of formal business procedure for this. One place I worked THE COMPANY had safety deposit boxes. At another we would put emergency back up passwords in an envelope and give them to the administrative assistant who would keep them under lock and key in case I and/or others were killed e.g. on vacation. The company owners and managers knew about it and it was part of our policy.
If you are removing sensitive information from a company network and storing it somewhere in you personal control, you are looking for trouble. If there is a breach you could be personally liable either civilly or criminally. Do I what I did and make sure that there is a documented policy and attendant procedures, and follow them.
putting the 'B' in LGBTQ+
There's a file on my computer called "for my daughter". It's got everything she needs to know. Also backed up on a CD in the bookcase.
Besides the required stuff, I used the opportunity to also wax long and poetic about my life and how her life changed mine, and wrote about all the interesting things about her childhood that I could remember. Included words of (hopefully) wisdom. I don't remember where I got the idea from, but since I was writing everything else down, decided to include that as well, so her last memories of me wouldn't be dry facts and figures.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Why on earth would you want to tell anybody the passwords for your financial stuff? Just to save them some bad traffic?
If you die and they access it after the fact, they'll go to jail.
They'll just have to go to the normal system, walking to the bank with a court order respecting your will from your lawyer or whatever else to prove that they inherited your money legally.
Unless it's just to change your social networking status to 'deceased' they won't need any of those.
Now if you had a 1 -3 figure slashdot account, that would be another thing, they could sell that for 20 bucks to a newbie.
If you have illegal funds hidden from the IRS stashed in the Caimans or Switzerland, it's just gone.
Bury your stuff in the backyard, like normal people.
Use Keepass and convey the master key verbally or some other medium, it's designed for this sort of thing...
http://keepass.info/
"As flies to the wanton boys are we to the gods; they kill us for sport." - William Shakespeare, King Lear
I can always print a copy and have it delivered to them, but is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data.
Put an envelope and its contents in a UL rated fire safe and it will most likely survive any household disaster you could name. The diaries, account books, and letters of family members active in the early nineteenth century remain perfectly legible after close on to 200 years.
The paper copy that is notarized and filed away at the bank includes the reference "Refer to folder X in file drawer Y of my home office file for a current list of online file names, site names and logins." I can easily keep this list current without having to keep re-issuing the official will.
The problem; trust. Say you had a number of deposit boxes with valuable contents. Do you give someone copies of all your keys, as you intend for them to get the contents later - and trust them not to open any of it until the time comes. Do you invent some clever scheme that they will find the keys when they go through your stuff when the time comes - though the thing is they may never find it, and noone will ever know. Or do you buy some service from ShadyCo Care Services to keep copies of your keys, with a promise they will be delivered to the right people when the time comes.
The problem is trust. Ultimately with these examples, you either trust one particular person more than you would normally want to do (it is nice to have close family and friends, but we do not necessarily give them all the passcodes to access our bank accounts and do stuff in our name), trust some entity which ultimately cannot be trusted (e.g. corporation), or bet on some chain of events to unfold as planned.
Within the area of cryptography, there is a concept called "secret sharing", that instead of one password (or "master secret"), a number of secrets are produced which when combined in various pre-defined ways, will create the master secret. You encrypt a file with the secret information you want to pass on, using very strong encryption and a very strong password - and then create a number of secrets from the master password. E.g. if you have 2 siblings and 3 children, you could split up the key such that any one sibling together with two of the children, would be able to reconstruct the master password.
So what is the nice thing about this type of scheme? It means you do not need to trust people as much. In order to "screw you over" by going against your instructions, with the above example three of the people you think are closest to you would have to collaborate - which is a lot less likely to happen than if one single person held all the power.
There are some practical issues - each person would have to get a secret to be protected, preferably in some way which cannot be hacked - and a piece of software that they will be able to use to reconstruct the secret - something portable which will run on anything and which can also be operated by computer illiterates. I would not expect anyone has written software specifically for this, though it would have been quite easy, as the concept of secret sharing is pretty straightforward, e.g. the secret lies along a n-th degree polynomial with known x-value e.g. x=0, and each person gets coordinates for a different point along the graph. Any n points are sufficient to resolve the coefficients of the polynomial f(x), and thus determine f(0).
Its not just death that is the problem. My ex-wife is in a coma, not dead. Helping the kids access her data involved an EC2 cloud of GPUs. Please people, leave your password around so your loved-ones can obtain it even without a death certificate or will, because there are some situations that are even more complicated than simple old death.
Your safety deposit box schemes all mostly fail on this point alone.
--M
# grep slashdot access.log | grep html | sort | uniq | wc -l 2604
How do you know a conversation is private? You know who you are talking to and you know others cannot eavesdrop. Phil Zimmerman, a foremost expert on email security, says: Email that uses standard Internet protocols cannot have the same security guarantees that real-time communication has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it . . . cannot be secure. The reason...email was never designed for confidential communications. Most email providers only encrypt your digital information while it is in transit (and this encryption is fairly easy to defeat). The problem is that your data spends most of its life in storage completely unprotected. If your email service providers have access to your password, they can view and share your information as they fit. Even most secure email providers only encrypt your messages some of the time, and can read your emails and attachments. There is no expectation of privacy when using public email systems such as Gmail, and likely never will be. Their livelihood depends on being able to read your email. Email also allows anonymous users and is routed through multiple servers across multiple domains, making it impossible to know if and by whom email is intercepted, or even who is on the other end of the line. I work for a company called Absio that has developed a new digital communications protocol that enables the first truly confidential alternative to email for messages and files that need to remain confidential. Unlike Ãoesecureà email providers, Absio does not have centralized access to passwords, keys or metadata related to your email. Each message and attached file is individually encrypted with its own key on your device before they are sent over an encrypted Internet connection to the Absio servers. Absio does not have access to your encryption keys, and does not have an alternate decryption key. This means Absio does not have the ability to decrypt messages or attachments, not even a subject line. Absio cannot see or share decrypted information, because Absio never has it. Our first application is called Absio Dispatch. When using Absio Dispatch, messages and attachments are automatically stored in encrypted form on your personal devices. Absio Dispatch transmits your encrypted data through an encrypted connection, and encrypts all metadata except for the Absio ID (like an email address) to whom the message is going. There is no spam, because your Absio Dispatch application can only receive messages from the list of trusted contacts you designate. The only people you need to trust with your data are you and the trusted contacts who receive your messages. We strongly believe that digital information is private property and carries all the rights and obligations that are associated with other forms of property, and all individuals deserve for their personal information to remain private.
Maybe this would work for you. I am using them.
Encrypt it as suggested by others here.
But also store it in an ironkey which will self destruct when someone enters the wrong password a few times...
www.ironkey.com
Ask them to open it only from the ironkey and not to copy it locally.
This is what I have done: 1) create a document with all sensitive information (passwords, account numbers, etc.) 2) encrypt it with the keys of two tech-savvy friends 3) e-mail the file to two non-tech-savvy friends with instructions to send it to the people in step 2 upon my death I'm not sure what you would do if you don't have enough friends (grin) but this seems to be a pretty simple and robust solution for my needs.
This honestly seems over complicated. Why should anyone have this information before you die, especially financial information? The simple thing to do is put a hard copy (sealed, of course) of the information in a safety deposit box with a copy of your will. As long as your executor knows about the box, they can access it after you die and distribute the information per your instructions.
Copying from the source: https://www.longaccess.com/
"""
Longaccess is your safe deposit box in the cloud: A place where you can safely store your files in a way they will be accessible by you, your lawyer or your kids. For decades.
"""
I encountered an issue where our 'boss' thought it was important to know the root passwords. But my team came up with a compromise.
Shamir's Secret Sharing Scheme
Allowing us to provide the passwords to multiple non-tech members of the company, without risking the loose of the actual root passwords.
At least three staff members need to combine their parts to reconstruct the ACTUAL passwords.
Distribute the information to multiple parties, including your Lawyer. The information is 'safe' until a predefined number of parties work to reconstruct the passwords.
Please realize that this is not a maintenance-free situation. You must put some thought and effort into this.
Depending on the IT information you have collected, you may wish to put the information in escrow â" held by a third party â" with legal guidance on when to turn the information over to the other party(ies). Think hard about that last part; depending on what you still have access to, you (and therefore your estate) may be legally liable should a âoefourthâ party gain access to the system / information / capability through an (un)documented back door or triggering an (un)documented logic/time bomb. May your god(s) help you and your family if you trigger a religious, cult or political organization.
Here is one solution that has worked (so far):
0) Think about how long your timeline is, to where the file(s) must be recovered.
a) Will the hardware be available?
b) Will the software work on that/then/there hardware?
c) How might you ensure that to be the case, assuming it is now a hostile world to that hardware / software.
d) I have held in my hands, and read, the letters from my distant ancestors in the 1800s. It was graphite pencil on paper. Can you do that with your stuff today? (Acid free paper â" they did that then. Archival grade, now.)
(N.B.: I am in a happy, long-term relationship with an I-Love-You spouse, both between people and legally. We intend to carry this until Death do us part. This will not apply in all circumstances. Where it does not, you must take additional precautions. If you do not trust them, you must set up an independent executive and legal structure. Seriously consider pre-nuptial agreements, depending on your age(s), finances, relationship(s) and circumstances. I was young, naÃve, and lucky. Most other people don't seem to be so lucky.)
1) Record all your online / offline digital identities, websites or files, logins and passwords in a plain text file (*.txt) using your favorite ASCII text editor. Encrypt that file with an ID / password that is very different from (orthogonal to) any other account or location you use. Capture a copy of the encryption software on other long-term media (flash, hard drive, optical, etc.)
2) Record the access data for that file, either on paper or in human memory, shared with whoever you trust with your life data (hereafter: trusted agent).
3) Store that access data physically, in plaintext, in places that are geographically separated. That might be in a lawyer's office; a safe deposit box; with your executor; with your (trusted) spouse / friend / family member / lawyer / agent.
a) Change access (ID/password/crypto key) regularly â" annually, for this exercise. More frequently, depending on your circumstance or degree of tin-foil-hat paranoia.
4) Once per year, print that whole access file to paper, seal in an envelope (or double-sealed envelope) and store in various physical locations (safe deposit box; lawyer; executor; spouse; other trusted agent).
a) And, review your estate plan, documents, powers of attorney, etc. Update them all. You DO have those critical documents, don't you? Distribute them all as a package to the same locations, particularly to the people that must act on them. Copies on you or quickly locatable; originals in correct locations to ensure copies can be verified.
5) Once a year, test that you can recover from those backups. Coach whoever is your trusted agent in âoehow toâ or leave them keystroke-by-keystroke instructions plus a copy of whatever software is required to access those file(s) and format(s).
a) Repeat at every big change: moving across country; change in relationships, etc.
6) Lather, rinse, repeat.
7) Every several years, upgrade the media used to store the information, to ens
Shamir Secret Cipher.
Create a dossier of everything necessary to pass on. ....
Encrypt it.
Split the passprase into M chunks in which N are needed to recover the passphrase.
Send individual chunks to your attorney, lawyer, Deposit box, lawyer, SO etc. with a copy of the encrypted dossier and how to recombine them and decrypt.
Engrave one on a ring (titanium?) to be passed on as part of your effects.
Inherit?!
I flew to see my co-global-head-of-everything-awesome and hypnotised her with all of the data she requires to keep our empire growing in the even of my death. My obituary will contain trigger words to activate the programming.
"Let's organize this thing and take all the fun out of it."
Store all the things in google and google drive, then configure googles inactive account manager to give access to your next of kin, etc, once you not longer are logging in.
In the last several years, things have happened. Someone very close to me died with no notice. Quite literally, I saw him alive and normal at home. I went outside. A few minutes later I went back inside and he was dead. Natural causes.
I went in for spine surgery a few weeks ago. I could have walked away from it, or have been rolled away to the cemetery.
I always make sure someone knows how to do what I do. That person usually knows where everything is. They don't necessarily have all my passwords, but they know where the "key" is, which guides them to the vaults (one logical, one physical). I double checked the key, and the instructions for the vaults before surgery, and reminded them where the "key" is hidden. My "key" has another more colorful name, so I'm not even giving away secrets here. :) Your "key" could be something like an envelope marked "1997 expense reimbursements", with just a piece of paper containing a few important passwords and instructions for the rest.
It doesn't have to be a life changing (or ending) event, or even an employment terminating event. It could be something as dumb as you're stuck in a remote airport during a blizzard, with no data service, and something major happened. Sure, everything *could* wait a week for the storm to pass. Or you could say "Call X. Tell them to go get the key. They will understand and can take care of everything." The instruction to "Call X" is kind of redundant, as the primary people should already know who the "oh shit" person is to contact. It's just reaffirming, "I'm stuck, and can't do anything from here."
Just be very sure you can trust the people holding your secrets.
Serious? Seriousness is well above my pay grade.
There are some online services that will keep (for a cost) some digital files for you and give them to the next of kin (see as an example https://www.netarius.com/, Google is your friend).
If you don't trust this, just call a relative and tell them the information over the phone. After your death they can retrieve the information from NSA via a FOIA.
The laws of each State are different. This is true in other countries. I suggest you consult a local attorney at law in your jurisdiction, with a knowledge of Intellectual Property law. I suspect you MAY be looking for a "durable" power of attorney. (That means the power of attorney survives your death.) The power would instruct the person you chose "At the time of my death, please do X, Y and Z." Then the power dies, and is of no further effect. If there are huge financial implications, you might consider having the holder of the power post a bond to insure full performance. But please, get a professional to help with this. I don't try and fix my computer, because.... well.... I'm clueless. As far as I'm concerned it's all magic and that's the end of it. It took me three tries to get this posted, how's that for clueless? Just my humble opinion.
I'm surprised only one other person pointed out almost none of that info is needed. Banks, courts, insurance, attorneys, brokers, all of them have procedures which negate passwords/PINS/all that info the executor of the estate typically doesn't know.
What you do want is to get way more copies of the death certificate than you imagine you'll ever need. The death certificate and the institution's forms will gain you legal access to everything. Accessing them improperly could lead to trouble.
(A list with passwords should be outdated in a matter of weeks when passwords are changed anyway, account numbers when accounts are closed/moved, etc. It's just quicker/easier to use the institutions process and doesn't ruffle any feathers.)
Snapchat is not totally secure (http://www.cnn.com/2014/01/01/tech/social-media/snapchat-hack/). There are other tools available where the service provider does not store passwords or keys, and therefore, cannot be the source of a breach (Absio, Wickr, etc.).