Slashdot Mirror
Ask Slashdot: How To Bequeath Sensitive Information?
New submitter UrsaMajor987 (3604759) writes I recently retired after a long career in IT. I am not ready to kick the bucket quite yet, but having seen the difficulty created by people dying without a will and documenting what they have and where it is, I am busy doing just that. At the end of it all, I will have documentation on financial accounts, passwords, etc., which I will want to share with a few people who are pretty far away. I can always print a copy and have it delivered to them, but is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data. Does anyone have any suggestions? Is paper still the most secure way to go?
Find a young child to give all your memories to. Hopefully he doesn't run away after learning the horrible secrets of the IT world.
Put all of your files on a CD/DVD and mail it to them, with an explanation of what the files are. That way, the data's off-line until they need it and safe unless somebody breaks in who knows what to look for. And, if your friend's good at hiding things, it may still be safe. (As an example, put the disc in a DVD or Blu-ray case behind another one with a movie on it.)
Good, inexpensive web hosting
Write a parable, and share it orally.
A paper record is good. So is a plaintext file well organized and placed on a USB flash drive. Both can be mailed and locked in a safety deposit box, which is about as secure as you can get. Both require physical access, which means any other encryption or security is more likely to confound your subjects than actually secure your data.
Is it just my observation, or are there way too many stupid people in the world?
Isn't that what lawyers are for?
Physics is like sex. Sure, it may give some practical results, but that's not why we do it
You could send them an encrypted file (#1) now with all the info you wish to share with them. Along with a password for a file that will arrive when you die. Then set up a service like deathswitch.com and have another encrypted file sent to them (#2). The password they already possess unlocks #2 and that contains the password(s) for #1.
you can do what my grandfather did
wrote up the entire list on paper form and electronic on a flash drive. He laced them in a safety deposit box and shared the key with his executor who in turn had a copy of his will.
When he did pass away it was a pretty smooth process getting all of the information needed to close accounts, collect on policies, etc. The only thing that had a hiccup was property in a state with different probate laws but that too worked itself out.
And...how are you going to handle updating information as you are forced to change your password for whatever reasons?
I don't have a good solution...I wish I did. There's no reason you can't change your email password today and die before you can document it (which if you're like most people might be a week later).
.. worked for me.
Ink may fade, paper may yellow, but should still be readable. Put it on a CD or USB drive, flip 1 bit, and you lose everything.
I want to delete my account but Slashdot doesn't allow it.
Put the passwords, etc on a piece of paper. Put that paper in a large envelope. Give that envelope to a firm that does document escrow (many law firms will do this) with instructions on who should be given a copy after your death. Let your friends and relatives know who has your escrowed docs. They provide proof of your death, and everyone gets a copy.
Why exactly are we reinventing the wheel here? This is old hat stuff. You don't need to trust anyone not to open their present early. Firms that do document escrow have better theft prevention techniques than anything you're likely to cobble together.
If you want to go super fancy, use USB keys encrypted with a pre-shared password instead of paper. Then you don't really have to trust the escrow folks.
Is paper still the most secure way to go?
Yes.
Specifically, paper, in a safe deposit box, and the key with a lawyer.
Use Acid-free paper and just print it out. If you want to be more clandestine and secure, then print out the information about the accounts and the credentials in two separate places. Like for instance:
Fed-ex the unlabeled passwords
USPS the un-passworded accounts list
The truth is, if you put it on a thumb drive, it might fail. If you put it on a CD it might fail (or 3 years from now, your grandma's iBookPro won't be able to read a CD).
As humans, we read paper documents that were created 100 years ago. It is a reliable data mechanism that is predictable and will out-live you for sure.
Plus it doesn't require that your executor be a cryptography nerd in order to make sure your wishes are followed.
Write down everything in paper, then lock it away in a fireproof box or a safety deposit box (or both).
I'm a fan of the phrase "we know how to secure a piece of paper". Not the sticky note taped to your desk that anyone can read and put back without your knowledge, but something really secure. You will know if your lock box has been stolen or broken in to; I would have no idea if someone broke into my e-mail or stole a file off of my computer or backup due to some weird exploit. If you want off-site safety, a deposit box is about as good as it gets with some assurance that no-one will go peeking. Let your close relatives and friends know where everything is so that when it is needed they can get to it, but they don't need access in the mean time if you have things you don't want them to know (or, you can give a copy of the key to someone if you want to... you have options, but you're still relatively safe in who accesses what).
I keep an encrypted online database of my passwords. Sort of. I use a 'modular' password. One word is different, the other is always the same. So in my will I have the same word (and it's l33t combinations) written down, along with the address of the database. So anyone dealing after my death will know ALL my codes. My wife of 30+ years also keeps a copy of it, and knows the super secret codes.
I started this after being in a coma, and my wife having to deal with my PDA bleeping about meetings to her until the battery died. Which made her cry even more.
Once it hits the other side..
---- Booth was a patriot ----
Even though the "ask a lawyer, not Slashdot" answer gets trotted out all the time, I think it's appropriate here. Lawyers do this sort of thing for a living. Probably cheaper in the long run to ask one.
I am not a crackpot.
Put it in secure notes. Give them all the login/password.
If they test it regularly, then have a locally cached copy if Lastpass goes belly up, which can be opened with Lastpass Pocket or whatever it's called now.
You still control it, yet it is remote and will be properly searched when you die. You can put a usb key in or some paper documents with the relevant information.
How long do you expect this to last before it's needed? DVDs and USB drives are common, but I see DVDs heading out at this point. Paper has the advantage that in 40 years it'll still be readable. Of course if your passwords change you'll have to update this information anyway. Assuming you update passwords occasionally because of a) good practice or b) some company gets hacked, I'd send it electronically and encrypted, so the person needs to actually enter a password to get to the data. Unless the recipient gets a keylogger installed, you should be safe. A text file encrypted with pgp is good for the knowledgeable recipient. For someone less savvy, I'd send them an encrypted tiddlywiki. Obviously give them the password over the phone, in person, or via snail mail.
Sometimes the truth is arrived at by adding all the little lies together and deducting them from all that is known.
All of my financial info is with Quicken on my PC. Everything else related to teh intertube world is recorded on a textfile on my PC with the passwords being represented as a cypher. The cypher is a one or two word comment relating to the password phrase I use (which I, in turn, munge to be first letter of each word or some other pattern, yadda) I've got the username/password cypherlist stored on my smartphone as well (Because I can't keep up anymore) and the cypher key is kept only as a hardcopy along with a hard copy of the textfile stored in a fireproof lockbox in my home. (The textfile points out the key is in the lockbox too).
I should probably just put the cypher key list in a separate lockbox (without any other username/account info) and geocache it to make it more fun for my heirs...
Pick a nice, long, secure passphrase. Use it to secure a GPG keypair. Back up this keypair in multiple locations, and with multiple people who know "This is the key that encrypts all of my digital stuff. My family will need it when I die.".
Use that keypair to encrypt all of your important passwords and data. Back up the encrypted files in multiple locations. Make sure your family knows where these locations are, and why thy and the files they contain are important.
Download a copy of http://passguardian.com/ . Load the saved copy (preferably in an offline PC) in a browser, and use it to convert your passphrase into several N of M parts. ie: Create 10 parts, and require at least 6 to reconstruct the passphrase.
Use something like http://goqr.me/ (or any other generator) to create QR codes for the 10 secret shares. Laser print the text share, QR code and some instructions onto a business card sized piece of paper, and have them laminated.
You now have 10 waterproof, hard to damage cards, any 6 of which will unlock your digital data. Distribute them to trusted parties and locations with instructions to use the shares once they hear and confirm your death. These parties don't have to be literate enough to merge and decrypt the data themselves, they just need to know that it is possible with their share. On your death, they will arrange to bring the shares and data together, and even if they have to hire a nerd to help them, they will unlock what they need.
... then roll it up, stick it in a tiny airtight canister and cram it faaar up your ass.
You state that you have a long career in IT, and at the same time you ask how to electronically hand over information generated within IT. Among those things, you even claim that you have passwords, meaning that they have been stored insecurly. This has "IT Janitor" written all over it, or possibly a concocted story.
Encrypt the file with a secure password or key, maybe using AESCrypt. Email the encrypted file to the relevant parties. Put the password to the file in your will (keep it under appropriate trusted guard, to be released only on your death). As long as the will and the encrypted file are kept apart until after your death, the file will remain secure until then. You can also modify the encrypted file as things change, encrypt with the same password, and resend the file.
There's still the possibility that their computer is compromised after you die and they decrypt the file. They could reduce this risk by opening it only on a known-secure system (e.g. an Ubuntu LiveCD boot), if it really matters. In any case, this greatly reduces the security exposure by not have this file sitting around for years for anyone to read.
do {print "Mini-Geek Rules!\n";}
until ($TheEndOfTheWorld);
Forget doing it digital. Your beneficiaries may have no idea how to decrypt something, or how to access whatever's become of some dead man's switch. Really, if I got hit by a bus tomorrow, even if I had things stored in quadruplicate across various flash drives, I'm not so confident anyone would know what to do with them.
Type the important stuff up, and seal it in an envelope (or several, if you're dividing things up amongst likely heirs). Present those things to an attorney and have him draw up a will. The attorney will retain those envelopes and ensure that things are done properly once you're gone. If your very important passwords change, revise the documents and stop by the lawyer's office with new copies in new envelopes. They might not even charge you anything for that.
I know we generally hate lawyers here, but this is one really worthy function that many of them can perform, and the courts know full well how to deal with written and physically signed documents. In the event that you outlive your lawyer, his or her office will retain custody of your will and your envelopes, or you can find a different lawyer.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Take pictures of all the documents and send them via snapchat. Isn't this the kind of application it was made for (restrictred permission viewing)? It's, like, toooootally secure.
Many of the 'knowledge share' sessions ive taken part in have requested my notes and musings on the technologies ive handled. Cryptography is the most logical means of securing this data as we all know, but the method by which one achieves this should be carefully followed.
1. Choose a cypher whos strength is measured in the number of heat deaths of a cruel gods distant universe. Many will suggest a 256 bit cypher, but dont let that stop you from pursuing the correct size, a 256 megabyte cypher.
2. passwords for archives and files should be sized accordingly as the md5 sum of the number of office parking spaces multiplied by the number of empty toilet paper rolls in the nearest bathroom to the largest conference room. the password must only contain characters whos hexadecimal value falls between the number of chairs warmed by the morning sun in the main lobby, and the number of lights in the break room that flicker when first turned on.
3. You can never be too careful with USB drives. potting has long been a method of deterrence for unauthorized reverse engineering, but many dont know that a far more economical means of securing your USB data is to plunge it into an identical reproduction of a fifteenth century hessian crucible on the first blood moon of Rajab, the holy month of Allah.
4. your paper trail should be auditable, and the business should know to whom you've shared information in order to determine future knowledge owners and process managers of your data. a CMS like system (similar to sharepoint) can easily be constructed by liberally dredging your paper documents and binders in a mixture of polychlorinated dibenzodioxins and low-yield fissile byproducts. the checked out or viewed copies will then be easy to track using simple FEMA disaster response processes.
and congratulations on your retirement! give yourself a pat on the back because you deserve it. I hope my tips help you achieve a smooth and manageable transition.
Regards,
BOFH
Good people go to bed earlier.
This is the way to do it -- I've added one more step. My safety deposit box also includes a master password and a 1TB encrypted USB backup drive. Since the professional who wrote my will also advised leaving a copy in the box and registering that this is where the "official" notarized original is located, my executor will, by local laws, just have to provide proof of death and the copy of the will indicating they are the executor to access my box. Having the key (which they likely would) would help too.
So, what I would do is pick a few passphrases that are long and cryptographically secure. Print these out and store them in a safety deposit box, bequeathing said box to whomever you want to give this information to.
From there, the linux command-line utility gpg will work nicely.
gpg -c filename
Will prompt for a passphrase twice (use one on your sheet), and output "filename.gpg" leaving filename still in tact.
From there, you can do whatever you want with the encrypted file--store it on a USB and put it in the safety deposit, email it, whatever. No one will be able to do anything with it until they have the passphrase.
The other way I'd do that, which is more of the day-to-day stuff, is create two bitmessage accounts and just send it via that.
PGP encrypted email is also a good way to go, so long as the recipient has their private key properly protected.
You will die exactly once (barring a zombie apocalypse, in the event of which I am going to disavow any credit for this post) so why reinvent the wheel if it's only going to get one turn anyway? Hire a reputable family lawyer, set up a will detailing your important documents (and whatever else you are giving away), name an executor, choose a safe place (in meatspace) for the documents to live in the meantime, and then enjoy your retirement.
You have no control of what happens once the data leaves your control - whether the data is held and transmitted electronically or held and transmitted physically.
That being said, though IANAL*, it seems that it's your executor who needs the data rather than people "pretty far away".
* And really, when it comes to drawing up a will, there should be one involved. It'll save everyone involved a whole ton grief in the long run if you set things up right in the first place.
I call BS on the whole thing, "long career in IT" =/= UID over 3.5M
"If you have nothing to hide, you have nothing to fear." - Every fascist, ever
1: Talk to a notary.
2: Digital methods can and will fail. Either on your end or because the recipient doesn't know how to use them properly.
Talk to a notary. These people have been handing over sensitive information about bank accounts, secret swiss safe deposit boxes and other stuff from one generation to the next for centuries, and you have a human who can work around any failures.
Sure, you can find 10 possible digital solutions on the pages of Applied Cryptography, but... goto 2
throw new Exception("you failed to follow the goto");
Assorted stuff I do sometimes: Lemuria.org
One of our clients does exactly this.
https://www.fidsafe.com/
I've never understood why blueray didn't fix this. Blueray has plenty of space now. Screw higher definition, I want
a disk that I can scratch 12 times with a razor blade and still get my data off. My guess is the only reason they
haven't done this is because they want the disk to only last a half dozen times before starting to degrade so you
have to buy the movie again.
Have we not learned anything from Sid Meier? Bury it on a deserted Caribbean island, draw a crude map with a red 'x' marking the approximate spot where your treasure is buried, then go to some bar on some other island and get really drunk and leave the map there with the bartender. Yarr..petarrr!!
You need a *legal* solution. This is something you should be talking to a layer about, and not /.
No one expects the Spanish Inquisition!
I tried to get my wife to use keepass too, she did do it.....changed all her passwords then.... forgot to save the file and her computer rebooted with windows updates. She called me at work rather upset and spent the rest of the day resetting her passwords.
5 years later I am just now getting her warmed up to trying again.
"I opened my eyes, and everything went dark again"
If you "memories" have ever traversed a public network. Your tax dollars at work.
Solve the problem of motivating someone to do your will after you're dead.
long career of inserting punch cards into computers
but is there any way to share this sort of information electronically
Write it by hand.
Photocopy it on an analog copier, or if you can't find one, use carbon paper.
Send it by post.
Safer than any encrypted email.
A pox on web designers who feel that window.innerWidth == screen.availWidth
I jsut picked up a HP 7", 16 GB jelly bean android tablet WITH 4G radio and SIM for $120. Intel NUCS are $200 with RAM and the OS on flash. Raspberry PI, BeagleBones, Intel Gallileo, Arduinos equipped with SD slots. Put your data on discrete hardware, and have at it.
Good-bye
The MOST important part is documenting where your assets are, and account numbers. After you die, your assets go into probate, and aren't just simply accessible via logging into your bank. So the username and password isn't really as important as you think it is.
Seriously, talk with a lawyer who's familiar with inheiritance in your state. Obviously documenting where all your assets are is very important, but don't just assume your loved ones are going to login to your account and transfer money out of it a few weeks after you're dead. That stuff gets locked into probate as soon as the financial institutions hear you're dead (with a few exclusions of course).
AccountKiller
I registered deathapi.com a while ago, after an acquaintance passed away, for this reason specifically. At the time, I had imagined a system that you OAuth against w/ all of your relevant accounts w/ full admin access, and specify a recipient of those keys after some pre-determined length of inactivity (a year, say). The idea still has a lot of relevancy in my mind, but it's so morbid to think about.
You're assuming he's never going to update the storage before he dies. If he dies tomorrow, then it won't take twenty or thirty years for the will to be executed and the drive fired up.
If he lives for another 10 years and another popular interface and storage format comes along then I'd assume (based upon the effort put in so far) that he'd replace the USB hard drive with whatever the next big thing is.
So what was your point again?
Hi UrsaMajor987, I just read your post and wanted to let you know that we have setup a service that's tailored to your question, Our service is called Afternote. Like you we had this same issue of not having a way to save wishes and important information. You can start a free account on www.afternote.com. If you have any questions or good feedback you can always contact me. Kind regards Arnaud
First of all, I assume you are serious and not trolling (as some others who replied have asserted).
My son died in April of 2013. He lived with cancer for four years and then took four months to die. During that time, he ignored my pleas to create an estate plan with an attorney. I am still trying to unravel his estate. Divorced and without a will, his son (my grandson) is his sole heir. My grandson is 6 years old. After my son died, it was too late to create a trust for my grandson. Instead, I had to go to court (several hundreds of dollars in court fees, legal fees, and even appraisal fees) to be appointed the guardian of my grandson's inherited estate. (His mother is the guardian of his person.) I will then have to return to court every two years to report on the status of the guardianship. In the meantime, NO ONE had authority to pay my son's final bills. It took seven months after my son died before I had legal authority to collect his credit union accounts, IRA, Roth IRA, and multiple 401(k) accounts, by which time several bills had already been sent to collection. All the legitimate bills have now been paid, and all known assets have been collected (the last, just a week ago). In July, I will transfer the balance of my son's estate into my grandson's guardianship. That will not end the hassle as I will have to report the status to the court for the next 12 years.
I am thus on a campaign that every adult needs an estate plan. Even if you have no heirs, even if your estate is small, you need to provide binding instructions on how to handle your assets after you die.
Before my son started actually dying of cancer, my wife and I started a complete overhaul of our own estate plans. With the exception of our IRAs and Roth IRAs, all our assets are in trusts. We each are the other's beneficiary of the IRAs and Roth IRAs, with the trusts the contingent beneficiary. The trusts require two trustees, currently my wife and me. If one of us dies or becomes incapacitated, the replacement trustee is already identified in the trusts. When we are both dead, the replacement trustee must appoint another trustee to have two. CONTINUITY IS VERY IMPORTANT. Our credit unions, bank, and mutual fund group all have copies of the relevant portion of the trust documents to ensure they accept this continuity.
Now for the original question: In California, where my wife and I live, a bank safe deposit box is NOT sealed if one of us dies. The box remains available to the other persons who are listed at the bank -- with their signatures -- as having access to it, which includes our daughter and will eventually include our replacement trustee. The complete original documents for our estate plan are in the safe deposit box. Right now, I can see a ring binder with a copy. The replacement trustee has a copy. A list of all our accounts is in the safe deposit box. An inventory of our mutual funds (IRAs and Roth IRAs) is in the safe deposit box.
In a sealed envelope in the safe deposit box are a floppy disc, a compact disc, and a printout of my OpenPGP public and private keys and my OpenPGP passphrase (the latter otherwise exists only in my brain). (I chose three media since I have no way to predict what formats might become obsolete before I die.) That envelope also contains a list of all my important Internet passwords, which are encrypted on my PC.
I have an unencrypted list on my PC titled "Where Is It?" that describes where everything should be found: checkbooks, bank statements, insurance policies, durable powers of attorney for health care, mutual fund statements, deed to our house, etc. When I update this list, I E-mail a copy to our daughter; another copy is in the ring binder with our estate plan. Also in the ring binder is the paperwork for our purchase of burial plots.
My stuff is on a CD in the bookcase.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
FTA, "At the end of it all, I will have documentation on financial accounts, password, etc."
It sounds like you are documenting sensitive company or client information. As such it is beyond the scope of you as an individual to place any of this information in a private store. You need some sort of formal business procedure for this. One place I worked THE COMPANY had safety deposit boxes. At another we would put emergency back up passwords in an envelope and give them to the administrative assistant who would keep them under lock and key in case I and/or others were killed e.g. on vacation. The company owners and managers knew about it and it was part of our policy.
If you are removing sensitive information from a company network and storing it somewhere in you personal control, you are looking for trouble. If there is a breach you could be personally liable either civilly or criminally. Do I what I did and make sure that there is a documented policy and attendant procedures, and follow them.
putting the 'B' in LGBTQ+
There's a file on my computer called "for my daughter". It's got everything she needs to know. Also backed up on a CD in the bookcase.
Besides the required stuff, I used the opportunity to also wax long and poetic about my life and how her life changed mine, and wrote about all the interesting things about her childhood that I could remember. Included words of (hopefully) wisdom. I don't remember where I got the idea from, but since I was writing everything else down, decided to include that as well, so her last memories of me wouldn't be dry facts and figures.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
I thought about that, but my daughter classically can't remember passwords she uses every day; there's no way she's going to remember a password she'll only need once.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Why on earth would you want to tell anybody the passwords for your financial stuff? Just to save them some bad traffic?
If you die and they access it after the fact, they'll go to jail.
They'll just have to go to the normal system, walking to the bank with a court order respecting your will from your lawyer or whatever else to prove that they inherited your money legally.
Unless it's just to change your social networking status to 'deceased' they won't need any of those.
Now if you had a 1 -3 figure slashdot account, that would be another thing, they could sell that for 20 bucks to a newbie.
If you have illegal funds hidden from the IRS stashed in the Caimans or Switzerland, it's just gone.
Bury your stuff in the backyard, like normal people.
I second the advice to NOT use a safe deposit box. In some states safe deposit boxes that have been untouched for a certain number of years (sometimes 15 but can be as low as 3) are declared "unclaimed items" and are confiscated by the state. There's been a few high profile cases recently. Burying a coffee can by the tree in the back yard may be a better idea. Or maybe a bus station locker. (At least, that's what they're always using in movies...)
Banks are not safe places for long term storage.
Regarding family fighting over my money after I'm dead. Bwaaaa hahaha. (wiping tears from my eyes) They'll be lucky if there's enough for cremation.
Oliver's law of assumed responsibility: If you're seen fixing it, you will be blamed for breaking it.
Use Keepass and convey the master key verbally or some other medium, it's designed for this sort of thing...
http://keepass.info/
"As flies to the wanton boys are we to the gods; they kill us for sport." - William Shakespeare, King Lear
I can always print a copy and have it delivered to them, but is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data.
Put an envelope and its contents in a UL rated fire safe and it will most likely survive any household disaster you could name. The diaries, account books, and letters of family members active in the early nineteenth century remain perfectly legible after close on to 200 years.
The paper copy that is notarized and filed away at the bank includes the reference "Refer to folder X in file drawer Y of my home office file for a current list of online file names, site names and logins." I can easily keep this list current without having to keep re-issuing the official will.
The problem; trust. Say you had a number of deposit boxes with valuable contents. Do you give someone copies of all your keys, as you intend for them to get the contents later - and trust them not to open any of it until the time comes. Do you invent some clever scheme that they will find the keys when they go through your stuff when the time comes - though the thing is they may never find it, and noone will ever know. Or do you buy some service from ShadyCo Care Services to keep copies of your keys, with a promise they will be delivered to the right people when the time comes.
The problem is trust. Ultimately with these examples, you either trust one particular person more than you would normally want to do (it is nice to have close family and friends, but we do not necessarily give them all the passcodes to access our bank accounts and do stuff in our name), trust some entity which ultimately cannot be trusted (e.g. corporation), or bet on some chain of events to unfold as planned.
Within the area of cryptography, there is a concept called "secret sharing", that instead of one password (or "master secret"), a number of secrets are produced which when combined in various pre-defined ways, will create the master secret. You encrypt a file with the secret information you want to pass on, using very strong encryption and a very strong password - and then create a number of secrets from the master password. E.g. if you have 2 siblings and 3 children, you could split up the key such that any one sibling together with two of the children, would be able to reconstruct the master password.
So what is the nice thing about this type of scheme? It means you do not need to trust people as much. In order to "screw you over" by going against your instructions, with the above example three of the people you think are closest to you would have to collaborate - which is a lot less likely to happen than if one single person held all the power.
There are some practical issues - each person would have to get a secret to be protected, preferably in some way which cannot be hacked - and a piece of software that they will be able to use to reconstruct the secret - something portable which will run on anything and which can also be operated by computer illiterates. I would not expect anyone has written software specifically for this, though it would have been quite easy, as the concept of secret sharing is pretty straightforward, e.g. the secret lies along a n-th degree polynomial with known x-value e.g. x=0, and each person gets coordinates for a different point along the graph. Any n points are sufficient to resolve the coefficients of the polynomial f(x), and thus determine f(0).
Its not just death that is the problem. My ex-wife is in a coma, not dead. Helping the kids access her data involved an EC2 cloud of GPUs. Please people, leave your password around so your loved-ones can obtain it even without a death certificate or will, because there are some situations that are even more complicated than simple old death.
Your safety deposit box schemes all mostly fail on this point alone.
--M
# grep slashdot access.log | grep html | sort | uniq | wc -l 2604
How do you know a conversation is private? You know who you are talking to and you know others cannot eavesdrop. Phil Zimmerman, a foremost expert on email security, says: Email that uses standard Internet protocols cannot have the same security guarantees that real-time communication has. There are far too many leaks of information and metadata intrinsically in the email protocols themselves. Email as we know it . . . cannot be secure. The reason...email was never designed for confidential communications. Most email providers only encrypt your digital information while it is in transit (and this encryption is fairly easy to defeat). The problem is that your data spends most of its life in storage completely unprotected. If your email service providers have access to your password, they can view and share your information as they fit. Even most secure email providers only encrypt your messages some of the time, and can read your emails and attachments. There is no expectation of privacy when using public email systems such as Gmail, and likely never will be. Their livelihood depends on being able to read your email. Email also allows anonymous users and is routed through multiple servers across multiple domains, making it impossible to know if and by whom email is intercepted, or even who is on the other end of the line. I work for a company called Absio that has developed a new digital communications protocol that enables the first truly confidential alternative to email for messages and files that need to remain confidential. Unlike Ãoesecureà email providers, Absio does not have centralized access to passwords, keys or metadata related to your email. Each message and attached file is individually encrypted with its own key on your device before they are sent over an encrypted Internet connection to the Absio servers. Absio does not have access to your encryption keys, and does not have an alternate decryption key. This means Absio does not have the ability to decrypt messages or attachments, not even a subject line. Absio cannot see or share decrypted information, because Absio never has it. Our first application is called Absio Dispatch. When using Absio Dispatch, messages and attachments are automatically stored in encrypted form on your personal devices. Absio Dispatch transmits your encrypted data through an encrypted connection, and encrypts all metadata except for the Absio ID (like an email address) to whom the message is going. There is no spam, because your Absio Dispatch application can only receive messages from the list of trusted contacts you designate. The only people you need to trust with your data are you and the trusted contacts who receive your messages. We strongly believe that digital information is private property and carries all the rights and obligations that are associated with other forms of property, and all individuals deserve for their personal information to remain private.
Maybe this would work for you. I am using them.
Exactly -- I've come to realize that storage format doesn't really matter -- what matters is keeping it current. In my case, that 1TB drive doubles as my offsite backup; it gets swapped out about every 3 months. I've already changed actual medium used 3 times since I started this; at the start, it was only essential files on a thumb drive, as hard disks weren't small enough back then to fit in the box.
Another benefit of this is that even if my home computer gets scrubbed/sold/stolen/etc, all my passwords are stored on my keychain on that fully bootable drive. So the drive just needs a hardware-compatible computer to connect to and the appropriate password in order to access anything.
Sure, some TLA could force the bank to open my box, retrieve the drive, and have access to my entire life plus full identity theft privileges... but then most TLAs can already do that without the hassle of involving a bank.
Oh, for that matter: if you don't update your Will and associated documentation within 20 years, the contents are probably void anyway. Things change over time, and you need to keep that stuff current.
Otherwise, your wife and kids may be a bit upset that you left everything to your mother and some non-profit that doesn't even exist anymore.
This is what I have done: 1) create a document with all sensitive information (passwords, account numbers, etc.) 2) encrypt it with the keys of two tech-savvy friends 3) e-mail the file to two non-tech-savvy friends with instructions to send it to the people in step 2 upon my death I'm not sure what you would do if you don't have enough friends (grin) but this seems to be a pretty simple and robust solution for my needs.
This honestly seems over complicated. Why should anyone have this information before you die, especially financial information? The simple thing to do is put a hard copy (sealed, of course) of the information in a safety deposit box with a copy of your will. As long as your executor knows about the box, they can access it after you die and distribute the information per your instructions.
I encountered an issue where our 'boss' thought it was important to know the root passwords. But my team came up with a compromise.
Shamir's Secret Sharing Scheme
Allowing us to provide the passwords to multiple non-tech members of the company, without risking the loose of the actual root passwords.
At least three staff members need to combine their parts to reconstruct the ACTUAL passwords.
Distribute the information to multiple parties, including your Lawyer. The information is 'safe' until a predefined number of parties work to reconstruct the passwords.
That depends on the state in some states a safe deposit box is the best place for a will and the law has special allowances to search for one. I think Pennsylvania is this way, maybe Indiana.
Cheap storage VM.
I am spinning up an offsite backup/archive company. I plan to offer annual data backup plans. I'll bill you and send you a flash device for your data, which will be loaded to a server that hashes it and uses some other processes to protect the data integrity.
I am considering offering an escrow service where data can be released to a third party when certain criteria are met. The site is empty now, but check back to find out more, http://www.o2ark.com./
Cheap storage VM.
I flew to see my co-global-head-of-everything-awesome and hypnotised her with all of the data she requires to keep our empire growing in the even of my death. My obituary will contain trigger words to activate the programming.
Setup automated "are you still alive?" checking with http://www.deadmansswitch.net/ Have it email your password if you don't respond to a few checks in a few months. In lieu of the password, enough clues for family to reconstruct it if you're worried about these guys seeing it should do the trick. E.g First pet name + second pet name + wedding anniversary + favourite color etc etc.
--- I've completed diagnosis of your problem and can classify it as a YOYO...You're On Your Own
In the last several years, things have happened. Someone very close to me died with no notice. Quite literally, I saw him alive and normal at home. I went outside. A few minutes later I went back inside and he was dead. Natural causes.
I went in for spine surgery a few weeks ago. I could have walked away from it, or have been rolled away to the cemetery.
I always make sure someone knows how to do what I do. That person usually knows where everything is. They don't necessarily have all my passwords, but they know where the "key" is, which guides them to the vaults (one logical, one physical). I double checked the key, and the instructions for the vaults before surgery, and reminded them where the "key" is hidden. My "key" has another more colorful name, so I'm not even giving away secrets here. :) Your "key" could be something like an envelope marked "1997 expense reimbursements", with just a piece of paper containing a few important passwords and instructions for the rest.
It doesn't have to be a life changing (or ending) event, or even an employment terminating event. It could be something as dumb as you're stuck in a remote airport during a blizzard, with no data service, and something major happened. Sure, everything *could* wait a week for the storm to pass. Or you could say "Call X. Tell them to go get the key. They will understand and can take care of everything." The instruction to "Call X" is kind of redundant, as the primary people should already know who the "oh shit" person is to contact. It's just reaffirming, "I'm stuck, and can't do anything from here."
Just be very sure you can trust the people holding your secrets.
Serious? Seriousness is well above my pay grade.
They'll be lucky if there's enough for cremation.
Not saying that you haven't thought of this, but a lot of people don't...
Most IT employees are covered under some type of insurance...Accidental Death & Dismemberment, and company covered life insurance. You've also likely got a 401k...I've met many people who don't know how much they have in theirs.
Just another day in Paradise
The laws of each State are different. This is true in other countries. I suggest you consult a local attorney at law in your jurisdiction, with a knowledge of Intellectual Property law. I suspect you MAY be looking for a "durable" power of attorney. (That means the power of attorney survives your death.) The power would instruct the person you chose "At the time of my death, please do X, Y and Z." Then the power dies, and is of no further effect. If there are huge financial implications, you might consider having the holder of the power post a bond to insure full performance. But please, get a professional to help with this. I don't try and fix my computer, because.... well.... I'm clueless. As far as I'm concerned it's all magic and that's the end of it. It took me three tries to get this posted, how's that for clueless? Just my humble opinion.
I'm surprised only one other person pointed out almost none of that info is needed. Banks, courts, insurance, attorneys, brokers, all of them have procedures which negate passwords/PINS/all that info the executor of the estate typically doesn't know.
What you do want is to get way more copies of the death certificate than you imagine you'll ever need. The death certificate and the institution's forms will gain you legal access to everything. Accessing them improperly could lead to trouble.
(A list with passwords should be outdated in a matter of weeks when passwords are changed anyway, account numbers when accounts are closed/moved, etc. It's just quicker/easier to use the institutions process and doesn't ruffle any feathers.)
Total rookie mistake but, also a very common one. I have burned myself more than once not saving a document. Usually, it isn't all of my passwords.
Actually keepass has an option to save after every change, it just isn't turned on by default.
"I opened my eyes, and everything went dark again"
Snapchat is not totally secure (http://www.cnn.com/2014/01/01/tech/social-media/snapchat-hack/). There are other tools available where the service provider does not store passwords or keys, and therefore, cannot be the source of a breach (Absio, Wickr, etc.).
I am spinning up an offsite backup/archive company. I plan to offer annual data backup plans. I'll bill you and send you a flash device for your data, which will be loaded to a server that hashes it and uses some other processes to protect the data integrity.
I am considering offering an escrow service where data can be released to a third party when certain criteria are met. The site is empty now, but check back to find out more, http://www.o2ark.com./
First off: sounds like a good idea.
Second: It's going to need a LOT of work. I'm not going to send some random person a flash device with my data on it, even in encrypted form. The service is going to require not just escrow but a pretty heavy bond; basically, you're going to have to set yourself up like a bank. Then there's the issue of jurisdiction. If you're in the US, there's no way I'm going to trust my data to your server, when it's been shown that government WILL step in and look at things just because they can. Other countries aren't much better; they just don't have a Snowden leak. to back things up. Compared to this, fully offline safety deposit boxes have a ton of legal precedent to prevent third party snoopers.
Third: You're going to be competing with data protection behemoth Iron Mountain. Are you up for that?
Yes, I'm targeting more of the low bandwidth households that can't back up to the cloud and those smart enough not to trust the crowd, but not educated enough to roll their own solution. I don't see an offering from Iron Mountain that caters to the new mom with 10GB of baby photos.
Data security is something I will have to deal with. I think offline encrypted volumes will be pretty tough to snoop.
Cheap storage VM.
I thought about that, but my daughter classically can't remember passwords she uses every day; there's no way she's going to remember a password she'll only need once.
Then you WRITE IT DOWN. Then give her the piece of paper with it written down upon. Or give the encrypted files and/or paper with the password to one or more lawyer types to do the holding on for, if you want to really have it properly curated.