Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: How To Securely Share Passwords?

timothy posted more than 2 years ago | from the one-day-this-will-all-be-yours dept.

Privacy 402

THE_WELL_HUNG_OYSTER writes "My tech-savvy father died suddenly and unexpectedly. He did everything online: bill-pay, banking, eBay sales (and other auction sites), PayPal, investing, etc. When he died, he still had online auctions up for sale, items I had no idea how to fulfill when sold. He still had unprocessed auction refunds, people claiming they returned items and are waiting for a refund. Fortunately, he left Gmail open and logged in when he died, so I was able to configure his account to forward to mine for any future emails he received. He even had his health insurance automatically debited from his checking account (who needs health insurance when they're dead?) I had no way to log into these systems to cancel pending transactions. I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet). Meanwhile, auctions were selling for items I had no idea how to fulfill; debits from his checking account were occurring even though they were irrelevant; etc. You get the idea. How can I share my login credentials with my siblings so they don't have to go through this when I'm gone? I change my passwords every month and never use the same password on more than one site. I don't want my siblings to be able to impersonate me unless I'm dead, so publishing a monthly list to them won't help and would be insecure."

Sorry! There are no comments related to the filter you selected.

Dont worry about it (5, Insightful)

Anonymous Coward | more than 2 years ago | (#37909302)

You'll be dead.

Re:Dont worry about it (3, Insightful)

hedwards (940851) | more than 2 years ago | (#37909576)

Yes, but there's plenty of files that I personally want protected against prying eyes while I'm alive, which I wouldn't mind relatives seeing after I've passed. It is private information, but once I'm dead, I do kind of like the idea of people getting to see the areas of my life which were too private for me to be comfortable sharing in life.

The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them. I think pretty much the only way is to involve an attorney so that you can have attorney client privileges and then have the attorney disclose those after you're dead.

I don't believe that wills are protected in that way typically, you probably could send it to yourself via the post office, but I'm unsure as to whether subpoenas could force you to open them. Sending them internationally certainly would allow for them to be opened by ICE.

Re:Dont worry about it (1)

Anonymous Coward | more than 2 years ago | (#37909628)

Let me repeat the parent, "You will be DEAD." You will have no ego, no pride, no embarrassment. You will be rotting in a box.

Re:Dont worry about it (1)

goofy183 (451746) | more than 2 years ago | (#37909662)

I think the concern is about being forced to reveal what you've written down while still alive.

Re:Dont worry about it (1)

hedwards (940851) | more than 2 years ago | (#37909730)

Exactly. Once I'm dead, I don't care about that, I would prefer to know that nothing that gets released would harm somebody that I care about, but once I'm dead it won't affect anything other than the memory of me.

Re:Dont worry about it (1)

betterunixthanunix (980855) | more than 2 years ago | (#37909670)

The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them

Unfortunately, there is no such thing. The best thing you can hope for is to force multiple subpoenas to be required i.e. by using a secret sharing system.

What you probably want is for your attorney to have all but one of the shares, and for a relative or trusted friend to have the last. Thus, the attorney and the relative must work together to recover the secret, and you are protected from a situation in which the attorney might be compromised. Depending on how sensitive your secrets are, you might also set things up so that the attorney has one less share than would be needed to recover the secret, but where your relatives together have enough shares to recover it -- the attorney may not be available when you die (what if 20 years from now, his office is blown up?).

If your secrets are so sensitive that you cannot even accept the risk that multiple relatives are compromised, then you just cannot share it, and your secret will die with you.

Re:Dont worry about it (3, Insightful)

peragrin (659227) | more than 2 years ago | (#37909804)

It is easy store a copy of passwords on an ecrypted drive. In your will leave the password . It can't be touched until you die. Update the password with the will. Nothing can legally be touched with your accounts until your estate has been settled. So with the will is perfect.

Re:Dont worry about it (2)

betterunixthanunix (980855) | more than 2 years ago | (#37909844)

It can't legally be touched until you die

FTFY. If you have secrets that might be worth using extralegal methods of obtaining, hiding it in a will may not be sufficient. Laws can only go so far in protecting people; sometimes you need to protect yourself.

Re:Dont worry about it (1)

hedwards (940851) | more than 2 years ago | (#37909848)

The key is ultimately to think about it and plan ahead.

The examples you're using are hardly ones that can't be planned for. The trick is the subpoena, there are few limitations to that power, and if somebody gets a subpoena for your computer they're going to have access to anything which isn't encrypted. They could subpoena any keys that have been recorded on paper without violating ones rights, unless those happen to fall under a relatively small number of categories.

Ultimately, if you haven't checked in with your attorney in 20 years to make sure that the individual is still alive and practicing law, you don't have a will. In practice they aren't going to have the only copy typically, but if you entrusted the only copy to them, you can't assume that it's still available at that point. As for the office burning down or blowing up, legal firms have offside backups, unless the will is destroyed within the first day or two, it's going to be backed up offsite and there'll probably be at least 2 back ups.

Re:Dont worry about it (0)

Anonymous Coward | more than 2 years ago | (#37909726)

Rent a bank deposit box and add a authorization to your last will.

Also rent a $2/month server and put passwords to it into the deposit box.

Use it for CVS, files, emails, whatever.

Use encryption everywhere.

Re:Dont worry about it (0)

Anonymous Coward | more than 2 years ago | (#37909828)

Why wait until you're dead to not care about everyone? /s

I'm not a dick now, and just because at some point I'll be dead doesn't mean I'll suddenly want to inconvenience everyone.

KeePass (2)

click2005 (921437) | more than 2 years ago | (#37909318)

I use KeePass with the Firefox plugin.

Re:KeePass (0)

Anonymous Coward | more than 2 years ago | (#37909540)

I use KeePass in combination with the KeePassRest tool: which exposes a REST server to KeePass.

Re:KeePass (3, Insightful)

txoof (553270) | more than 2 years ago | (#37909772)

KeePass is GREAT. I've talked my mom and wife into using it. My mom simply put the master password in her safe-deposit box and left instructions in her will to allow us access to it. My wife and I simply shared our strong master passwords with each other and stuck them into our respective KeePass DBs.

It is a bit of a hassle keeping everything up-to-date, but it is well worth the hassle you leave for your loved ones to try and sort out potentially dozens of passwords after you're gone. Just think about how hard it is sometimes to prove that you own an account that you've forgotten the password for. Now multiply that by the fact that you're dead and your loved ones have to prove that you intended for them to get into your accounts.

Do your family a favor and make it easy for them to find all your passwords in the event that you kick it sudenly.

Keys to the kingdom (2)

RollingThunder (88952) | more than 2 years ago | (#37909322)

I don't think it'll be too hard.

If you keep your passwords securely in a master storage system (IE: KeePass or the like), and keep the master password for that in a physical location that your siblings will be able to get access to in the event of your demise, then they can use that to get access to all the accounts you held.

Think along the lines of those "snap cards" that were in 1980's cold war movies. The sibs have to break it open to get the master password paper, so you know it continues to be secure. There could even be instructions on the paper along with the password.

Re:Keys to the kingdom (3, Insightful)

ColdWetDog (752185) | more than 2 years ago | (#37909666)

You may be able to access it but you are likely not able to legally access it.

The passwords are necessary, but not sufficient.

Short answer, seek appropriate legal advice. Laws change from place to place and time to time. Your specific requirements may not be generalizable. It might cost you a couple of hundred dollars and might save you thousands.

Re:Keys to the kingdom (1)

unencode200x (914144) | more than 2 years ago | (#37909696)

I did something similar. I gave the master password to my wife right before I went into surgery earlier this year. Luckily she didn't need it!

Re:Keys to the kingdom (1)

danomac (1032160) | more than 2 years ago | (#37909714)

You could just write it on your walls with UV paint and mention it in your will. :)

Securely share passwords (0)

Anonymous Coward | more than 2 years ago | (#37909324)

You can't ever *securely* share your password. The best you could do would be give your password to someone you trust (relative, friend, janitor, etc) and hope they don't abuse your trust ... I guess the best you could do would be make a google doc that you update monthly, but don't update the google doc password. In your will, reveal the google doc password.

Re:Securely share passwords (1)

hedwards (940851) | more than 2 years ago | (#37909388)

Sure you can securely share it. It's not ideal, but you can ensure that the password is only available to those people. If they then share it with other people, that's a completely separate issue.

Re:Securely share passwords (0)

Anonymous Coward | more than 2 years ago | (#37909490)

Of course you can.

If you kill the person before they have a chance to pass it on...

Password safe (1)

SiChemist (575005) | more than 2 years ago | (#37909326)

Set up a password safe and seal the master password in with your will. Make sure your siblings know how to get access to it.

This has the additional advantage of preventing you from having to memorize your new passwords.

Keep it simple (0)

Anonymous Coward | more than 2 years ago | (#37909336)

Use KeePass to manage your passwords, keep your KeePass master password in a safety deposit box.

duh? (5, Insightful)

Anonymous Coward | more than 2 years ago | (#37909340)

Write them down.
Leave the sheet of paper in your desk drawer, locked if you're paranoid.

Re:duh? (5, Funny)

davester666 (731373) | more than 2 years ago | (#37909496)

The CIA has a tiny little camera in there, so that's just not safe.

Re:duh? (1)

Shalian (512701) | more than 2 years ago | (#37909508)

I do a variation of this.

I have a google notebook with every site and the username I use on the site. Sometimes it's email address, or name, or one of 4-5 handles. I also list a mnemonic for the password that I used on the site. That page is basically for me, and I update it all the time as I add new sites, change passwords etc...

In a fireproof safe in my closet I have an envelope that contains my current google password and the key to the mnemonics. It gets updated whenever I change the google password or add a bunch of new mnemonics. My wife knows where it is and what it's for.

fireproof safe (0)

Anonymous Coward | more than 2 years ago | (#37909690)

What is temp is rated for and how long? Is your safe near an edge wall, or in the center of the house where all that burning wood will colapse on top of it and bbq it?

Guns in fireproof safes are ruined to house fires, paper would get chard.

Re:duh? (0)

Anonymous Coward | more than 2 years ago | (#37909762)

Insufficient. The password file must be put on a truecrypt volume on a usb key, put in a 4-inch-thick walled safe, with the passphrase hidden using stenography in a sheet of plain text, hidden in yet another hermetically sealed safe, buried under your great-grandparents cemetery plot (on 50 year lease).

Re:duh? (1)

necro81 (917438) | more than 2 years ago | (#37909764)

In my case the sheet of paper is in a safe deposit box. Only my wife and I can access it, and our survivors (should we both suddenly kick the bucket) have power of attorney. It may not protect against a subpoena, but I am not that concerned.

The submitter mentions that he changes his passwords monthly. Overkill in my opinion, but I won't fault him for it. Making monthly trips to the brick-and-mortar bank are a bit inconvenient, but hardly the end of the world.

By telephone or in person (1)

blahbooboo (839709) | more than 2 years ago | (#37909358)

Call them, give in person, or postal mail on a piece of paper.

Re:By telephone or in person (1)

Anonymous Coward | more than 2 years ago | (#37909390)

All common options for someone who is deceased. Seriously, are you fucking dumb?

Re:By telephone or in person (0)

Anonymous Coward | more than 2 years ago | (#37909426)

When there's no ATFR, you could at least read the first four words of the summary before posting.

Re:By telephone or in person (0)

Anonymous Coward | more than 2 years ago | (#37909614)

How you gonna get the money?
Send papers to an empty home?
How you gonna get the money?
My coffin doesn't have a phone.

LastPass (2)

Wonko the Sane (25252) | more than 2 years ago | (#37909364)

Using some kind of password manager, either a third-party service or a local application, would make that kind problem easier to solve.

Lastpass and safebox (2)

blindbat (189141) | more than 2 years ago | (#37909366)

I keep my passwords in Lastpass (any similar program will do) and then keep the master password in my safe deposit box at the bank.

I also keep a list of all important accounts and sites (banking, etc.) so that whoever it may concern will be able to know where to find what is important.

My wife knows this, and she would then be able to access all relevant accounts, as well as know which accounts are important.

Well, the solution is obvious (2)

AdamJS (2466928) | more than 2 years ago | (#37909368)

Make it a part of your will. Store your passwords in a physical deposit box and have your relatives be given the key upon your death.

Re:Well, the solution is obvious (1)

AdamJS (2466928) | more than 2 years ago | (#37909398)

That is to say, for passwords that shall remain static. Otherwise you can have a password to a system of passwords that you must constantly update.

Encription (1) (660144) | more than 2 years ago | (#37909370)

Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).
Alternatively setup a dead man switch.
Otherwise you have to source trust form somewhere.

Re:Encription (1)

betterunixthanunix (980855) | more than 2 years ago | (#37909820)

Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).

Close, but probably not going to work. You are relying on the availability of each person in the encryption chain, and you need their secret keys to be in a particular order. I am in my mid 20s, and I do not plan on dying for a long time -- people who receive a secret key now might be dead, missing, or otherwise unavailable when I die. Encrypting the secret in every possible order is prohibitively large except for a very small number of parties involved.

What you really want is called a secret sharing scheme. The idea is that each person receives a share, which on its own is insufficient to reconstruct the secret. Things are set up so that some number K of the N shares can be used to reconstruct the secret. You can then give shares to people you trust not to conspire against you, and perhaps leave a large number of shares on file with your lawyer (so that if only a small number of relatives/friends are available, they can go to the lawyer to get the necessary shares). []

We had similar problems (5, Informative)

Anonymous Coward | more than 2 years ago | (#37909376)

We had a similar issue when my father passed away. We quickly realized that we could easily pretend to be him, just tell people his SSN and other personal information, and we were able to handle nearly every circumstance. It was an eye opening experience just how easy it is to pretend to be someone else. This was about 7 years ago so things may be different. I assume that you can still get away with it more often than not.

What we did was get his personal information, spread it out on the table, and then call up the institution. When they asked a question it was a simple matter of looking up the information as necessary.

Re:We had similar problems (3, Insightful)

dead_user (1989356) | more than 2 years ago | (#37909868)

My bank refuses to talk to me about my wife's account. Even with her sitting next to me telling them it is OK. Now when they ask for Jennifer, I say I'm her, in by best husky voice, provide the last 4 of the SSN, and magically I have full access to her account. I mean come on... I'm a 40 year old guy with an unmistakably male voice. How can they possible accept that I'm Jennifer? They don't give a shit about fraud. They just want to be able to tick their little boxes.

Ironkey (0)

Anonymous Coward | more than 2 years ago | (#37909384)

Buy an Ironkey, keep all your user login creds in that device's credential manager and share the Ironkey's creds with your chosen next of kin or what have you.

Something low tech? (1)

Prosthetic_Lips (971097) | more than 2 years ago | (#37909386)

How about keeping your passwords "locally" at your house, so upon your death, they can get to them *in* your house? You could keep them somewhere locked, where your siblings wouldn't normally be into. But, when they needed them, they could login to your computer and have the passwords nearby?

I know people that keep their passwords in software "lockers" that require a master password, but then all of the passwords are there. Even if this were an online service, you could keep the master password to yourself until you died, but then have it written down (or something) in the house.

My father-in-law has a bunch of important papers in his house, in a folder labeled, "when I die," so we can access everything. Life insurance, etc., but you could keep your master password there with those important documents.

Fire/water-proof safe. . . (1)

JSBiff (87824) | more than 2 years ago | (#37909500)

If you're going to keep your passwords, or a master password, in the house, then you probably should invest in a fireproof, waterproof safe and keep it in there. Otherwise there's a small, but not-zero, chance, that if the reason you die is a fire or flood, the password might be lost with you.

I'm thinking I'm going to keep a local copy in a safe, and maybe give a copy to an estate lawyer or something to hold in trust until I die. That way, hopefully one of the two copies will survive.

Secure password storage and an attorney (4, Insightful)

Jake73 (306340) | more than 2 years ago | (#37909394)

Place your passwords into a secure repository (like KeePass) and keep it updated. Give the password to the repository and other containers (I keep my KeePass in a TrueCrypt container) to someone you trust to execute when you die. An attorney. A trusted friend. Etc.

If required, make the password a two-part thing and give each part to different people.

Re:Secure password storage and an attorney (1)

Beryllium Sphere(tm) (193358) | more than 2 years ago | (#37909712)

For extra paranoia, seal the envelope containing your master password with tamper-evident tape.

Think through whether changing passwords every month is a good idea. I could give you my opinion but Bruce Schneier published a brief analysis on the subject: []

Password Management Tool + Emergency Docs + Will (1)

ginoledesma (161722) | more than 2 years ago | (#37909414)

I have something like this in place:

Use a password management tool (e.g. 1Password) which has your different accounts/credentials.

Prepare a document (e.g. will) that will disclose the password management tool's master password to your next of kin or designated executor.

In addition, I prepared a list of 'emergency documents' that contains all the pertinent info I have (passports, social security numbers, tax documents, etc) in both electronic and paper forms.

It's a convenience for me that I have access to all of this at my finger tips, but I imagine it would be a great convenience / time-saver for what is already a trying and difficult time.

'Pocket' for Android (0)

Anonymous Coward | more than 2 years ago | (#37909418)

On Android, there's an app called 'Pocket' that can store all kinds of information (passwords, SSN, credit card numbers, insurance numbers, license plates, etc). It's AES-256 encrypted, for what its worth, and can sync across devices. My wife and I use it to keep track of all our information.

Encrypt and give key to laywer (0)

Anonymous Coward | more than 2 years ago | (#37909424)

Have an encrypted list of your passwords available, and give the passphrase to your lawyer to be given to your family upon your death (or store it in safety deposit box and give key to lawyer, anything like that).

As long as you use the same passphrase whenever you update your list, there shouldn't be any issues.

Options (5, Interesting)

Alter_3d (948458) | more than 2 years ago | (#37909428)

Check this Wikipedia article []
It contains a list of services you can use to "inherit" your personal info when you die.

Lastpass and sealed envelope (1)

GSloop (165220) | more than 2 years ago | (#37909434)

Lastpass - and a sealed envelope with your master password.
Or, last pass and share passwords you can allow.

While Last pass is likely to vanish after x years, there will be some similar solution in the future.

The sealed envelope is pretty good, provided you can leave it somewhere someone else [and not everyone else] can get to it.


LastPass with 2 factor authentication (grid) (0)

Anonymous Coward | more than 2 years ago | (#37909448)

give a sealed envelope with a lastpass one-time password in it to one relative,
give a sealed envelope with a copy of the grid (2nd factor of authentication) to a second relative.

Tell them together they can access the LastPass account if you die.

Master Encrypted File (1)

Jordan (jman) (212384) | more than 2 years ago | (#37909454)

Since your passwords change so often, it wouldn't really help to put it in your will. You could however have a master file with all of your passwords that is encrypted and updated monthly. The encryption key for that could be with your lawyer who handles your will, trusted sibling who will be the executor, etc. They would have the password, but keep the file on a thumb drive or some other device in your possession. To be more secure, you could keep the device with the encrypted file in a safe deposit box. They will then need to take a death certificate and proof of executorship to the bank to get into the box. That way they won't have easy access to the device until after you are gone. Just need to go over it beforehand with whoever is going to handle it for you.

Meatspace is for the living... (1)

seandiggity (992657) | more than 2 years ago | (#37909456)

...and a place for paper, pen, filesafe, key.

Lawyer (3, Interesting)

Stormthirst (66538) | more than 2 years ago | (#37909478)

Have a standing arrangement with your lawyer - send him a letter every month with instructions that the letter is only to be opened in the event of your death and to destroy the previous month's letter. The letter of course contains all the passwords and a list of people the list of passwords is to be given to. He'll probably charge you a monthly fee for the service.

If that's too expensive, I'm sure a PO Box is cheaper, and leave the key with your spouse/siblings.

Dan Brown It (3, Funny)

broginator (1955750) | more than 2 years ago | (#37909480)

Set up a series of convoluted and ambiguous riddles and puzzles to lead your survivors on a wild adventure to recover your secret code.

Obvious (1)

vlm (69642) | more than 2 years ago | (#37909484)

There are still a couple uses for a physical bank aside from notary service...

Rent a tiny bank safe deposit box for about 10 years prepaid. It doesn't cost very much, although I suppose it depends on local competition and your income level... Place copies of relevant documents in safe deposit box. Along with some silver and gold coins, unused but valuable jewelry, etc. Certified copies of birth cert, photocopies of documents like passport, etc.

Make sure all the details of the deposit box are in your will.

If you're going biometric / 2-factor, luckily for you biometrics are easily faked, cannot be changed and are extremely insecure, so a fingerprint will do, an outline of your hand will do, retina picture will do. You don't need to actually put an eye or finger in the safe deposit box.

Re:Obvious (1)

vlm (69642) | more than 2 years ago | (#37909546)

Almost forgot to mention, the smallest (cheapest) deposit boxes are scarcely bigger than a letter envelope... They will not hold a burned CD, or many printed papers. But multiple SD / CF cards will fit. This is a handy way to back up your most valuable / irreplaceable digital files in case the house burns down or whatever.

Re:Obvious (1)

ColdWetDog (752185) | more than 2 years ago | (#37909740)

Aren't you forgetting a small detail? Using a dead person's credentials is fraud / computer hacking / some other legal issue. Just because you have the passwords and relevant data, you don't have the legal right to use them. You at least need Power of Attorney. The safe deposit box is a good idea, but it isn't sufficient.

In short, consult a lawyer. Not Slashdot.

Safety deposit box??? (1)

waterford0069 (580760) | more than 2 years ago | (#37909488)

Lets go with simple, because tech can fail.

Put a list in a sealed envelope in your bank safety deposit box and tell them it's there (and if you can't wait for them to get the death certificate, put someone you trust as a key holder). You could save trips by pre-determining them a year in advance, so you only have to go once every 11 or 12 months.

You could make it a little easier to accomplish regularly, by using a fire safe, somewhere in you house.

You could give a piece of the passwords to each of your siblings, so that two or more have to get together.

Encrypted database on physical device (1)

steveg (55825) | more than 2 years ago | (#37909504)

I keep all my passwords on my phone in an encrypted database. The people that matter know my master password on that database, but they don't (currently) have physical access to my phone. That will change after I'm gone.

Re:Encrypted database on physical device (1)

berashith (222128) | more than 2 years ago | (#37909732)

as long as you promise to die in a graceful fashion , or leave your phone somewhere else when such grizzly event is going to occur.

KeePass + (0)

Anonymous Coward | more than 2 years ago | (#37909518)

Check out these possibilities:

If you wanted to control your passwords yourself you could store your accounts/passwords in a KeePass database. Use to send an email with your password to the KeePass database to your trusted siblings. You could store your KeePass database in dropbox and share it with your family members (it's encrypted with AES) so it would be secure. The only way anyone would access your accounts is with the password, obviously.

Use an email account for password recovery (1)

erroneus (253617) | more than 2 years ago | (#37909528)

Use a single email account for the purpose of account and password recovery. Post the account and password on a yellow sticky note and/or will that information somewhere. Then, all they have to do is the "Forgot Password" thing and they will gain access to everything else.

It's not rocket science there, Jimmy Bond (0)

Anonymous Coward | more than 2 years ago | (#37909532)

5000 mechanisms exist.. You're just pissed that he didn't plan ahead the same way your siblings will whine when you forget to include the password to your My Little Pony collectibles site or whatever other oversight you're going to forget.

It's not a technical problem, it's an implementation one.

The old envelope in a safe (0)

Anonymous Coward | more than 2 years ago | (#37909554)

If that's not techy enough, what about a secret key attached to your will, and encrypting the latest password with the associated public key? Store in some (electronic) box the will knows where to find. That sort of thing.

Write them down and lock them up (1)

goofy183 (451746) | more than 2 years ago | (#37909556)

My wife and I both have written down our most commonly used passwords including our OSX Keychain passwords. These go into an envelope which has our signatures over the seal and then placed in a lockbox. If someone happened one either/both of us the details on these passwords are in our wills.

Safety deposit box (1)

Saint Aardvark (159009) | more than 2 years ago | (#37909560)

You could try something like:

  • Keep a list of passwords (I use Emacs + GPG, but there's bound to be something out there that'll work for you if that's not your style)
  • Print out the list monthly (if that really is how often you change passwords)
  • Seal it and put it in a safety deposit box at your local bank
  • Tell everyone "In case of my death, go here for passwords"

(Alternately, this could be something a lawyer could help with -- something like holding passwords in trust, only to be given up in the event of X, Y, Z...)

Yes, it's a pain in the ass. But it would work, and it would mean your executor/spouse/etc would only have one set of people to convince that you're dead.

You're making it too hard. (1)

chill (34294) | more than 2 years ago | (#37909572)

This isn't a difficult problem.

Print them out and put that piece of paper where you have all the other "if I die" pieces of paper. For example, your will, insurance policies, titles/deeds to any real property.

For example, a bank safe deposit box or on file with your lawyer if you have one. Just for geek sake, I also have digital scans in PDF form of every one of those pieces of paper. They're burned to a CD and kept in a small fireproof safe in my house.

In the event of a "bug out" emergency, I grab the small safe (really a lockbox) and go. Both my wife and I have keys to it, and all my adult kids know where to get the keys if needed. (Hell, even the 3 year old knows -- which has presented problems a couple times when he flushed one set of keys. But, that is a different story.)

Shamir's Secret Sharing (0)

Anonymous Coward | more than 2 years ago | (#37909574)

1) Create a secret key (not public key).

2) Encrypt the secret key with a strong passphrase (50 to 70 random characters).

3) Create a password file, and encrypt it with the key from (1).

4) Distribute the encrypted password file from (3) each month to your siblings via email.

5) One time only, share the passphrase from (2) with your siblings using the following:'s_Secret_Sharing

    In short, you can pick how many of them must collaborate to get the passphrase out. If you really don't trust them, get a lawyer to hold a key number of shares to meet the threshold (see the link) and retain said lawyer with instructions in your last will and testament.

    This can also act as a method for recovering all your passwords in the event of a disaster (up to an including nearly an ELE).

    Debian has a package with an implementation called 'ssss'.

Swordfish (1)

ElmoGonzo (627753) | more than 2 years ago | (#37909578)

Just use the same password. No one wants to have to run a cracker to gain access to your system anyway.

My father died a few years ago - Morningstar (4, Informative)

93,000 (150453) | more than 2 years ago | (#37909594)

My mom wanted to get into their Morningstar account and didn't have the password. I called and explained the situation -- basically that her husband was deceased and she needed the password, and I said I'd call on her behalf. What steps do I need to take to get it? The rest of the conversation:

Operator: "What's the username he has the account under?"
Me: "Uh, billsmith2222 is the username."
Operator: "OK, let's see... looks like the password is Sarajane. The 'S' is uppercase."
Me: -- Stunned silence --- "Thanks?"

I was glad it went so quick, as I had expected to have to send a death cert and jump through god knows what other hoops, but it freaked me out how casually they gave it to me. I mean, I didn't do anything to verify that I was even any relation to the account. All I had was the username. Obviously someone was new, disgruntled, or just plain stupid, but it worked in my favor for once.

Re:My father died a few years ago - Morningstar (1)

Anonymous Coward | more than 2 years ago | (#37909832)

Not to mention that, it seems, they store their passwords in plain text (or encrypted in a recoverable way).

Re:My father died a few years ago - Morningstar (2)

Zmobie (2478450) | more than 2 years ago | (#37909834)

Another disturbing part is the fact that the passwords they have are obviously not hashed...

Mnemonic Password Formula (1)

Nanosphere (1867972) | more than 2 years ago | (#37909604)

I use a simple mnemonic password formula that incorporates the name of whatever I'm securing with the password. For example each websites password will use some characters from its URL, so it is then unique and I don't have to memorize a thousand of them.

Safe deposit box (1)

nine-times (778537) | more than 2 years ago | (#37909612)

If you really want to be secure, keep an encrypted file with a list of all your passwords and account information. Put the password (or decryption key) in a safe deposit box, and leave instructions in your will on how to access the relevant information.

Posthumous Spring Cleaning (0)

Anonymous Coward | more than 2 years ago | (#37909622)

On a similar, but related topic...

How do I ensure all the pr0n on my computer gets erased after I die so my wife/kids don't find it??

something like DH? (0)

Anonymous Coward | more than 2 years ago | (#37909632)

How about something like diffie hellman where you don't exactly share a password, but you arrive at one.

Dead Man's Switch (4, Informative)

CapnStank (1283176) | more than 2 years ago | (#37909634)

I've posted this previously but I keep thinking it deserves merit:

Dead Man's Switch []

Its a project that emails you periodically. If you don't respond it fires off a pre-defined message to a set of individuals you've chosen. Full disclaimer here, I have nothing to do with the project and I have not yet tested it myself but it doesn't seem like a difficult system to set up.... cron job + mail server + port listening app.

Re:Dead Man's Switch (0)

Anonymous Coward | more than 2 years ago | (#37909836)

You could easily combine this with a secret sharing scheme or even just plain PGP (if it's just 1 person and you trust that person)... the big debate is how long that site will be around.

It's called "dead man's switch"... (0)

Anonymous Coward | more than 2 years ago | (#37909654)

This [] may be useful. Of course it has the same problem of any on-line service you may think of: you will probably outlast it.

Death Envelope (1)

bpfinn (557273) | more than 2 years ago | (#37909664)

I heard Matt Yoder talk about a "Death Envelope" on Pauldotcom Security Weekly [] . He gave a presentation about it at DefCon. The slides are here [] .

How i do it: (1)

rufty_tufty (888596) | more than 2 years ago | (#37909676)

3 stage affair.
I have a friend let's call him Andrew whose machine I have a log in to. On that machine is a list of instructions of what to do on my death. Andrew does not know this file is on his machine but knows I use his machine for various random things.
Another friend called Brian who knows about this file but does not have access to it. To access the file he'd have to contact Andrew who would login as root and therefore be able to read the file and pass it onto Brian..
As part of these instructions most passwords are on another encrypted file on my local machine which my partner has a login to. The really secure ones are actually hidden at a relative's house - I'm not saying which one though or how but again that information is in the file on Andrew's machine. Andrew however does not have access to that relative's house without asking that relative. Similarly that relative is not going to let a virtual stranger go digging around in their house without good reason.

Now if Brian or Andrew wanted to they would have a fair chance of getting access to some stuff but they would have to both violate the trust I have in them and co-operate in doing so. They would also know where all the other stuff is stored and how to get it. My partner could go digging on my computer and accidentally find the file with my facebook, slashdot etc password in it, however that password file does not have the passwords to the email or banking or anything else. My relatives could discover what i hid at their house but without the information from Brian & Andrew it would mean nothing to them.
The chances of all my friends and relatives having to simultaneously turn against me make me think this is a fairly secure method. No one link in the chain makes it insecure. Much better than any online single password service that I know...
Besides I like the idea that my last act is to get all my friends and relatives together in a cross country treasure hunt!

Make it a game (1)

phoncible (2468768) | more than 2 years ago | (#37909680)

"Hide" your passwords in a wordsearch puzzles and have someone pass them out at your funeral. It'll occupy the kids while their parents grieve for you, and by the end, they'll have found all your passwords so your relatives can get in on some of that sweet sweet cash. You'll be remembered for one hell of a funeral!

ClipperZ (0)

Anonymous Coward | more than 2 years ago | (#37909686)

Me and my wife use ClipperZ as our password storing solution. In my account I have the password to her account and vice versa. In addition we have the master passwords written down and distributed to a friend in case of emergency.

Put them in a few secure places (1)

Gwarsbane (905113) | more than 2 years ago | (#37909688)

Personally this is what I do.

I have all my passwords and other needed info in a text file that I keep adding to. I rar up that text file into a self-extracting exe which is password protected (with a 16+ character randomly generated password) and doesn't show the file names, and has a non-descript name which no one would guess is passwords.

I have that file on my home computer which no one has access to but myself. I also put copies of that file on 3 different thumb drives. Ones kept on my keys, one is in a firebox and the other is on my desk. I update the file now and then and I back it up in all those locations.

I also print out the list of passwords and put them in the fire box too, the old papers get shredded and tossed into a fire.

I also keep the main password for the file in a few places in pieces so that anyone seeing it would never guess what they mean or what order they are suppose to be in.

Its over kill but I never have to worry about someone getting my passwords accidentally. And yes its as big of a pain as it sounds to do all this, because I also do change my passwords now and then and changing that big of a file is annoying. :)

some faith and.. (0)

Anonymous Coward | more than 2 years ago | (#37909700)

I understand the situation more than most, dad is coming up on two years and left us with the same deal. email accounts, e-trade, online bills. Granted I'm the youngest of the family so what we did was record all important logins in a notebook which lives in a small firesafe. The point of this was so i wouldn't go through a repeat later in life. As for you worried about your siblings impersonating you, I'm not sure if you referring to like Facebook accounts and such or actual broker accounts, which you don't want your siblings cashing out and ruining you financially. Make a list in a secure place and just sit them down and say "look, this is for when I'm not around, not for your amusement" if they take you seriously as an older sibling, they will listen.

"If I die" folder (1)

WonderGod (62521) | more than 2 years ago | (#37909718)

I have a "If I die" folder in my filing cabinet, which includes stuff like my will, life insurance info, billing info, bank info...

In addition I started creating a .txt file with important computer information, logins, account info, etc... I put that txt file on a USB drive and put it in the folder. If I change any important account, or password I insert the USB stick, update the txt file and put it back.

My wife also has a folder similar to that. I figured it was a simple way of doing it.

I ANAL (1)

nitehawk214 (222219) | more than 2 years ago | (#37909722)

Actually as far as bank accounts go... I don't think you can legally "pretend" to be a dead person by writing checks in their name or logging in to their back account. In any event you need official death certificate plus will papers to access old accounts. My power of attorney papers expired when my parent did. I had to re-access the accounts as the executor of the will. Continuing a business via Ebay or otherwise is probably fine, as you are acting as an agent of the business not impersonating the deceased.

Also, my condolences, losing a parent unexpectedly is a massive depressing event. The headache added due to all the legal / paperwork stuff the state imposes is not fair. It seems to me that only the truly wealthy can afford to let someone else take care of the paperwork crap and be correctly prepared.

Re:I ANAL (1)

mx+b (2078162) | more than 2 years ago | (#37909842)

The legal/paperwork headache is very unfair. Here you are trying to grieve and spend time with family/friends and push away from the world a bit to recompose yourself, and various businesses and legal entities continually call you and shove papers in your face to sign and ask where the money will come from. It'd be great if there was some sort of legal protection that said no one is allowed to harass you for a couple weeks.

Lastpass (1)

Beachhouse (1235186) | more than 2 years ago | (#37909724)

Last pass works great for that.

Don't Allow Automated Debits (1)

Froggels (1724218) | more than 2 years ago | (#37909736)

One thing is to not allow for any company or organization to regularly automatically debit your account even when alive. It's best to have 100% control over that type of thing at all times. Other than that you'll be dead anyway, so you shouldn't have anything to worry about.

Executorship (0)

Anonymous Coward | more than 2 years ago | (#37909750)

> I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet)

Then, they were right not to help you. Perhaps you shouldn't be taking such actions until your right to do so has been established (2)

SaxtusGR (753511) | more than 2 years ago | (#37909766)

There is a site that will do just that: []

There is a service for that (4, Interesting)

Riceballsan (816702) | more than 2 years ago | (#37909800)

Lifehacker recently had an article on a service called "death switch" [] Basically it e-mails you asking if you are still alive, if you don't respond back, after 3 e-mails, it sends out the assigned message to who you specified. It does cost $20 a year

Write it down... (1)

Bill_the_Engineer (772575) | more than 2 years ago | (#37909838)

and keep them locked in your desk. We do this at home. No one can hack our locked desk drawer without physical access. We can still change our passwords and update the information on our pad which happens to be a cheap and small ledger book from the local office supply store.

No need to make it complicated. It's not that we're that interesting of a target in the first place.

Who Gives a Shit? (1)

sexconker (1179573) | more than 2 years ago | (#37909856)

Anything important (bank accounts, real estate, pensions, insurance) will be handled properly and legally when you provide a copy of the death certificate and, in some cases, a copy of the will.

Ebay auctions? Email accounts? Who gives a fuck?
If you want to be nice tell ebay/google/yahoo/ms/whoever that he's dead and an auto-responder stating that fact would be helpful.

ME (0)

Anonymous Coward | more than 2 years ago | (#37909866)

Can I haz ur Cred's.

I'll pass them along when your gone!


Meanwhile (1)

Verdatum (1257828) | more than 2 years ago | (#37909870)

Sorry but, "Well_Hung_Oyster"? Seriously? (And the filter made me upcap it, nice huh?)
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?