Also consider what happens if someone is incapacitated but not dead. Getting into email, bank, etc. is one thing, but what if you own property with someone who is suddenly and irreversibly brain damaged? I strongly recommend filing a lasting power of attorney in advance if your risk of this is non-negligible. My mother is living a nightmare due to it right now as she assumed being someone's spouse would let you take responsibility for an incapacitated spouse.. wrong!
My father had a stroke so debilitating that he lost language entirely, lives in a brain care unit 24/7, and has zero chance of regaining even the most basic idea of a life. But by not being biologically "dead" he retains a lot of legal protections that don't really suit his situation and my mother is unable to sell her home without the permission of the Court of Protection. We filed for said permission 14 months ago.. and, you can guess the rest. With a lasting power of attorney, she'd have been able to organise her life properly within weeks.
This is something you should bring up with your bank. In Finland if you have a joint account with your spouse there is a difference if the account is listed as "X and Y" vs "X or Y".
In the first case the account is inaccessible for a fair bit of time if either X or Y dies. In the latter case both can always access it.
My partner's aunt got hit by this when her husband was 100% incapacitated and hospitalized. She couldn't even pay her rent or buy groceries, because she couldn't prove her husband agreed with the spending.
We switched our account to the "or" style really fast after that.
Basically an account can have either one owner and one person with a permission to access it OR it can be co-owned.
If you just have the access permission and the main owner is incapacitated or dead, your access is not valid anymore and it's a huge hassle to get access to the funds.
You want the co-owned style where both have equal rights to the funds on the account. The easiest way to check it is just to contact your bank and make sure it's set up that way the exact terminology seems to vary a bit between banks.
One of the terms I've seen in the US is "Joint Tenants With Right of Survivorship (JTWROS)" but check the details.
It's much rarer now because checks are basically gone, but you used to be able to get accounts that would require both signatures on the check, not just one.
Fundamentally, the OP isn't faced with a tech problem. People need to start with greater awareness of power of attorney, wills, and probate.
In a probate situation, your loved ones don't have to know all your passwords and so on. They do need to know where your assets are so they can contact the right organisations to claim them. And you can make that process easier for them by avoiding having small accounts all over the place.
I agree that this isn't a tech problem. The only part that the tech is for is for having feedback on the document. It is meant to be printed out and not stored online. There is a spot on the document for a power of attorney in fact.
I can only speak for people in the United States of America but another option is a living trust. This avoids giving power of attorney until a medical professional has declared one unable to consent. The document can have well thought out instructions created far in advance detailing who has what powers and what properties/items may be transferred in advance of and/or upon ones mortality. This avoids some family drama when people make sub-optimal decisions. A living trust can mitigate some of the drama and legal battles. Assigning trust managers can also mean there are people looking out for you and/or family members when you are incapacitated, limiting how much money is paid to whom at what intervals typically limited to a number of years after your passing. A lawyer can walk one through the most common issues specific to them and ensure it is in the legal documents. This is also a good way to protect properties and bank accounts but that is a whole topic in and of itself.
Not just incapacitated, but also unable to reasonably communicate. I was suddenly and unexpectedly thrown into jail. How do you communicate all of this information to people on the outside? Especially as your communications are monitored at all times, so reading out logins over the phone can be very detrimental.
I lost all but one of the hundreds of domains I owned, 10 years of email, and of the thousands of online accounts I had when I was locked up, only about 3 were accessible after I got out due to changes in security policies or email addresses (I'm looking at you Gmail) that I could no longer log into despite having the username and password.
This problem is only going to get worse as more sites, sensibly, require MFA. As long as you are compos mentis and have physical access to your devices everything is grand, but once that breaks down, you (or your loved ones) might be screwed.
It's likely that there's no real way to solve this without a trusted associate, but it has to be an associate you'd literally trust with everything in your life.
Then you can give them access to 1Password or similar in some way.
I won't go into details but I'm dealing with a somewhat similar situation. If you love your family and want them to make decisions for you when you're incapacitated instead of strangers who will likely be trying to take advantage of the situation, GET AN ESTATE ATTORNEY. One at a large and respected firm with a solid track record. You will be making a minuscule investment compared to the cost of things going sideways. So much trouble for you and your family will be saved during an already difficult time.
Not sure if anyone on HN knows: do wills work for medical emergencies too? Because I would assume you could setup an emergency power of attorney for such a scenario. It is ridiculous that you cannot sell your home if your spouse is incapable of consenting.
I can only speak for the UK, but here, there are two types of power of attorney: the health one designates someone to make decisions about medical treatment if the subject is unable to; the finance one allows the attorney to manage the assets of the subject when needed.
The key point is that the whole process should be far easier if these things are setup in advance, while the person is still able to make their wishes clear, i.e. while they can still say who they trust to make decisions for them.
I imagine it varies by jurisdiction. Here in the UK you can create something called a "living will" but it's mostly about how you want to be treated in terms of your health (think DNR type stuff) and living arrangements and isn't legally enforceable on its own like a regular will – certainly not for something like selling jointly owned property: https://www.ageuk.org.uk/information-advice/money-legal/lega...
I imagine if we ever get around to accepting euthanasia as a society the idea around a living will need to become formalised. For decades my dad was very clear he would prefer to be dead than exist in the state he is now but sadly the law insists he, or whatever is left of him, must suffer.
Not a lawyer, but in the US there are typically separate power of attorney documents for financial vs medical decisions. If you search for your state and medical or financial power of attorney you should find standard forms for them and see what they cover.
My mother, who is now in memory care due to Alzheimer's, knew long ago what was in store for her (her mother and one of her sisters also had it) and planned accordingly long ago. She has a simple but comprehensive will...and most importantly at the moment, two powers of attorney that give the designee (me, in this case) control over both her medical/daily living decisions and her financial decisions. The weeks surrounding the day the doctor activated her power of attorney were hectic, but far easier than they would have been without her prior planning.
She'd also made my sister and I co-owners on her bank account, so we had no difficulty accessing money for her care in the short term.
Check out Get Your Shit Together [0]. It was started by a woman who lost her husband in an accident, suddenly becoming a widow and single mom to two young children.
She has abridged [1] and long checklists [2] that everyone should complete. Most of us probably don't even think about these things:
Key word: ESTATE attorney. Preferably belonging to a large and well respected firm. Don't get just any attorney willing to do it, they won't be equipped for it and shit will go wrong, and things going wrong in the legal world is potentially catastrophic. For you, your family and anyone within a 1000 feet of you.
This is a bit extreme. An estate-planning attorney at any sized firm can do a good job, and using an attorney is good. But wills, trusts, etc. are well-established areas of law, to the extent that in the U.S. at least, anyone can scratch out a perfectly legal will on a piece of notebook paper.
They don't do it for you. They run the paperwork when you do it. You have to make all the important decisions.
You can use Nolo or Rocket for most of it (and you should, at least bforna first draft, because the expensive attorney is doing the same thing, like H&R Block or an accountant for taxes). Try to save their time for complex stuff; they will be happy to charge $hundreds/hr for data entry eqivalent of running TurboTax.
Indeed. It's not cheap, but it's mostly a one-time cost* and the big binder we have that covers all sorts of scenarios and contingencies offers us considerable peace of mind. If you have enough assets that anyone would bother fighting over them**, it's worth doing.
* Not including divorces or if you change how you want to do things.
** If you haven't been involved in settling an estate, that bar is probably far lower than you'd expect.
I'm banking on the emergency access feature [1] of Bitwarden (available in self-hosted version too [2]).
The "how it works" section has more information [3] but it essentially boils down to trusted individuals requesting access - which can be manually approved by account holder or they are automatically granted access after a pre-defined wait time.
Bitwarden (paid version) also claims this - "If your premium features are cancelled or lapses due to failed payment method, your trusted emergency contacts will still be able to request and obtain access to your Vault. You will, however, not be able to add new or edit existing trusted emergency contacts."
I used KeePass with google drive sync before, so cant speak to LastPass.
What got me interested is that Bitwarden is open-source and empowers you to self-host, which for me goes a long way for establishing trust. It has a modern interface through desktop, browser extensions and CLI. You can choose to cloud-host your vault on bitwarden servers, for convenience, with a very generous free tier. Which is what i've been doing for years now, no complaints really.
I can't speak for everyone, but I made the switch after there was some drama with LastPass not reporting security problems in a timely manner a while back (https://news.ycombinator.com/item?id=29737973)
I had used LastPass for a few years, and begrudgingly started paying when they went the "desktop or mobile only" option for free accounts - I need both for complicated reasons. The switch made me pretty bitter with them over the whole thing. It was like I was tricked into trusting them to deliver one thing, then they started to charge me for the "privilege", with no tangible improvement to the service they were providing.
Personally, I've had nothing but great things to say about Bitwarden since moving over. The import from one to the other was pretty painless.
I still have to interact with LastPass for certain job-related things, and the difference is really very noticeable. Much easier to generate usernames and passwords in the web extensions on BW. Things are laid out a bit more logically, in my opinion. It also feels like BW signs in/loads significantly faster in the browser extension (I might just be imagining things). It just feels less cumbersome than LP is.
The only negative I can think of is that LP is a bit prettier to look at.
This means that the time delay could be theoretically bypassed by someone other than you (as time delay access is not a cryptographic construction), which means that someone else has access today (likely Bitwarden the company), which means the end-to-end encryption has been circumvented to enable this feature, which means they could be issued a search warrant to yield all of your passwords to law enforcement immediately, prior to your being convicted of a crime.
Self host with Vaultwarden and do not use this feature.
I would assume that only the "trusted individual(s)" - a spouse or whatever - has the "private key" of the vault, so only that person can access it (not Bitwarden, and nothing can be circumvented.)
Can't it be handled e.g by the spouse having "half" the key, bitwarden the other "half", which they only gives out after the timeout. Ok, bitwarden and your "trusted one" can collude to open it before, but they must both be in on it.
The link to the feature provided here explains how it works. Your Bitwarden client has a master key that opens your vault. This is your own private key. Bitwarden the server doesn't have a copy of it. If you choose to designate a trusted successor in the case of your incapacitation, you send a request to that person. If they accept the request, Bitwarden the client will generate a public/private key pair for them. They keep the private key in their client. Bitwarden the server gets a copy of their public key and sends it to you. Now your Bitwarden client encrypts your private key with their public key and Bitwarden the server gets a copy of that. In the event of your incapacitation, they send a request to get a copy of that encrypted key. After the timeout period, Bitwarden the server will send your encrypted master key to them. Then their copy of Bitwarden the client, which has their private key, can decrypt it, and now they have a copy of your private key as well.
At no point does Bitwarden the server have a copy of anyone's private key. And no splitting of keys is necessary. This is just the normal way asymmetric encryption works.
This, of course, all breaks down if you don't trust Bitwarden the company, since they provide you the client. As far as I understand, US law enforcement doesn't have the legal ability to force a company to modify their own software to make it malicious (as opposed to doing something much simpler like forcing them to turn on IP logging on a VPN server). But if your threat model includes the possibility of US covert intelligence services MITM-ing Bitwarden the company and sending you their own malicious client, then yeah, keep your secrets in a physical vault guarded by people willing to die in a shootout with the FBI before betraying you. Make sure they'll answer to your successor if you die.
Ok then, so one search warrant to Bitwarden to get the encrypted key and your encrypted passwords, and another to the authorized party to get their private key.
It still comprises a break in the end-to-end crypto, and can still bypass the time delay and decrypt your passwords today without your involvement.
If you have a house, which has windows, your locks do not provide security against someone smashing open the window. Key cutting schemes are a bit like this - no key offers security, only one of several access routes.
Having multiple access routes may be desirable and simultaneously a concern - a fireman smashing through your window to save your life is desirable, a burglar slitting your throat after smashing through your window is not.
Encryption is more like a lockbox or a safe room - having a burglar compromise your safe room is undesirable, and going into one during a fire is also undesirable. But you do want to use one in the event of a burglary.
A key cutting scheme may be useful in the case of mutli tenancy, but it is not a reasonable dead man switch - if your data needs to be re-encrypted either the keys themselves must be related (calling into question the security of the keys), or the encrypting party must multi encrypt the data, meaning whomever does the encrypting has full access to all the key data.
If e.g. you are yourself encrypting the data, you must multi encrypt - it would be faster just to share the key yourself, as you already have all the keys. If the third party is encrypting, this means they have side channeled your data such that they can decrypt at any point.
Again, even in the case there are e.g. two mathematically related keys, you cannot then enforce a timeout without first referencing and thus controlling the original key. You MUST distribute your keys yourself to your 3rd parties, or your data cannot be secure.
You could instead construct a key by appending two securely-long passphrases together (which will then go through a KDF in any good encryption software). Give each passphrase half to one person. Recombining them is as simple as typing both of them into the passphrase input in the decryption software.
You can cut a key in half without literally cutting it in half. Like: generate random 256bit number, xor with the key, and hand the random number to one party, and the xor'd value to the other party.
This is the paradox. You want trusted parties to have access, only when you are unable to access it yourself, in cases such as your death, or Alzheimer.
But you _don't_ want trusted parties to be able to access this in case you are incapable due to being arrested, or choosing to simply elope.
But the wait time process only bypasses the manual approval step, not the private key step right? So you would still need a private key to initiate the time delay
Where? And how to stop your spouse from spying on you? I suppose notification of "Login from new device" would be a tell. But that would also be a shitty situation if you end up in a fight.
The Bitwarden access request seems cool since it has a "quarantine period" where the owner gets notified of the access request and can deny it, if still alive (against a malicious spouse request).
If you're sure you never face the "malicious spouse" scenario, then sure, but how many marriages end up in divorce again?
Perhaps, but I still wouldn't want anyone prying into my private stuff (while I'm alive).
Also, tracking back, what I'd need to store somewhere (hence I asked "Where?" originally) is:
- password to password manager
- password to encrypted laptop
- password to email account (not stored in password manager)
- frequently used PIN codes (mobile screen lock and various apps)
I could store the PIN codes in the password manager to make things a bit easier, but I'd still be storing the two passwords somewhere that can unlock my online identity, plus the laptop password that unlocks some really private stuff. None of these would be acceptable to me to get into the hands of a nefarious spouse, whether or not I could sue for it later.
As to "Where?"... an alternative to the Bitwarden feature could be to store these passwords using some sort of 3/5 multi-sig encryption with friends and family members where they'd have to collude in order to get a hold of my stuff. But I wouldn't want to give them access either, my spouse only. But then again, what if we both die in a plane crash?
Perhaps there's no optimal solution. Maybe the good ol' lawyer would work. Give a lawyer the passwords, along with contacts to hand over the information in an order of precedence, like spouse->brother->mother->friend. If something happens, give first person alive in the list the information in X weeks.
To add another layer: It could also youself who might need such an 'cheat sheet': My dad suffers from an previously undiagnosed heart problem which escalated pretty badly last year, with a multi month long stay in hospital, coma etc.. He is now back and well, but time in a coma can do bad fuckery to your brain, in part to ones memory... He simply lost some significant parts and now he is pretty good occupied untangling the 'insane security fuckup' (his words) he had constructed around his passwords, bank accounts and investment schemes...
So... keep it simple and be NOT the 'Family patriarch silver back' who is the only one who has full knowledge ;-)
A similar situation can arise under duress. On the contrary to what people claim online, in dangerous places you want to cooperate with criminals, not get in between them and your stuff.
Under that type of stress it's very easy to forget passwords which might make criminals believe you're not cooperating. Having some things writen down (probably not all?) has come in handy for me personally.
yeah, long story short, I was unfortunately kidnapped in Caracas 13 years ago. Thankfully everything turned out "fine", a ransom was paid and I was released.
But, in the middle of the ordeal and panic I had to give them access to my car which had a security code to be able to turn the engine on. My family had prepared for this (the reality of the city at the time) so we had the code writen down somewhere in the car. I just gave them the piece of paper to avoid errors or hesitation as I was quite nervous, I didn't want ANY mistakes :/
Wow I had not thought about losing my own memory. This is my first step in untangling that mess that I have made whole also reducing dependencies on myself.
Somethings like the above. I've added more info such as 2FA etc in a separate sheet and saved all QR Codes for all the 2FA in my Authenticator apps, and printed them and kept two copies of it in two different locations known to family members. Updates are added as additional sheets to the binder as new codes are added and as a practice, one full dump around a 6 months to 8 months is also added.
A friend of a relative had their house burglarized over a weekend. The burglars took their time and took apart everything, cutting all pictures out of their frames, etc. If a written password existed, they would have found it.
The "give it to an attorney" plan would also worry me, unless I knew exactly who/what/when/where/why/how access was controlled and GUARANTEED (after all, an attorney's system could break down as easily as any other).
> The burglars took their time and took apart everything, cutting all pictures out of their frames, etc. If a written password existed, they would have found it.
That seems astonishingly thorough, as if it must have been targeted? The burglaries I've heard of locally just grab the most reachable items, especially car keys.
> GUARANTEED
The thing with giving it to an attorney is you would have an contract, and I would expect them to explain very clearly what liability they would have in the event of this kind of mistake. I would also expect them to be good at keeping paper secrets in boxes, that's a very traditional practice.
You could probably use Shamir Secret Sharing so you'd need to have k out of n parts to recover the information. Downside is that this complicates what is supposed to be simple.
edit: I see other commenters shared this idea too.
Also true. Slightly weird instruction though :D "Here are 5 keys for 5 people, if something happens to me you'll need any 3 of those keys, then the neighbor kid will be able to help you get the password".
Just give the attorney a sealed printed list of 10,000 numbered passwords. Someone with the passwords won't know what they are for. Even if they can guess that one of them is for your email account and they know your email account, they'll have to try thousands of passwords before they find the right one.
In your house, and maybe with trusted friends, keep the instructions sheet with logins and a reference to the relevant password number. "To access my email account, username is foo@gmail.com and use password #5122 from the password list".
You could also use a simple one-time-pad here to split the password. Generate two alphabetic passwords, one for your attorney and one for a trusted friend. Actual password is these mixed with alphabetic rotation character-by-character (anyone ought to be able to figure out how to do this given a short guide).
Simple, and provably useless to an adversary unless they have both passwords (aside from knowing password length/format with one).
My parents had a break-in as well but they collect all kinds of paper notes and irrelevant stuff, magazines etc. Their documents are organized according to some eldritch principle - it's all there but you'll need some time to find it. The burglars gave up and only took a camera.
Ideally this should be stored at a safety deposit box in that case. There are certainly risks with having this information all in one place like you said.
Unfortunately safe deposit boxes aren't available everywhere - newly built banks often don't have them, and some banks that have them no longer accept new customers. --They're expensive to build and maintain, and they're seen as being in a somewhat grey area with regards to KYC laws.
Having a safe at home is an option, but it needs to be mounted properly to prevent a burglar from being able to simply carry it out and try and access later.
At the end of the day, your best bet is to keep instructions on accessing your data (minus the actual code that is needed) somewhere it can easily be found by your family, and make sure that one or more family members have copies of the code but don't know the full details of where to use it without those instructions.
Cutting paintings from frames allow them to be rolled up and be easily transported (much less obtrusive or easy to spot compared to a picture in a frame). They can then be fenced like other merchandise.
I am lucky to have offspring and friends who know how to drive a keystore so my version of this starts with: "ask one of <x> to unlock the device, or if need be use the backup keystore in technology <z> and here is the passphrase"
And then the rest is the set of URLs which point to the various things, having a key/URL in the keystore, which own the DNS, the VM, the mailboxes, the bank accounts, you-name-it
the keystore also has QR codes to restore the 2FA. It has the unlock for the devices which are live on the 2FA codes, but can recover most of them. The exception is a single bank token which seems to use the secure region on my phone to bootstrap its one-time state, and so you have to re-initialize through the bank.
Since the only account of merit is a joint account, either I'm survived by the person who has access anyway, or we're both gone and legally the account is frozen.
What it also says is "FOR GOODNESS SAKE DO NOT TELL <FAANG> I AM GONE" because they will lock things up: Better to gain access, learn what you need torrid or not, and then let them do it.
My dad unexpectedly passed away recently, and there were a lot of problems because we didn't even know his phone unlock PIN (to be fair, he did told us several time, just that none of us bothered to remember). But one of the main problems is that tons of research fund is tied up in my dad account, so it's basically frozen until we can execute his will.
My mom manage my dad tax return so at least we think we know where all his money and debts are.
This event prompted most of my dad co-worker to create something like this cheat-sheet.
I would be surprised if you were legally allowed to go and modify assets before the will is executed.
I know when my partner died that I was not supposed to log in to her accounts and just transfer shit around; banks instead have very well defined processes for working out who is the legally correct person to do that and then empowering them to do so.
Remember, banks and other big companies deal with this all the time. They necessarily must have robust processes for doing it with the existing societal/legal systems of establishing who is the ‘right person’.
This is one of the reasons it's good (where possible) to have co-ownership of things like checking accounts. Though my mother is primary owner of her bank account, my sister and I can write checks, move money around as needed without waiting for any permission. My wife had the same arrangement with her father before he died, and it was a life-saver (so to speak).
As far as assets in the estate, the job of the executor is to preserve, as far as possible, the value of the assets at the time of death until they can be disbursed. That means, for example, don't take any intentional action to increase the value of the assets after the date of death, such as moving checking accounts higher yielding to certificates of deposit, etc.
It's perfectly legal to do that in my country as long as no benefactors is unhappy. In fact, we are encouraged (by the bank) to do that as the execution of will is painfully slow (at least 6 months).
I thought this was going to be interesting but it’s a markdown file of information your partner should already have.
The lesson from this markdown file is that if your partner can’t figure this stuff out on their own you need to sort it out yesterday. I doubt that the information being open source or being in markdown format is going to help out your partner whatsoever.
There's an increasing number of single people and lone-livers.
> if your partner can’t figure this stuff out on their own you need to sort it out yesterday.
I don't know how common it is, but I know there are some couples who just don't think of this kind of stuff, at all, until it's too late.
Mostly I've heard of it through a sudden death - the other person now has to figure out what and how all the things are paid for and handled.
I know of another where one partner got ownership of a small business after a divorce, but had no idea how to handle personal or business taxes/paperwork/etc. Had never done much more than sign their name under tax records, or whatever - and suddenly had to figure out all of that on their own.
That's a little unfair. When you lose someone, a very many things have to happen almost immediately. It can be quite overwhelming. Especially given the stress and trauma of just losing a loved one. Having everything "you should already have" in one place makes a lot of sense. And there's nothing to say that this has to remain only in MD format. A printed copy in the safe would be helpful.
Of course, using your logic, getting is sorted "yesterday" could mean sitting down and having your loved one understand how to access all this data using MD. Even better would be to have them build the data up with you.
This is valuable in the sense that it accomplishes like 80% of what you need to think about when establishing a doc like this, and the open source nature of it is novel because you can crowd-source updates more effectively than via a comment section.
Keeping your money in the bank means the executor of your will can usually get it through a straightforward process.
Keeping your money in crypto means that, by default, it dies with you, unless you take special effort to ensure otherwise, and are willing to trust a solution you can't possibly debug because you'll be dead.
Depending on how much you trust your government, bank, and judicial system, inability for them to access your money after your death is a feature, not a bug, because it means they also can't easily block or steal it during your life.
It's also illegal to transact (but seemingly not to hold?) cryptocurrency in China, which makes it risky to use. You'd have to trust your counterparty not to leak your location to the authorities. https://www.weforum.org/agenda/2022/01/what-s-behind-china-s...
(A conspiracy theory I have no evidence for but might believe is that the US has been very tolerant of cryptocurrency and stablecoins for the same reason as China bans them: enabling capital flight from China to the US.)
I certainly don't keep my money in crypto. But I do have a certain amount of my investment portfolio in it. I treat it as a physical asset that has to be stored properly. Giving instructions for how to access the seed and how to use it seems to be sufficient but I don't have a large enough amount to probably matter all that much. Also, I have worked at banks and it is a pain to get access to bank accounts. Providing a death certificate can take a long time and I have a large amount of logins.
Essentially you grant another BitWarden user as an emergency access user. They can request access, and you have 7 days to decline access. After 7 days it grants them access to your vault.
The big problem with this that I don't have a good answer to... we've been told to use a password manager and have it secured with a long passphrase... and now we write down the username/passphrase on a piece of paper or somewhere else easily accessible - how to adequately secure that?
Maybe encrypt the passphrase under an m of n scheme and distribute to family & friends that you can trust to not collaborate unless you are truly incapacitated?
I've been (lightly) thinking about this with regard to digital identity.
One of the few use cases that I find very compelling with regard to blockchain/web3 tech is as a means of ID/auth much in the same way that many sites now offer options to log in with FB/Google/etc.
One big obstacle (I imagine, I haven't really looked into this that far) is that of the password reset. Some non-trivial amount of people will forget the passwords to their identity tool, and in this scenario there's no central power with the capability to reset it for them.
The simplest option is to designate trusted friends who you could delegate authority to in order to perform some multi-sig reset, but then there's the issue of a FriendCoup. If you strike it big and turn on or ignore your friends, there's nothing stopping them from getting together and performing a takeover. Even if there are individual objectors, because it's blockchain, everything's public, and these are identity wallet contraptions, everyone knows who the hold out is and can lean on them or find some way to get their password, etc.
Even outside of a FriendCoup scenario, a FedCoup scenario where the government just leans on your buddies to grant them control is pretty plausible.
So I guess the question is, what sort of strategy for this is FriendCoup/FedCoup resistant but still grants the necessary amount of delegated power?
Not entirely relevant to the above, as doing this pen and paper for a password manager is a little harder for outsiders to game given that the holders aren't public, but still a question I've been batting around. Curious about anyone's thoughts/ideas or any existing work in this space.
Edit: After thinking about this for an extra minute, if it's not time sensitive a deadman switch could probably do it. If your friends perform the multi-sig and you haven't logged in in X days, then and only then will the reset occur, so you can void an attempt. That said, falls down on the FedCoup scenario since you'd presumably have restricted access to the internet.
I think that blockchain is not the solution here. The fundamental problem is trust: do you or do you not trust n other parties with the information required to take over your digital life, no amount of fancy crypto engineering will get around that.
No amount if crypto will stand up to a Russian mobster with a crowbar and some creativity, like the xkcd https://xkcd.com/538/.
What you need is to develop a threat model and then select an appropriate solution that matches your threat model. If the threat is the KGB might torture me and my buddies, then kill switches are appropriate. Otherwise it’s no solution.
Perfect security doesn’t exist, it’s all about tradeoffs.
I think blockchain keys could work for identity, but you need another layer for authentication. Perhaps a smart contract could be used to generate and authenticate one time access codes?
That has failure modes, though, especially death on one of the N (might seem unlikely but I just had to help a friend unfuck a family member's finances after he died in a car accident next to the one trusted associate who had all his logins saved in an account locked behind 2FA secured by his iPhone which he didn't leave the unlock code to with anyone). I know there are other schemes where you only need M of N to turn the key, but really...
Leave. Your. Passwords. With. An. Attorney. And also your phone unlock code. A reputable attorney (preferably attached to a big firm) won't lose your stuff, and if they die or go out of practice they will have procedures in place to make sure you are set. This is not a situation where you want some clever DIY scheme that might fail and leave your loved ones scrambling to sort your finances when they are already devastated and mourning.
Better use three attorneys on at least two continents, one of them in the other hemisphere. Otherwise a single medium-size asteroid could easily wipe out all your backups and what then.
Actually LastPass has a solution to this they call Emergency Access. You set up loved ones, heirs, colleagues etc with their own LastPass account, and at any time they can challenge your account. After a given (variable) waiting period, if you do not cancel their challenge, the credentials in your account revert to their account. The credentials are inherited. In the case of your own cheat sheet (I have something similar), you can save the actual cheat sheet as an attachment to a Note saved in LastPass. Every now and then we test it, and it works great.
Leave it in escrow with a lawyer, along with a copy of your will.
If you are super cautious, leave an encrypted copy (or half the passwords etc) with one lawyer/escrow, and have a separate lawyer/escrow hold the decryption key/other half of the passwords etc. Along with easy instructions on how to decrypt!
End of the day, if I die at an old age, my heirs will also be old and possibly not into computers/tech. I prefer a simple approach that requires minimum skill/effort on their part aside from presenting the relevant death certificate/paperwork to the lawyer.
We don't have to outlive you! If the service shuts down while you're alive, we'll send you an email well in advance so you can switch services. That said, the service has been running successfully since 2007.
In the spirit of the OP, and finding an enduring solution... something like the deadmans switch should be implemented in a de facto utility like browser password recovery but extended with a weighted audience tied to the time elapsed. Why not have that same function that keeps up with your authentications notify X audience in Y time - 30 minutes even or 30 years with an emphasis on how perpetual. Reasonably I say we all got a good hundred years to plan for.
What about keeping the passphrase in a safe deposit box in a bank? In the best case, you have a trusted person with whom you can share access to the box. Otherwise your executor or a court could gain access, but at least the info wouldn't disappear.
I wonder about the legal position of recipients of these cheatsheet. In particular, how much trouble can they get into for using the passwords?
Say probate is taking a long time, so someone logs into the bank account and withdraws money for everyday essentials. That’s probably one reason the deceased person left the cheatsheet. But what happens when a bank notices money being withdrawn from the bank account of a dead person? Presumably it gets flagged as fraud. And if the estate is still going through probate, the person withdrawing money might not have a legal right to do that.
This, a million times. Tech nerds love cooking up elaborate technical solutions to this problem (I’ve seen it here in several threads over the years) but completely ignore the legal requirements and expectations around establishing next of kin and executing probate.
My recommendation always remains the same: don’t over complicate it and work with the existing societal processes. Society deals with people dying all the time. All major companies, industries, etc. have means for dealing this which have established legal precedent and won’t get anyone in the shit by following them. Let those processes unfold and instead focus on providing your loved ones with the means of having what they need to do so.
Yes, even if the recipient thinks they will eventually have the legal right of access, until they do it's not legal to try and move funds.
For a couple, this is one reason to think carefully about which assets are in joint names and which are separate. Ideally, they should have enough money in joint, liquid accounts to cover however long it may take to be granted probate.
I’ve got one of these in 1Password that is shared with my wife. It’s a great idea.
When my mom passed away 18 years ago, we looked high and low for every paper and file to help my dad start to become competent with the household finances. It was a big challenge at an already challenging time.
One weird problem I learned of is that you shouldn't store your will in your safety deposit box, because it will be tied up in legal wrangling when it is needed the most.
I live an internationally nomadic lifestyle. Most of the info in this doc doesn't apply to my life. I also have no dependents, so if I die, it's up to the corporations to deal with the loose ends I leave. I don't really have a reason to leave them a cheat sheet.
However, recently I've heard some horror stories from friends about losing access to their phones or being detained in immigration or other places with little access to the outside world. So I've created a document with important information in the case of emergencies that I've shared with trusted contacts. It includes how to access copies of my identity documents, contacts of key people in my life, my last known address, upcoming travel plans, contact information for my clients. I'm considering automating some parts of it, but for now it's basically just a text document in a cloud drive.
I think this was more to inspire a rough contents and format, rather than actually proposing GitHub is a good place to store this stuff - print it out and stick it in a safe.
The important thing is that it be easily accessible...printed for example. No, you don't want all your passwords on a piece of paper. But pointers to where the passwords are, how someone can get emergency access to them, as well as locations of other accounts, documents, etc. is what's important.
I think the best place for most of that information is a keepass file stored in an E2E-encrypted cloud (the non-sensitive stuff should be known to more than one person in the household anyway - but if you're single it can be a good idea to leave a printed sheet with contacts for all the electricity,... suppliers somewhere in your flat). The main question is how do you keep the master password both safe and accessible in emergencies?
I see some people here suggested Samir Secret sharing which sounds like a great idea. But how do you make that practical for non-technical relatives?
For me the problem with password managers, etc. is that it assumes that there will be a somehow tech savvy partner or relative left behind with all the knowledge of how to open it.
I prefer a method that can work in case me and my partner pass at the same time (e.g. accident). A paper will work for my partner, parents, siblings or an attorney in case of emergency.
do you actually need to share bank passwords, or is just the account # enough? then wifey can contact them and tell them im dead. i think i put her as beneficiary on everything
I feel for this kind of stuff, you want to have a local, air gapped computer, maybe a Raspberry that has an encrypted drive. A little computer that is just going to work X years down the line.
Edit: Or alternatively, keep a printed document and copies of all of that in a bank vault. Document lockers cost less than 100EUR per year.
The problem with bank safes is that the moment you die, it's going to be frozen and will only be opened when you have probate. That's why it's not recommended to keep your will in a bank safe.
This is great. My father had a file we all knew about called "When I Die" (yes he had morbid sense of humour) with instructions about things like belongings assets, funeral etc. Writing this out for us took so much weight off our shoulders knowing that we were able to deal in an organised fashion with things according to his wishes.
Another commenter talked about lasting PoA and they are good to have too in case of incapacitation. But it should also be accompanied with guidelines so people know how to give care for both the indisposed and those most immediately affected.
All of this boils down to this being a document that shows your survivors how much you love them by dealing with this while you can.
I have planned something like this when I was mentally down years ago. Basically a dead man switch, where it would send an email to my family if I did not extend it every 3 months. Yeah, I might forget, but I am a neat and good with memory and it didn't happen trigger.
I turned it off after about a year, after I got better and finally see it as meaningless.
Even now, I always think: After all, nothing would matter if I am gone. Why bother with all of that?
For the sake of people you care about. Speaking from recent experience. Loved ones have an easier time grieving if they don't have to tackle banks/government/vendor issues as well. I feel it incumbent on me to maintain my affairs in such a manner that they are less of an issue for people I love, should I unexpectedly kick the bucket.
I am glad that you are doing better. The purpose for this is to reduce stress on my loved ones. Including in something that I might recover from like a coma or potential degradation of cognitive skills.
I have a document covering all the basics of our tech stuff in the house in case I’ve died or are otherwise incapacitated. Everything from what our router is and how to use it to where our bitcoin is.
I put it together after my wife wrote a brief “if I’m dead here is what’s important to me” and I was reminded of a friend who passed several years ago and left his family in an awkward tech state because of his nerdy idiosyncrasies.
On a more serious note though, on a social level, I think «if I'm gone» is much better phrasing than «when I'm gone» if the intention is to be prepared for unforeseen tragic events. Unless one is facing a terminal illness or is past a certain age, using when is too melodramatic, especially when the target audience are close loved ones. It doesn't only imply the inevitability of being gone some day, but also implies the certainty that ones current loved ones will have to face it and must know what to do.
I imagine that the author hopes to live to a ripe old age and probably outlive his "somewhat complex" home setup. In that regard, the if makes more sense, as it is nowhere near certain that anyone will have to deal with his home setup when he is gone.
Thanks. I actually tried to put a lot of thought into the naming of this. For me, "When I'm gone" sounded too much like I was contemplating suicide. Also, I do hope that we will eventually outgrow the mess of passwords and usernames that the web is built on now.
Good idea. Also needed as part of a disaster recovery or continuity plan. Eg every business should have one.
For those who use a domain with a catchall on it for various purposes... do you have a plan for dealing with what happens if you die and all those many many aliases inadvertantly get handed to some new domain owner?
Dashlane actually has a deadman's switch feature. You can give it a list of accounts who can request access and if/when they request access you have 24 hours to decline them. After that they get access.
Too bad they got rid of their native apps....what a pain. I wish 1password had a feature like that.
If you're not married or a domestic partner you might want to talk to a lawyer. You don't know what your partner or friend might not be allowed access to depending on your local laws or the business's requirements. But power of attorney will remain with.... your attorney.
I think it is super important that you give this information to lawyer who makes your will and no one else. Especially not your spouse. Why? Statistically, 30% of spouses cheat and get deeply enamored in affairs where anything can happen. It's one of the most fascinating facets of human relationship. Most people think it will never happen to them but it is extraordinarily random with no rhyme or reason. There are people who donated their kidney to their spouse and even that didn't prevent affairs. So, when it comes to spouses, you are always tossing a biased coin, every day. In Western world, the chanced that you will be eventually end up divorced is 50%. The smartest and most desirable people, everyone from von Neumann to Brad Pitt, have ended up in affairs and divorces.
The cheating and divorce rate probability density function is much more dense for men in the dimensions of physical appearance and economic stability when they are both average or low.
What else do you propose when trying to solve for this scenario? If all your passwords are within your password manager and you're suddenly incapacitated or dead, at some point a family members will need access. You can push people to use password managers themselves but sometimes that's just not going to happen, in particular if you're in a position where your next of kin might be older or just generally less technical and willing to adopt that kind of thing day to day.
I'm not saying it's perfect, but you're dealing with people and sometimes you need to make things simple rather than perfect to get the job done.
This is excellent. The issue with these (always), and the author mentions it, is that they can go out of date.
There's no ultimate solution. The closest that I have, and it is far from perfect, is that I have a family subscription to 1Password, and a very private shared vault, that my wife has access to, containing the most important stuff. She has a PDF and printed emergency access sheet for the 1Password account.
Here is something that a friend of mine posted on Facebook (She's a professional writer), a couple of years ago. She had to deal with a number of things:
The first time a doctor told me to “get my affairs in order,” I didn’t know whether that meant to do the bills or clear my browser history. (Both are a good idea.) I’ve had to do it a few times now, and apparently this is unusual. In what follows, I’m going to lay out my decidedly non-professional but overly experienced guide to “getting your affairs in order.”
This isn’t just what you do when you’re gonna die. If you think you might be out of commission for a while, you’ll want to make sure (as best you can) that when you recover, you can resume your life as you know it.
What follows are some basics. Some of this won’t apply to you, and I’m sure I missed some things. If you have sizable assets or a complicated life, consult an attorney. (My attorney friends strongly suggest that you talk to them about any of this. I am SO not a professional. This is just my experience.) This is going to seem overwhelming, but you can actually get it handled in an afternoon - while you’re healthy and clear.
So here we go:
Make sure someone has keys to your house.
Pull some cash, in case you need to send people to the grocery for you etc.
File for a tax extension and an absentee ballot NOW. You probably won’t need it. Just in case.
Is your ID/passport/car registration due to expire soon? Maybe get that handled.
Create a “RED FILE” that’s easily findable but not out in the open. I use an actual red file folder.
In it, place the following: I’ll explain below.
Contingency plans for pets/kids (and any guardianship docs you need for that)
Copy of your insurance card and ID
Relevant medical history
Meds list (include supplements, gym stacks, and mood stabilizers)
allergies
Medical Power of Attorney
Advance Directive
POLST
Financial Power of Attorney
SEALED ENVELOPE with PIN
A DIFFERENT SEALED ENVELOPE with passwords and a list of email accounts, social media accounts, etc.
copies of credit cards
list of bills that need to be paid and how
a will, if you have one
Bills - If you have bills like car payment, mortgage, etc that will have consequences for late payment, pay a little early if you can and/or set to autopay. Autopay absolute minimums on everything you can - you need your money to last, but you also don’t want to return to a credit apocalypse (I did. Credit apocalypse is treatable — but expensive.) Make a list of all your bills and how they’re paid, in case someone has to take over for a while.
I am brutally aware that most of us don’t have a financial cushion. Thinking about how to triage in a catastrophe is a lot easier when you’re not in the middle of it. Make the best decisions you can. But make the decisions, so these things are not surprises when you’re not in a place to think them through. Many places are agreeing to suspend utility cutoffs for now. Student loans can go on forbearance. You may be able to deal with lapsed credit cards better than a vehicle repo. Think it through.
MPOA, FPOA, POLST, Advance Directive, Will: These docs should be signed and notarized. That’s not a big deal; bring them to your bank *unsigned,* and if they won’t notarize them free or for low cost, they’ll refer you to someone who will. You’ll sign them in front of the notary; s/he has to witness that.
Medical Power of Attorney is a form that designates who makes medical decisions for you when you can’t. It doesn’t have to be a family member, and it helps if everyone knows ahead of time who that is. But they should know your wishes, and have the fortitude to carry them out. If they will be a pushy advocate, even better. Don’t choose your nicest friend. Choose the one who won’t be afraid to kick ass, or pull the plug.
An Advance Directive is a legal document in which you articulate what your wishes are if you’re really sick or injured and can’t speak for yourself. You can google a form or write something out (I do a combination).
A POLST is a medical form that gets super specific about the above. The acronym stands for Physician’s Orders for Life Sustaining Treatment. Some doctors like it filled out onsite, but a notarized one in the hands of your MPOA will help even if they have to copy from there onto a fresh form (annoying, but lots of things about health care are annoying). There’s a single form most states use; google your state to make sure you have the right form. NOTE: Filling this out will make your stomach hurt. You only have to do this once in your life, unless you change your mind about something - and remember, you will probably never need it.
Financial Power of Attorney (also called Durable Power of Attorney) allows someone access to all your assets (they should know what they are, and how to access what they might need (insurance policies, for example). At very least, they should be in a position to pay your bills, deposit checks, and get some cash if it’s needed, and to suspend your autopay gym membership while you’re not using it. If you have Venmo or Paypal or Bitcoin, they should know how to access it. If arrangements for pets/dependents have a financial component, they should be able to handle that. Make sure it’s someone you trust BIG. Don’t worry about hurting feelings when you make this decision.
Will: If you have simple assets, pull a simple will from LegalZoom or suchlike, and get it notarized when you take in the rest of your forms. Any assets that are registered - your car, even if it’s a hoopty; your retirement account, if you have such a thing; house, etc - all of it is much more easily transferred if there’s a will. For smaller things - you might simply want to write down in a separate, informal note that Lola gets your party dresses and you’d kinda like it if your books were donated to the prison library, or whatever. It might not matter. But if you know your brothers are gonna fight over your bicycle, do everyone a favor and make that decision for them. They don’t have to know unless - it’s that time.
In your red file is a *sealed* envelope addressed to your FPOA with your PIN numbers, online banking password, etc. DO NOT WRITE ON THE OUTSIDE OF THE ENVELOPE WHAT IS CONTAINED IN IT. JUST ADDRESS IT TO YOUR FPOA. DON’T MAIL IT AND DON’T GIVE IT IN ADVANCE.
If there is more than one person involved in your plans, make sure they all have each other’s contact info. You might consider creating a group chat that says something like, “Hi everyone, I just want to make sure you all have easy access to each other in case of an emergency. Heather, my dogsitter, has the house keys; Jamil is my medical POA and makes decisions for me when I can’t…” etc.
Someone needs to have your social media life in their hands. You don’t need to notarize or pull forms, but there should be an envelope addressed to this person. Include the passcodes to your phone and computer, and if you use a password wallet, how to access that. Are you on Instagram, Twitter, LinkedIn? Grindr? No judgment. Just make sure someone can protect your identity -and your brand, if you’re social-media intensive - while you’re away.
Don’t want them to know you’re on, um, Petfinder? Delete now, just in case. (It’s no time for a hookup, anyway.) Also delete/destroy any docs you don’t want someone else to find, including old journals. Also, consider clearing out anything else in the house you don’t want people to find. You can buy a new (whatever it is) later. And clear your browser history!
Eh, if I have a document somewhere that explains how to access all of my personal accounts and finances, it's a not-very-well-known target for a very targeted attack with limited payoff.
If I'm running a service that manages these documents for thousands, millions of people I know have a well known target appealing to a wide array of actors with nearly unlimited payoff.
Whenever I think of this problem I figure it would be best to have a key that you split into N parts and give it to N people you trust. That way if you're gone they come together and unlock it. More secure because if any of them is individually compromised, your information is still safe.
That also means higher risk of failure, doesn't it? If just one of the N people isn't able to attend for whatever reason, your stuff is gone for good. If I give the key to my spouse, they can just use it. If I give it to 5 people, chance, one of those is unreachable when I'm gone, is 5 times as high.
That's why there should be another parameter: you should split the key into N parts so that any M <= N can open the lock. You can increase M adding people you don't trust 100%, say to 8, but leave N at your comfortable level, 5. Even if those 3 conspire, they would still be 2 people short of being able to break the lock.
You can do 12:5, give 5 parts to your spouse and spread the remaining 7 among your relatives and friends. There will still be a single point of failure, though, if somebody steals all 5 parts from him/her. You can decide to decrease allocation to only 4 parts so that your spouse would need to cooperate with any of the other trusted parties.
The point is there is enough room for designing a scheme that is both secure and reliable.
My father had a stroke so debilitating that he lost language entirely, lives in a brain care unit 24/7, and has zero chance of regaining even the most basic idea of a life. But by not being biologically "dead" he retains a lot of legal protections that don't really suit his situation and my mother is unable to sell her home without the permission of the Court of Protection. We filed for said permission 14 months ago.. and, you can guess the rest. With a lasting power of attorney, she'd have been able to organise her life properly within weeks.