My first idea would be using a password manager for everything, list every device used for 2SA and confine within my will a master password.
Things that really matter (banks, etc.) have well-established next-of-kin processes. You can cause problems if you subvert them, as there's processes to go through to prove who might have claim to the estate and if necessary divide it between multiple parties. Similarly, subscriptions will just bounce once you inform the banks of the death and they freeze further transactions as part of said process. In my experience, your next of kin don't want to be dealing with cancelling a bunch of subscriptions when they're already planning your funeral, informing loved ones, etc. - there's already heaps of shit you have to consider and it's a very stressful, emotional time.
Giving over passwords implies that you expect someone to log in and do something with them, so it's not really important for them to have it for these reasons.
Secondly, I doubt any of my next of kin care about e.g. my Steam library or my Reddit account. As I've gotten older, I've realised that people don't really want to inherit the overwhelming majority of your stuff (they have their own stuff). If you think someone really does want something in particular, you can have that conversation with them specifically, but that's going to be very few and far between.
His wife, who also helped with running his business (small shop, 4 employees), tried to get access to the business bank account in order to pay the bills. Cloud services would expire, services shutdown, they would lose a lot of clients.
She couldn't pay the bills, because while she was his next of kin, that only works if he dies.
So anyway, having procedures for death is one thing, but don't forget scenarios like being in a coma for a few weeks, or being kidnapped, etc.
Even if theoretically those institutions should proactively search for deceased owners' heirs in some jurisdictions, I wouldn't trust this to happen.
At least listing all banks, stocks accounts & insurances you have might be really useful. Just set a yearly reminder to self in calendar to send such an email to your closest family member.
This is in part because said country's process requires a document that literally doesn't exist for the home country of either party in this inheritance; they won't give him the money, and they won't take the money, so it just sits there indefinitely.
It happens all the time.
https://www.cbsnews.com/chicago/news/the-countrys-largest-re...
It took them years to find distant relatives; none knew about the guy or his money. Why didn't the state workers just do nothing and keep the money? Because they actually do their job, that's why.
Also, just keep your mail. Everything important in your life will send you mail.
www.Unclaimed.org,
If we both die, then our extended family will have to work through the legal system but our will + a lawyer should help out a lot.
Edit: To answer the original question - I documented how my wife could do this before going on a week long motorcycle ride in 2019 :).
I don't want to overstate the value of random digital assets, like you say your Steam library or Reddit account likely has far more (even exclusively) value to you, but many things that do have sentimental value, or might for some, are ever increasingly digital where they historically obviously weren't.
Even just correspondence that might make it easier to sort things out is now predominantly email. (And to my point above, more recently born people more likely to have opted in to 'paperless'.)
[0] https://support.google.com/accounts/troubleshooter/6357590?h...
(Google has "Inactive Account Manager" you can set up to hand off / delete data if you don't log in for a long time.)
I would say that the exception might be for local/non-cloud things - for instance your phone, laptop, NAS, etc.
If you are the controller/admin of data that might be good for others to have (family photos/videos/etc) - then setting up some process for handing passwords over for that to Next of Kin would be good.
As for services, utilities, etc - having literally just been through this in the past few weeks, it's incredibly frustrating that so many businesses don't have well established and functional processes for dealing with accounts owned by the deceased.
The executor reached out to the services that needed to be terminated with sale of the house, and without fail they all screwed up in some dumb way. Most of them keep insisting on only being able to talk to the deceased person, even when you're the executor of the estate. (And they don't understand that, either).
We ended up having to send registered tracked letters to their formal mailing addresses for several because of how insistent they were on sticking to their "only the account holder can make changes" script. Despite them having copies of the death certificate, extracts from the will, etc.
Banks have next-of-kin processes because they're required to, most companies are not.
With banks, it can take weeks or months to access an account after someone has died. Even when they let you freeze an account, what if that account was also paying for your family’s life insurance or health insurance?
This would be easy if you can just share passwords, but it is illegal to access someone’s bank account or email account after they die without having all the legal docs and following the company’s process. Even if you do everything right, some companies may never give you access. When a girl died of mysterious circumstances, Facebook refused to help her family determine whether her death was suicide or murder: https://www.cnet.com/tech/tech-industry/facebook-fights-for-...
If I ever die of mysterious circumstances…
Okay but can I get it then?
On a serious note, I doubt it is something inheritable. I haven't read the terms of use but I am 100% sure you cannot inherit a Steam account, the same way you're not authorize to buy one.
I'm sure it goes the same with 99% of the online services that you may be subscribed to.
So far, I've been too young to actually set anything up but with all these things stored in my 1Password and other storage accounts, I need some way to legally hand down credentials to my next of kin
All of this digital assetry we're "buying" isn't actually ours, and that's one of the greatest annoyances of the "digital future" for me.
That said, I couldn't give a shit, nor, I suspect could my wife and kids, whether my Steam library and Google Movies (or whatever) stick around after I expire.
I had most of this done already, but about a year ago a friend of mine -- very healthy! younger than me! -- literally dropped dead. It was a bolt from the blue, for sure, and the trouble that followed for his widow was a wake-up call.
For some reason, he and his wife weren't on a "family" plan with Apple, which meant, from Apple's POV, they were just two customers, and lawyer letters and whatnot would be required to get her access to even his pictures on the phone.
Apple NOW has a feature that allows you to nominate a "digital legacy contact" for your Apple data. If you're on iOS, I RECOMMEND IN THE STRONGEST POSSIBLE TERMS THAT YOU CONFIGURE THIS IMMEDIATELY.
https://support.apple.com/en-us/HT208510
As for the rest of my digital life, everything is in a password manager, and my wife understands that the master password for said vault is in the safe.
If one has something going on such that state-level actors might want nefarious / adversarial access, well, one should be taking MUCH MORE SERIOUS STEPS about personal digital security.
Your "regular everyday normal mfer" (as the song apparently incessantly looped on Instagram goes) has no such enemies. My personal digital opsec is designed to keep me and mine safe from likely threats, and the threats I face are pretty banal -- brute force attacks, mostly. I am 100% unconcerned about governmental intrusion into my safe to gain access to, e.g., my online banking passwords.
As the question is about granting access to accounts after death, it seems an odd worry. The government is also likely to get access to your data from your Google, Facebook, etc. If you have a server in the cloud, they can probably go to your hosting provider to get physical access.
So unless you have data in secret offshore servers in countries that won't cooperate with the US government, then a safe is not your weakest link.
I’m sure others have much better ideas…
In general; you don't. If the gov. wants to make you do something, you're going to have to do it. In many western countries, that's only a vague threat, an many others it's a lot more real.
Theoretically, you could have two components to the password: something long and random that is written down, and something easily remembered and personal. A special moment, a place, an anniversary only the two of you would know, etc.
/s
Government already has access to banking and phone records, most online accounts and data from Apple, MS and Google.
They're not particularly keen on the idea of having to type in two pages of private key but as I point out, it's both (a) a good opportunity to learn about OCR and (b) not my problem.
When I was writing this code I wasn't sure if it would ever matter but figured "hey, why not..." -- but I've probably had a dozen emails since then from users thanking me for including those.
Especially in a situation where you won’t be around to help troubleshoot.
"by 2025 a children's Speak-and-Spell could crack it"
I would also suggest things like your primary Google and/or Apple account to make sure she ends up with access to photo libraries and the like.
After that, most things are less important.
Though after seeing this thread I went ahead and just gave her access to my photos once I go inactive using this service: https://support.google.com/accounts/answer/3036546?hl=en
It needs to be Plan A, as well. But a shortcut to get access to your accounts without having to go through a will and lawyer will be appreciated by your wife if only you die.
> Give someone you trust access to your vault. When your trusted contact requests Emergency Access, you can decline their request within the specified waiting period. Otherwise, your vault is added to their LastPass account.
I thought LastPass only kept encrypted user data that only the master password can decrypt. Would this process mean they keep an accessible copy?
I suppose the process could be to encrypt my master password with a public key generated by the spouse account (with the private key stored in their encrypted bundle), that LastPass servers can store and provide on delayed request?
My son is the one human who matters the most to me -- there's a letter in there for him, too. I add to it periodically.
This works for now, with our current array of tech. My company offers a free sponsored account with one of those companies that offers after-death account and paperwork services. I intend to look into it, but don’t want anything tied to employment or to a company that’s not as likely to survive as it is for 20 years.
Also, I should mention, all my passwords are in 1Password. That’s a known password too.
A credit report will identify any open credit accounts and those creditors can also be instructed to provide payoff information and close the accounts.
The main thing you will need to handle the death are lots of certified copies of the death certificate. One per account, generally, and copies/digital scans are not accepted.
The main area to record would be asset accounts, valuables held in safe deposit boxes, files, or secret locations holding things like cash, stamps, coins, treasury certificates, partnership agreements, titles, deeds, etc.
When my mother died multiple places *asked for* certified copies, I simply told them she's dead, there will never be another authorized charge, nothing is currently owed so no payments will be made, do what you will with the account.
In the US, for most traditional assets, sure, but not necessarily elsewhere. If you have accounts your spouse/partner/next of kin doesn't know about, then you should list them somewhere and include that list in your end-of-life paperwork.
When my kids get older they'll move to the top of the access list for the envelope with the location of the secret place and ownership of said place.
And each one of them has the password for one of the two encryption layers ?
This way it won't get lost.
Sure, my wife could access my accounts, but she'll be lost - which are important? which can be ignored? What do you do once you have access?
Where are all the bank accounts, credit cards, loans, and how are they setup w/autopayments & withdrawls?
Ditto for insurance policies, your random toys and tech stuff. E.g. what should be done with your random websites/URLs - let them expire, archive them, ?
And my social accounts too...
It's not good enough to just go over it together one night, you need clear documentation that can be quickly referenced and followed during a time of immense stress and grief. And then keep those docs updated!
All relationships are different. :)
I don't know all of ours. I know our shared bank account, and that's about it (well, we have a shared password manager, so I could probably figure it out). It doesn't seem useful to have the knowledge, and when she dies, the least of my worries is a missed payment or two.
> how much are on them
I doubt most people on HN carry credit card debt.
The one week buffer has saved my butt a couple of times already. And the callback is really simple. I created a Tasker task that touches the file in the morning once I unlocked my phone. So there is really not much work involved.
Does any of this need to be secret from her now?
I just have a Google Doc called Our Finances and Other Important Things which list various accounts and stuff. It's shared with her.
For example, depending on how your bank account is setup, it may be legal for your wife to take money from it while you are alive but become illegal after death until probate is complete. The reality is nobody cares because 90% of the time the surviving spouse gets everything anyway, but it's there.
Check your local laws.
Same goes for next of kin’s access to my accounts. Uncharted territory, but those are assets, and I don’t think people should be able to peruse assets of a defunct.
It’d only come up in an adversarial inheritance scenario so make sure you have a bulletproof will.
The big advantage of a password manager that is consumer friendly (Like 1Password) is that you can store everything in there (documents, passport, notes) and it will be accessible to whoever needs access to it. Not some obscure command line knowledge necessary.
It is also a lot easier than having hundreds of papers / letters in your house. Even if it's not about the security aspect, having everything in one place is a big advantage.
That's not true, there's a "Download" button that downloads the raw file. Just tested that on the latest Beta of v8 on macOS.
Put everything you own in the name of a living trust. You can still control the assets, or take them back out of the trust if you want.
Then your will names the living trust as the beneficiary. Your executor thus has access to all of it and you don't have to tell him/her about every single thing in advance.
But IANAL. I've probably left out a lot of details. See an estate lawyer.
- Setup keypassx with all key accounts/passwords
- Setup 2FA on a phone app such as Google Authenticator. Then make a backup on another phone (you can copy Authenticator app data on another phone easily). Bonus: setup Authy app on a desktop as well.
- Record a video of you showing anything critical
- Write down any details that only you know.
-Put all this in a simple HTML/Markdown page and save on an encrypted disk and/or S3. For backup, save a copy on a flash drive.
- Keep the encryption key and flash drive in a physical locker that only is accessible to your spouse (if any) or anyone else whom you want to. If you are using a physical 2FA device such as Yubikey, then keep a copy in this locker as well.
- Make a Will which explains who/how can access all this if you die suddenly.
many creator have had unpublished manuscripts specifically taken care of in a way to preserve their brand legacy
I haven't used it (yet) though it's been on my radar for a while
My passwords and encryption are to enforce that policy digitally.
Read the other comments and learn how to set up 10-out-of-17 secret sharing across your relatives and friends, how to have at least 3 secret spots to stash encrypted passwords, and how to configure online services to alert those relatives and friends when you are dead.
Why would anyone access my Discord account, or my kawaii and punk music playlists on Deezer. This quality content goes with me into the grave.
OK content is unencrypted on my computer, anyway
I then read about how Feynman's notes were, somewhat recklessly, given to his estate and then auctioned off. I found the thought of that very violating, especially how certain people react to his own personal dilemmas and thoughts.
Now my will makes pretty clear what will be released, how it will be released, and to whom. It also includes penalties should those things not be followed and gives people the option to take them, with the consequences, or not at all.
All that to say, I would never hand over the keys to my own kingdom. It dies when I die, unless our society somehow transforms between now and then.
I've also left a thumb drive with a Bitwarden export and printed paper in a safe place for my family, describing how to access everything important.
I trust my family not to abuse that, but if I was less trusting I'd look at Samir's Secret Sharing to ensure family members had to collaborate to retrieve my sensitive info. Or leave the data with a lawyer.
I made sure to pass on my 2FA secrets too.
This is what my company solves - While our B2C offering is still limited to a waitlist, I am more than happy to recommend a provider in most countries to anyone who wants a vault.
Dylan @ https://bepreparedapp.com
Digital assets are significantly more complex than traditional assets, and the estate planning industry is still trying to figure out what do with them because the legal landscape has made this very difficult for consumers like me and you. Many of you mentioned 1Password, LastPass, Bitwarden or info in a sealed envelope. Pw managers are great for organizing your digital assets, but beware... they are not enough for this. If your spouse accesses your pw manager after you pass away, and logs into your email, your spouse may have violated 2 US federal laws, a state law and your email provider's TOS. Who cares if people access their deceased spouse's accounts? If you find yourself in this position, be cautious and call a lawyer before you do anything. Companies take your privacy very very seriously, and they have not hesitated to enforce their rights and do what they think is right.
Most states have adopted a form of RUFADAA (Revised Uniform Fiduciary Access to Digital Assets Act) that governs who can access digital assets, but each state might be a little different. Google, Facebook, Apple, and Github have released online tools to set up a legacy contact or inactive account manager -- I agree with @ubermonkey that if you use services provided by these companies, you absolutely should start by using their tools. However, you should also recognize that these tools are LIMITED and are NOT intended to grant full access. Does anyone know if any other companies have provided tools like this? For other digital assets, you should consult an estate planning lawyer in your state (many of the laws are state-specific) and make sure they have expertise planning and managing digital assets.
Disclaimer: there's a group of us working on solutions that operate within the legal requirements so that our heirs/executors aren't left worse off, and we're always interested in new ideas! Also, none of this is legal advice :)
Besides that, I have a tag called `after-he-dies` with some secure notes in it, including a note that tags every account at a bank or investment account where we have money, so that she won't risk losing 20k or something because she doesn't know where every money account is or whatever.
That tag also includes a note with instructions for how to make sure that the accounts that automated bills pull out of don't run out of money.
* Cheat sheet for if I'm gone – https://news.ycombinator.com/item?id=31748553
* What to Do Before You Die: A Tech Checklist – https://archive.is/dy81b
Not sure the security mechanics involved that allow for it, but it seemed like a very neat product for this very thing (and I've added requesting access to the death checklist I gave to my wife), since it means I'm not having to provide my password to anyone (or even get it out of my head and enclose it somewhere physical), but my wife can still get access to it in the event of my death (or my being incapacitated for a sufficiently long period of time that she needs it).
Still, there's probably more we could do, and a number of bases left uncovered. For example, we each have a number of monthly subscriptions that are auto-drafted but won't need to continue after death. We should identify those and have cancellation plans.
Plus we both have lots of crap, and possibly some important in various online/cloud storage services. Even with password access, it would be hard for survivors to know what to look at and why.
And then there are the accounts with two-factor auth. What if one of us goes with our phone? Oy!
Previous related discussion: https://news.ycombinator.com/item?id=31027766#31031202
In 1Password we have a note that lists all of our key info: bank account numbers, etc. I have a scheduled task that reminds me to review the note at least once a year.
When we went on vacation this summer I came up with a temporary mechanism to give our daughters our master passwords in case anything happened to us. The mechanism was set up so that they'd both have to participate to recover the secret. It was also set up to self-destruct in 30 days.
That was the temporary mechanism. The permanent mechanism will use secret sharing (https://en.wikipedia.org/wiki/Secret_sharing). There are many implementations available; I want to self-host one so that we aren't relying on anyone else. (There's no server component; a static site would be good enough.)
We plan to use an "any 2 of 4" setup; any 2 of 4 trusted people could, working together, recover our master passwords.
I'm a solo founder, so I've also set up some contingency plans for my company. However, I really need to work on a "family manual" that has all the details about our finances, bills, rental agreements, and other personal details. I handle a lot of things that I haven't really documented anywhere (just lots of files that are semi-organized in Dropbox and Google Drive.)
The most important thing is to have disability and life insurance. PSA from @patio11: https://threadreaderapp.com/thread/988094196274769920.html
This should be considered mandatory if you have any dependents.
[1] https://www.lastpass.com/features/emergency-access
[2] https://support.google.com/accounts/answer/3036546?hl=en
It's definitely given me peace of mind, as I wouldn't want them to be in a situation where my entire digital life was lost to them. They would also then be able to close all of my accounts and notify others of my passing.
I am toying with starting an online service/company where users would elect a backup group where M of N people in the group can unlock the secrets. Use case would be secrets, passwords, Trusts, Instructions.
This issue confronted me when we put our living trust docs in our safe bit didn’t have a good way for our executor to get into the safe.
Would any of you use this service? Secure s3/Dropbox with SSSS access. Secure online safety deposit box with multiparty encryption.
I use https://www.passwordstore.org/. It's hosted in a git repo. My significant other has access to the repo, a private key copy on encrypted USB drive (plus backup) and its password in owns password manager. It helps that we both know how to use these tools (otherwise, I'd try to keep my important passwords in sync with my significant others password manager).
Detailed instructions are stored in the unencrypted part of USB drive which holds the private key. Plus backup. We revisit it on yearly basis.
I partially rely on the well established procedures offered by banks etc., but don't believe they'll do it in a timely manner and without much friction. There are many cases where I'm the main account holder for the whole family (often enforced by the institution or good deals). Having access to my email & phone removes a lot of friction from the whole process.
Any password to a bank, or credit card, or whatever dies with me. It's for their own safety. Lest lawyers in some future time come collect a bill that my dead self forgot to pay for.
Everything important is either written into a will, or has a well establish next of kin process associated with it. All other things die with me.
You setup contacts in the app and the contacts confirm they want to be involved. They receive a special link (or some other access method, I can't remember) and when you die, your contacts can say "(person) died, give me access to their information."
A confirmation is sent to the person that setup the account, they have a pre-determined amount of time to block the request. If the request is ignored the data is released to either some or all contacts. It's pretty slick but I would be terrified to start a business like that, with something like this you can't just let the business go under if things aren't going well.
If something happens to you ? Our process guarantee the transfer of the content to your hairs nominate or not. Everything is totally confidential and a bailiff is involved in each restitution case. You can use it free, but fee will be ask to access the data. Or you can pay annually you get more features and if something happens to you, your hairs will not have to pay anything. We are European based company but we can work with clients all around the world. Just try it on https://Legapass.com
My fathers friend had a stroke. He was left alive but not able to use more than a few words. It was a huge problem trying to make arrangements for him. If we'd had even his phone password months could have been saved.
My wife knows my password already (this is sensible redundancy). But she doesn't know what I use or do, or who I might like her to tell etc.
So by all means leave your password, but also leave a digital "will".
But I think the more important thing than that would be to keep a file outlining what the things to look for are. You should also add in contact info for landlords, employers, attorneys, important contracts,... those sort of things. And to set up a testament.
I spent a lot of time with my mother in her final few years, heard lots of stories and details of her life (and even my own early life) that I hadn't known yet.
I hope I can give the same to my children if something happens.
Any other important password can be reset from those things and discovery of accounts can be done via email and credit card statements.
My odds of dying in the next year are remote enough that I don't feel the need to get the process perfectly laid out when it probably change in the >40+ years I expect to live.
- insurances
- bank accounts
- stocks
with names of institutions, emails etc.
This is especially tricky since I live abroad in a country whose language no one else from my family speaks; so I included some links to a list of dual-language lawyers who could potentially help handling the cases; plus contact points to a few close friends who could be of help too.
Neither of them know what their passwords go to, but they know about each other, so I figure with some coordination they’ll figure out how to unlock both.
My password manager has, obviously, all of my passwords but also has some letters to family and friends and some instructions on what I want done with my body.
We have a password manager together, and share each others master passwords, as well as a shared credentials.
I probably need to add some messages to post to various accounts, just to save her the trouble.
Basically, you create encrypted notes that are readable by the people you shared the link with only if you do not respond to an automatic email. Simple, yet efficient.
I am a paying customer of Bitwarden, so that's the easiest path for me, but I like complicated things.
My plan is to use Shamir's Secret Sharing. Specifically I was thinking of using Klaus Post's Reed-Solomon (golang) which is a port of Backblazes JavaReedSolomon. One could perform an All-or-nothing Transformation first depending on the security level needed.
The primary advantage of this compared to Emergency Access with Bitwarden is that it isn't reliant on a single person surviving me. I would give my wife the emergency access, but if we became incapacitated at the same time (almost happened in the flood), then other trusted people can come together to assemble the keys to unlock the data.
Additionally I can give different people different weights. Perhaps my wife and my mom have enough keys by themselves to unlock, or maybe just a couple or a few keys short. Whereas my trusted friends have enough keys that would require X amount of them to agree to unlock my vault, and people that have an incentive to kill me have the least amount of keys :)
I would likely just store my password to my Bitwarden account, my email account, and my note-taking application. That way I don't need to update it except when I need to change the password. Which is also how I could revoke someone from holding a key, change my password and re-run RS and redistribute keys. Realistically if you gain access to my Bitwarden then you have the keys to the other places, but not necessarily the ability to pass a 2 Factor Authentication, so I could include recovery codes for 2FA.
There is no reason I couldn't have multiple vaults for different things with different levels of keys needed to open, so for a non-profit I work with it only takes a few key people to come together to unlock but only gets them access to stuff relevant for that organization.
If someone loses a key, or it gets corrupted, it just takes more people to agree to use their key to gain access.
In addition to death, something could happen to cause me to forget my master password, but otherwise I'm still capable of doing things. So it is also a backup for myself.
Anything I am proud of has been shared in a shared iCloud Drive. Any important documents (life insurance), etc has been shared in an iCloud Drive. Any photos I want shared are already in shared albums. Financial accounts already have a beneficiary.
My comment there: https://news.ycombinator.com/item?id=33326468
I have a document called “in case of emergency” that lays out where everything is—important contact information, bank accounts, files, backups—and it includes a section for sensitive information such as the master password for my password manager. I keep a copy with the passwords filled in at a secure off-site location that my wife has access to.
So in case of my death or my partners death, we can recover each others passwords.
Pings you on Telegram every few days to see if you are alive. If you don’t respond, it will send out email to whoever you have it configured for.
I do not have anything similar for my bank accounts or personal subscriptions.
Important things like banks already have next-of-kin covered, insurance is sorted out etc.
For encryption to work in practice, certain things, like master passwords can NEVER leave your head. I'm not going to print out my private keys and master passwords and put them in a safe, because in the unlikely scenario a state actor would raid my safe, it's a free-for-all on everything.
The only thing I should probably sort out is give my wife access to Cloudflare DNS and Microsoft 365 Admin panel (we both have emails under the same custom domain, hosted at Outlook)
However I also have several other domains, and she'd have no business accessing or doing anything with those.
basically i created separate KeePass database and put all things i want to disclose there (like banks passwords, mobile unlock pattern etc.). what's nice about keepass is that you can store media files like images besides passwords.
this database is in Google Drive and shared with my relative. the password to the database is printed on paper and stored in the envelope - any my relative knows where to search for this envelope in case something happens.
SO has a paper sheet with all important ones and the algo which changes them (depending upon date).
Please use it, only if I don't post in a year.
(My passphrases will cause a nuclear war if read in open court, fuck around and find out, consent matters.)
