Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Ask Slashdot: How Do You Securely Store Private Information For Posterity?

timothy posted more than 2 years ago | from the more-mysterious-to-go-all-jason-bourne dept.

Privacy 257

An anonymous reader writes "In the event of my untimely demise, my wife and family will need access to all of my private data (email, phone, laptop password, SSN, etc) and financial accounts and passwords (banks, 401(k), mortgage, insurance, etc). What's the best way to securely store all that data knowing the data is somewhat volatile (e.g. password changes) and also that someone else who is not technically savvy will need to access the most up to date version of it? Suggestions include a printed copy in a safe deposit box, an encrypted file, a secure server in the cloud, or maybe a commercial product."

Sorry! There are no comments related to the filter you selected.

why care? (0, Funny)

Anonymous Coward | more than 2 years ago | (#40576481)

you're dead

Re:why care? (0)

yndrd1984 (730475) | more than 2 years ago | (#40576659)

Not yet.

Re:why care? (0)

Anonymous Coward | more than 2 years ago | (#40576701)

No kids yet, hmmm?

Re:why care? (0)

Anonymous Coward | more than 2 years ago | (#40576737)

you're dead

Hm, can you name for me all the famous nihilists who did something other than be raving, depressed nihilists?

Mm hmm, that's what I thought.

Re:why care? (5, Funny)

fustakrakich (1673220) | more than 2 years ago | (#40576777)

Hm, can you name for me all the famous nihilists who did something other than be raving, depressed nihilists?

Does it matter?

Re:why care? (0)

Anonymous Coward | more than 2 years ago | (#40576839)

*golf clap*

Re:why care? (0)

Anonymous Coward | more than 2 years ago | (#40576901)

I see what you did there.

Re:why care? (1)

roman_mir (125474) | more than 2 years ago | (#40576941)

Nihilism is not about not caring what will happen after you are dead, that's just egoism, I am not implying that egoism is bad btw, just providing the proper nomenclature.

Re:why care? (1)

MobileTatsu-NJG (946591) | more than 2 years ago | (#40576849)

My biggest fear when I die is that my wife won't be taken care of.

Re:why care? (1, Funny)

Anonymous Coward | more than 2 years ago | (#40576891)

Send me her picture... I may be willing to take care of her for you.

Re:why care? (2, Funny)

Anonymous Coward | more than 2 years ago | (#40576917)

So have her "taken care of" before you die... make sure it looks like an accident so they won't suspect you.

Re:why care? (1)

roman_mir (125474) | more than 2 years ago | (#40576963)

I can't understand, is that typed with a straight face or is that sarcasm?

All of the above (1)

JoeMerchant (803320) | more than 2 years ago | (#40576493)

I like the encrypted file in the cloud idea, it also wouldn't hurt to have a USB stick + paper copy in a safe place.

Anything network accessible should be encrypted, but you don't want your password to expire with you - so the safely located copies should be plainly readable.

Re:All of the above (3, Insightful)

Anonymous Coward | more than 2 years ago | (#40576609)

The "cloud" (both free or commercial) is very far to being a suitable solution for long term, secure store for private data. See the megaupload cease or even the stories of AWS outrage.

Anything network attached or even IT related is not suitable for what you are looking for. Probably the best solution is paper copies in a safe box with off site back up copies in safe-deposit box.

Re:All of the above (1)

JoeMerchant (803320) | more than 2 years ago | (#40576665)

The "cloud" (both free or commercial) is very far to being a suitable solution for long term, secure store for private data.

Clarification: My "cloud" reference was to services like Dropbox, Google Drive, etc. where your data is not only available from on the service, but also mirrored to all of your (and potentially your friends, colleagues, frenemies, etc.) devices.

Trusting a single entity with anything is foolish [wikipedia.org] .

Answer in the question (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40576505)

Safety deposit box is probably the only reasonable solution. A file stored in the cloud or on a hard drive is likely to get deleted or the service will die before you do. Any documents/passwords/items your family needs should be stored in a safety deposit box. If the data changes frequently and your family absolutely needs access to it, which is unlikely, then keep them written down in a safe at home and make sure your family has the combination.

Mod parent up. (5, Insightful)

khasim (1285) | more than 2 years ago | (#40576545)

Any documents/passwords/items your family needs should be stored in a safety deposit box.

Let me expand that a bit.

If your family absolutely needs the information MAKE SURE IT IS IN A PHYSICAL FORMAT and stored in a secure location.

Electronic formats are not reliable enough for critical information. Particularly if your family members are not sufficiently tech savvy.

Re:Mod parent up. (4, Informative)

RsG (809189) | more than 2 years ago | (#40576715)

Yep, most of the stuff (banks, 401(k), mortgage, insurance, etc) listed in the summary would be best suited to paper. And safety deposit boxes are the way to go.

For the stuff like email and online banking, might I suggest setting up a main email account with a stable password that is as strong as you can make it? I.e. twenty characters, alphanumeric, no words in the dictionary?

You don't need to use this account for your regular email, you just use it to reset your other passwords when needed. So you've got "yournameherebackupaccount@____.com" on every online form for password recovery, and the backup accounts password is written down someplace secure, and too strong to need resetting. Pretty sure you can even set up a "forgot my password" option for your regular email provider (I recall doing something like that with gmail in any case).

Once you become metabolically challenged, your family just needs to access the one account, using the password saved in your deposit box, and reset the passwords on everything else for their own access. Since the password is saved in a deposit box, your bank becomes the gatekeeper for it, and they're pretty good at that job.

Re:Mod parent up. (4, Insightful)

Anonymous Coward | more than 2 years ago | (#40576889)

All of these are important suggestions, but you need to make sure that the ownership paperwork on the safe deposit box includes your spouse or "personal representative." Otherwise they don't have direct access to it. They would have to either have a power of attorney that grants them access to it or get a court order allowing access to it, either in probate or a guardianship/conservatorship situation. Because people forget to allow such access but shove their will in there, it is not completely uncommon for a probate proceeding to be opened without the will being able to be provided, the safety deposit box probated, then once the contents of box are found to contain the will, the will is then entered into the probate and the rest of the property taken care of. As you can tell, that is a longer and more expensive proposition.

Re:Answer in the question (2, Insightful)

Anonymous Coward | more than 2 years ago | (#40576731)

In addition, storing the information out of your house protects you in the event of a fire, etc.

Re:Answer in the question (0)

Anonymous Coward | more than 2 years ago | (#40576897)

Unless the fire is at the hosting facility

Re:Answer in the question (0)

Anonymous Coward | more than 2 years ago | (#40577057)

That's a non-issue. You already have a digital copy. This is just a backup for in case of your death. For it to be a problem, you would have to die and then a fire would have to break out before your family can retrieve it.

And I expect any such hosting facility to have much better fire protection than my tinderbox of a house.

Re:Answer in the question (2)

kerashi (917149) | more than 2 years ago | (#40576799)

This. Don't expect your family to know how to get into your digital copy, and don't expect it to last as long as good, old-fashioned paper. A safety deposit box is great for long-term documents, and a small fire-proof safe at home is good enough for keeping frequently-changed things like passwords. Note that you should not keep REALLY important documents in a home safe, especially a small one, as a thief can simply pick it up, walk out, and drill the lock at his convenience.

Re:Answer in the question (1)

Jesus_C_of_Nazareth (2629713) | more than 2 years ago | (#40576807)

This! It's relatively cheap. Leave access details with your solicitor, stipulating as a condition of being disclosed, that spend a night in the old Johnson place. To be extra secure you could leave half of the necesary information with your family, and the other half in a sealed envelope with your solicitor. If there is no old Johnson place, go for any similarly creepy and abandoned old house. The Scooby Dooesque antics will surely lift their spirits in what must certainly be a difficult time. Lead a good life, treat people well, and don't dwell to much on dogma for dogma's sake. I'll have a nice place awaiting your arrival.

Wuala + Dropbox (2)

Troed (102527) | more than 2 years ago | (#40576513)

Wuala - http://wuala.com/ [wuala.com]

Like Dropbox, but with actual security - i.e, client side encryption. You can also share information with groups of others etc.

LastPass - http://lastpass.com/ [lastpass.com]

Solves all password problems, and all you have to make sure is that the master password is accessible after your death. Like, in your will.

Re:Wuala + Dropbox (5, Insightful)

Nightshade (37114) | more than 2 years ago | (#40576573)

um... no. cloud vendors can disappear without notice in which case you're out of luck. lastpass was hacked last year so that isn't the safest choice either. see http://lifehacker.com/5799036/the-best-password-utilities-that-dont-store-your-data-in-the-cloud [lifehacker.com] so this is a real problem. the fact that you;re thinking about this means you're planning which is like better than probably 80% of people out there. so what i would do is come up with something that works for you and have your spouse/next of kin actually try to follow the agreed procedure without you around and have them report back on problem areas. a lot of businesses have disaster recovery plans which they try to play out once or twice a year. trying it definitely finds some problem areas.

Re:Wuala + Dropbox (1)

Troed (102527) | more than 2 years ago | (#40576605)

No, LastPass wasn't hacked (and just like Wuala your passwords are client sided encrypted and thus cannot be copied off LastPass' servers).

As to cloud vendors disappearing, sure, but they only need to stay up for a few weeks at the most after your own demise - after that the family has had plenty of time to make backups if needed.

Re:Wuala + Dropbox (1, Informative)

Nightshade (37114) | more than 2 years ago | (#40576653)

lastpass was definitely hacked. even the ceo admits usernames and encrypted passwords could have been taken: http://www.pcworld.com/article/227268/lastpass_ceo_explains_possible_hack.html [pcworld.com]

having encrypted passwords plus at least some people choosing weak passwords plus rainbow tables or other brute force tools is a recipe for some people's accounts to be compromised.

Re:Wuala + Dropbox (3, Informative)

Troed (102527) | more than 2 years ago | (#40576785)

No, it wasn't hacked, and that won't change just because you keep repeating it. If you don't select a bad password on purpose (LastPass rates it) you have nothing to fear from brute force tools. Rainbow tables don't help with services that understand salting - and LastPass most definitely know their stuff as compared to a lot of other services.

No LastPass accounts were compromised from the incident that _maybe_ happened. I fail to understand why you seem to purposely want to misrepresent the facts. Your two links have not supported your statements, at all.

LastPass + Wuala is still the best, and most secure, way to solve the question asked.

Re:Wuala + Dropbox (1)

Nightshade (37114) | more than 2 years ago | (#40576861)

hi, go read the links again. i think they speak for themselves; it doesn't matter to me if you have a different view of things. frankly this is getting away from the question that was asked so this is the last i have to add here.

SplashID + Dropbox (0)

Anonymous Coward | more than 2 years ago | (#40576649)

Use something like SplashID for storing all your info, it has mobile and desktop apps, back the desktop to Dropbox or some other service you are comfortable with.

Leave your SplashID password (and either Dropbox, phone or computer login info) in a safety deposit box, safe or other trusted source.

Re:Wuala + Dropbox (1)

Tom (822) | more than 2 years ago | (#40577073)

Wuala - http://wuala.com/ [wuala.com]

Very interesting. But one thing bothers me: I can't find an external audit or some other assurance that they actually do what they claim to do and that their crypto is any good. There's allegedly a paper out describing the crypto, but I can't find it.

Is there any 3rd party verification of their claims?

encryption? (4, Informative)

girlintraining (1395911) | more than 2 years ago | (#40576515)

Encryption is when you want to keep people out. In the scenario you've outlined, you need to let people in, but only certain people. That screams physical security. Your online passwords and all that crap can all be bypassed by a court order, which would be issued to the executor of your estate, authorizing the holder(s) of your assets to grant access to them. You don't need to keep a record of your passwords anywhere... once you're dead, they can just reset them. The rest might have value to you, but it is unlikely to have value to anyone else. Nobody's going to care about your licensed copy of Microsoft Office, or need to decrypt your secret collection of porn, music, and videos.

This is not a technical problem. This is a legal problem. This is the wrong forum to answer those kind of questions. You need to make a list of what assets you want (it's called a will) to pass on, and then simply make sure those assets are accessible. Call the companies up that maintain your online stuff and ask them. You don't have to worry about banks, mortgages, or physical assets: That's the executor of estate's job to sort out. Your Will provides all the legal power necessary.

Re:encryption? (1)

Hognoxious (631665) | more than 2 years ago | (#40576957)

Your online passwords and all that crap can all be bypassed by a court order, which would be issued to the executor of your estate, authorizing the holder(s) of your assets to grant access to them.

My understanding is that it's nowhere near as easy as that. If the court order is from a different country the hosting company will probably ignore it.

Re:encryption? (1)

Tom (822) | more than 2 years ago | (#40577037)

Encryption is when you want to keep people out. In the scenario you've outlined, you need to let people in, but only certain people. That screams physical security.

While I agree on physical security for other reasons, your reasoning regarding crypto is dead wrong.

For example, there are a couple interesting key-sharing systems where you could encrypt everything, break the key up in 5 parts, and distribute them to family members that hate each other plus one to your lawyer, so that 3 of the 4 family parts plus the lawyer part need to come together to regenerate the whole key.

There are few problems that you can not apply crypto to. Practicality is the main issue - very likely, nobody else in the family would understand the protocol and math necessary to get the key back.

Public Key Encryption (0)

Anonymous Coward | more than 2 years ago | (#40576519)

Set up a public/secret key pair and leave the secret key in a secure location. Every time you need to make an update to your private data, simply make an update note, encrypt the note with the public key, and store the encrypted note in a location that your heirs can access.

why should i tell you? (0)

Anonymous Coward | more than 2 years ago | (#40576527)

This is not one of those things you should disclose publicly to others.

there is also stuff that a Wills, trusts attorney (1)

Joe_Dragon (2206452) | more than 2 years ago | (#40576537)

there is also stuff that a Wills, trusts attorney needs to put in a legal document to cover your financial accounts.

financial accounts' passwords (1)

Max_W (812974) | more than 2 years ago | (#40576543)

Is it a good idea to leave your financial account password at a known place? A wife will get the husband's money anyway in several months after death.

But withdrawing money from husband's account after his death may look highly suspicious, especially if one is acquainted with real murder statistics.

The time of death is routinely recorded, and the time of money withdrawal too. An investigator will just have to look at the timing. It is simple to notice.

Re:financial accounts' passwords (1)

gshegosh (1587463) | more than 2 years ago | (#40576667)

Why would a husband have separate account from his wife in the first place?

Re:financial accounts' passwords (0)

Anonymous Coward | more than 2 years ago | (#40576841)

So they can prevent financial stress leading to divorce when they both overdraw the account while buying junk neither one needs off of the Home Shopping Network. The accounts can be set up as joint owner or joint account with right of survivorship to try to avoid probate. It is still a good idea to have separate accounts so each person can track their spending separately.

Re:financial accounts' passwords (1)

roman_mir (125474) | more than 2 years ago | (#40577033)

really? Why not?

How about multiple accounts, one can be shared.

Re:financial accounts' passwords (1)

gshegosh (1587463) | more than 2 years ago | (#40577103)

I'm just surprised that anyone who'd be concerned about his wife getting access would simultanously feel the need to have separate accounts. I'm curious what's the use case for such an account.

Re:financial accounts' passwords (1)

hawguy (1600213) | more than 2 years ago | (#40576675)

Is it a good idea to leave your financial account password at a known place? A wife will get the husband's money anyway in several months after death.

I don't want my wife to need to get a court order and wait for several months to have access to my accounts upon my death.

But withdrawing money from husband's account after his death may look highly suspicious, especially if one is acquainted with real murder statistics.

What kind of paranoid reality do you live in? My mother moved funds around almost immediately after my father's accidental death (after all, she still had mortgages to pay, funeral arrangements, etc), but there was no murder investigation.

The time of death is routinely recorded, and the time of money withdrawal too. An investigator will just have to look at the timing. It is simple to notice.

If a wife killed her husband to get his money, wouldn't she be more careful than to empty his accounts moments after his death?

Re:financial accounts' passwords (1)

Anonymous Coward | more than 2 years ago | (#40576751)

If a wife killed her husband to get his money, wouldn't she be more careful than to empty his accounts moments after his death?

You'd think so, wouldn't you?
In reality people are either stupid or desperate and do stupid things.
Also, how does your wife access money now? Can't she continue to do so the same way?
Of are you one of those people that gives their wife $100 a month to spend.

Re:financial accounts' passwords (1)

Hognoxious (631665) | more than 2 years ago | (#40577001)

You're full of shit. Just sayin'.

Steganography (1)

Anonymous Coward | more than 2 years ago | (#40576549)

http://en.wikipedia.org/wiki/Steganography
I would encode all my valuable information in porn movies and there would be thousands of copys around the world.

Punched Cards (3, Funny)

Anne Thwacks (531696) | more than 2 years ago | (#40576553)

Dump the whole lot to punched cards. No one will read punched cards unless they are desperate, but if they are desperate, the technology can be built from scratch.

If in Europe, you might prefer paper tape, but I doubt it.

PS Anyone got an open source program to print card images onto A4 paper? (readable by Lottery hardware)

Re:Punched Cards (1)

bitingduck (810730) | more than 2 years ago | (#40576805)

but if they are desperate, the technology can be built from scratch.

It should be easy to do with just a regular scanner and some image processing software. There's probably even an iphone app for it already that just uses the camera...

Keepass plus Dropbox or similar (0)

Anonymous Coward | more than 2 years ago | (#40576565)

Solutions like trucrypt are too fiddly, http://keepass.info/ is pretty good and portable - you can keep a copy of the app in Dropbox or google drive etc. you can also manage different sets of passwords in different files for work vs home etc.

LastPass + OTP (1)

bill_mcgonigle (4333) | more than 2 years ago | (#40576569)

Manage your online passwords with LastPass [lastpass.com] and generate an OTP to put in a safe deposit box and give the key to your attorney.

Cut out the safe deposit box for one less level of trust-noone and lower cost. Add safe deposit boxes in a chain to drive everybody crazy and increase the difficulty of compromise.

Unneeded/wanted for some if not most (1)

Kamots (321174) | more than 2 years ago | (#40576579)

Set beneficiaries on your financial accounts (401k's, etc). I can envision all sorts of problems arising if the accounts are logged into and assets transfered out after your death.

For your laptop password, and the like, why not just keep a thumbdrive in a safe deposit box?

Re: Safe Deposit Boxes (3, Informative)

AlienSexist (686923) | more than 2 years ago | (#40576593)

It might be worth mentioning that Banks will provide access to your Safe Deposit Box to law enforcement in various circumstances. I'm confident you can dig up news articles of consumer complaints that police accessed private SDBs with little (if any) proper process or authority. I've also come to understand that banks are required to turn over SDBs to the state in the event that the account holder dies so that the contained property can be included Probate into the estate for valuation and taxation purposes. If your credentials are in there it widens the scope of what can be seized for probate or snooped upon.

No technology needed: legal problem (0)

Anonymous Coward | more than 2 years ago | (#40576615)

In the event of my untimely demise, my wife and family will need access to all of my private data (email, phone, laptop password, SSN, etc) and financial accounts and passwords (banks, 401(k), mortgage, insurance, etc).

I solved this problem by putting my wife on the account - either a beneficiary or as joint tenant. - no need for passwords or knowing secret codes or whatever.

This isn't a technology problem, this is really a legal problem - a very basic one.

Few things (1, Informative)

Renderer of Evil (604742) | more than 2 years ago | (#40576617)

Fujitsu ScanSnap 1500(M)
1Password (or equivalent)

Scan important documents and shred or hide the originals if necessary. Store all passwords in 1Password and give the master unlock key to couple of your friends.

Encrypt, zip and put it on cloud storage. Setup a calendar repeating event (or a chron script) that checks if you're alive every 6 months. Point that to a file called IF_DEAD_PLEASE_READ_ME.TXT for instructions.

You could do this in 1 afternoon.

Re:Few things (1)

gshegosh (1587463) | more than 2 years ago | (#40576685)

Care to share your cron script that checks if user is alive? ;-)

Re:Few things (1)

Nutria (679911) | more than 2 years ago | (#40576781)

The typical process is for the living person to create a cron job to periodically send his friends an "I'm alive!" email. Presumably the dead person's family would turn off his PC soon after he dies so if ever the friends don't receive the expected email, they should validate is mortality status.

Re:Few things (1)

John Bresnahan (638668) | more than 2 years ago | (#40576793)

I don't know about you, but for me all it would have to do is see if my last login time was more than 24 hours earlier.

It is was, I'm dead!

Re:Few things (1)

Tom (822) | more than 2 years ago | (#40577003)

Aside from the funny part, this is actually not bad.

When I'm not on holiday or otherwise far away with no Internet, I don't think there's ever a, say, 48 hour period in which my mailserver would not register an access to my IMAP account. So with a bit of fiddling so I can tell it to stop checking for the next 2 weeks because I'm away, this would work fairly reliably.

Now if only someone had this already coded up... (I'm sure someone has, waiting for the links to be posted...)

Re:Few things (0)

Anonymous Coward | more than 2 years ago | (#40576845)

0 0 1 JAN,JUL * banner R U ALIVE?

post its (3, Funny)

yorgasor (109984) | more than 2 years ago | (#40576627)

Easy, just write them on post-its and attach it to your monitor at work. It's the most secure location there is.

Re:post its (1)

MisterBuggie (924728) | more than 2 years ago | (#40576903)

Easy, just write them on post-its and attach it to your monitor at work. It's the most secure location there is.

Oh I wish I could mod you up. I'm sitting at work looking at the long list of passwords taped under the screen (a single PC used by 5 about different people), so your comment made me laugh!

Why? (1)

mjr167 (2477430) | more than 2 years ago | (#40576657)

If you die, your wife will go through the appropriate channels with the lawyers, etc to get access to your money. You don't need to give her the account password. It will take time, but you want the process of declaring you dead and transferring you assets to be hard.

If you don't trust her with the bank account password, why are you going to trust her with access to a safe-deposit box or safe containing the password?

If you have personal information on your laptop that you do not want you wife to know now, why do you want her to know it after you are dead?

Book of the Dead (1)

Anonymous Coward | more than 2 years ago | (#40576661)

Amazon has nice, tiny, leather-bound notebooks that make what you are doing seem at least ceremonial. I went through all my files and keychains and wrote everything down with a nice fountain pen and handed it off to my adult son for his fire safe. It's a good feeling.

He is also instructed to delete all my MILF pron.

If RPGs have taught me anything... (4, Funny)

dadioflex (854298) | more than 2 years ago | (#40576669)

...it's that your valuable information should be transcribed onto a special medallion, which is then quartered with each quarter piece buried in a deadly dungeon in a far flung corner of the land. That's what passed for "Cloud" storage in my day. (yes yes I know.)

Re:If RPGs have taught me anything... (1)

Nightshade (37114) | more than 2 years ago | (#40576713)

definitely. in the non-rpg world this is known as Secret Sharing. See http://en.wikipedia.org/wiki/Secret_sharing [wikipedia.org]

Re:If RPGs have taught me anything... (1)

dadioflex (854298) | more than 2 years ago | (#40577045)

Interesting "Link"! Dammit, can't get my head away from Japanese RPGs. But seriously, that's a thought-provoking article on distributed information - not what the FA was asking about, but cool if you have a treasure map to secure.

encrypted disk with PW in safety deposit box (1)

dmm10 (726220) | more than 2 years ago | (#40576681)

My route:
important documents and long term secrets (including pw to encrypted disk and instructions) in safety deposit box;
more volatile secured data on the encrypted disk -virtual disk- along with frequently needed secrets;
strong password securing disk;
backup the disk regularly.

Re:encrypted disk with PW in safety deposit box (0)

Anonymous Coward | more than 2 years ago | (#40576743)

And then what if nobody can access the encrypted disk because the technology you used was too old?

Well given the present course of humanity. (1)

axlr8or (889713) | more than 2 years ago | (#40576707)

I think the information your should be looking at storing are what blood type, what you taste like, what other foods go well with you. Posterity is a word best used for people who care about the future of others. This doesn't exist at this time.

Esay (3, Funny)

Yoda222 (943886) | more than 2 years ago | (#40576711)

I put everything on megaupload

Save Public Information, not Secret. (2)

edibobb (113989) | more than 2 years ago | (#40576733)

It's very common for people to die without leaving this information behind, and there are methods in place to handle it. There is some security risk in having to modify the "private data stash" every time you change a password, account information, etc. Instead, it might be better to list the accounts, etc., and leave instructions on how to access them after your death or incapacitation, without the passwords. Since proof will be required for this type of access, your "private data stash" won't have to be so secret and you can eliminate a security risk.

Envelope with your signature on the flap (3, Interesting)

Nutria (679911) | more than 2 years ago | (#40576741)

Allowing access only to your heirs, and only when you're dead is impossible unless you've got *lots* of money. After 9/11 and the destruction of Swiss banking secrecyt, it's probably impossible.

But you don't have that much money.

So, since as others have mentioned, law enforcement can get your stuff if they really, really want it, all you can reasonably hope for is to make your documents tamper obvious

Thus...

  1. Print out accounts, passwords, etc.
  2. Put them in a "safety lined" envelope, sealing it closed just like normal.
  3. Write your signature across the edge of the flap.
  4. Further seal it with packing tape.

So, if someone tries to steam open the envelope and then reseal it, you'll notice since they won't be able to exactly line up the two halves of the envelope and thus your signature will be misaligned.

(This is a variation on the old displaced strand of hair trick.)

Re:Envelope with your signature on the flap (0)

Anonymous Coward | more than 2 years ago | (#40576965)

Sounds great, until you realize that this would only deter the most casual of intruders. It would be trivially easy for any intruder possessing, say, the resources of an entire government, to extract all the documents, make copies, and then replace them in an identical envelope, sealed with the same packing tape,and sign it with an exact copy of your signature, which could be reproduced using a digital image of the signature on the envelope prior to unsealing.

Shit, they could probably do that in just an hour or two if they paid attention in spy college.

In other words: you're only being paranoid. This will do NOTHING to secure your data beyond "placing it in safe deposit box" to begin with.

Fireproof Safe(s) + Paper Copy (0)

Anonymous Coward | more than 2 years ago | (#40576757)

Preferably in at least two locations. You can keep a convenience "master" copy in digital, encrypted format to update the physical copies.

Give the family the combination, and rest secure that even if they lose it the safe can still be cracked easily and relatively inexpensively if necessary. The same cannot be said for a well encrypted file.

Seriously.

Roboform (1)

plastick (1607981) | more than 2 years ago | (#40576759)

I've used RoboForm [ http://www.roboform.com/ [roboform.com] ] for many years. It lets me choose my encryption algorithm (Blowfish, AES, 3DES, etc). I can save links, notes, contacts or personal data. It can fill in web forms for me using artificial intelligence, auto log me in to programs or webpages, it can store my stuff encrypted in the cloud or keep it in a folder, if using the cloud can sync all my computers and my cell phone (all that functionality is on my phone too), has anti-keylogger protection, auto generate passwords, supports finger print readers, and has a nice interface with full search. I highly recommend it and in no way, shape, or form am I connected with that company in any way. I'm just a regular user who has turned on many friends to it. The downside... it's not free and has a yearly cost but it's rather inexpensive (around $10).

keepass works good (0)

Anonymous Coward | more than 2 years ago | (#40576761)

I suggest keepass http://keepass.info/. Just be sure somebody knows the password. I usually keep multiple copies, like on my phone or usb. Just be sure where it's kept is accessible. Ohh yea, you will have to trust someone with some sort of password.

If you don't trust anybody your screwed and they will have to fight for all that info through the courts.

Safe-deposit box + Password Safe (1)

bradley13 (1118935) | more than 2 years ago | (#40576801)

As others have written, put as much as possible onto paper, and put this in a safe-deposit box at the same bank you have your standard accounts at. Best is if your wife is used to accessing it - perhaps she also has some things that she needs to store there? Alternative to the safe-deposit box is a safe or at least a secure lockbox somewhere in your house.

For stuff that is online, or in electronic form, ignore the folks who say that a lawyer will be able to arrange access. What an expensive PITA! Use a password safe - keep all of your important passwords in it. One of the pieces of paper in the safe-deposit box should (1) state what online things may be important, (2) explain where to find the password safe and (3) list the master password. Never, ever change the password without immediately updating this paper.

KeePass (0)

Anonymous Coward | more than 2 years ago | (#40576811)

I've used KeePass for a while now, and it works perfectly. Since I love & trust my wife--and live in a community property State--we just both keep all our PWs co-mingled. It's really very handy.

http://keepass.info/

Re:KeePass (1)

Xacid (560407) | more than 2 years ago | (#40576911)

Ditto. That + a dropbox share between wife and I does the trick. Moreso useful for while I'm alive and she or I needs to handle something in one of the various accounts we have laying around.

Wait, what? (1)

TiggertheMad (556308) | more than 2 years ago | (#40576853)

In the event of my untimely demise,

Untimely? As opposed to timely? I am pretty sure when I die, it will be untimely from my point of view whenever it happens.

Re:Wait, what? (0)

Anonymous Coward | more than 2 years ago | (#40577093)

This depends. If you have an accident and are paralyzed and in a coma, your point of view may change.

low tech (0)

Anonymous Coward | more than 2 years ago | (#40576859)

write it on paper and store it in a fire-proof safe in your house

secondary (1)

Tom (822) | more than 2 years ago | (#40576863)

Get someone you trust who is tech-savvy and hand him a list of where everything can be found. No passwords, keep those on a piece of paper in a safe, or a locked box somewhere in your house (fireproof would be good).

Your grieving non-geek relatives will not only not bother hacking your passwords, their primary problem will be that they won't even know where to look for stuff. I know I listed all my savings accounts and such because should something happen to me, those left would simply never think about some of the non-obvious ones.

Commercial Solution: Death Switch (1)

nsxdavid (254126) | more than 2 years ago | (#40576869)

Didn't notice if this was mentioned or not, but there are some commercial solutions like deathswitch.com

They fire off emails to you on a schedule. If you fail to respond, then they suspect maybe you are pushing up daisies... other fail-safes kick in (they check with a designated friend, etc.). If you are, indeed gone, then they spew whatever you want to whomever you designate. You can even program in a follow up or two for later. A year after you are dead, a nice parting practical joke, eh?

Re:Commercial Solution: Death Switch (1)

Tom (822) | more than 2 years ago | (#40576919)

The problem with a commercial offer is that quite likely the company will die before its subscribers do.

Physical security, not encryption, for posterity (0)

Anonymous Coward | more than 2 years ago | (#40576879)

Absolutely none of this information is un-obtainable by your survivors, anyway. Passwords can be reset, most companies have policies and procedures to grant next-of-kin to access / take ownership of your assets after your death - they will typically have to provide a death certificate and a written request, and SOMETIMES it'll require a court order, but all of that stuff... people will get access to if they need it.

Now that we're clear on that, and understand that your heirs will have access to the stuff they need, we can think about how to make it *easy* for them in their time of bereavement.

1) Update your will. Don't have one? Go create one, even a basic one at something like LegalZoom, or your local $30 an hour law school grad. Just make sure it's legally binding in your state. Review it at least once a year, or "on major life changes" - buy a house, have a baby, get a divorce, start a corporation, etc. etc. etc.
2) Compile a list of all financial accounts you have: holding institution, account numbers, login ids, passwords, pins, current balance / liability / holdings;
3) Compile a list of all major / important services you use - account names and passwords for... email providers, facebook, etc. etc. - anything you consider "important" for your survivors to have access to.

Create at least 2 printouts of 1, 2, and 3 above. One goes in a safe deposit box at your bank. Update your will to mention safe deposit box and the fact that these documents are stored there. The other goes in a locked fireproof safe / box in your home. Make sure you and your spouse both have keys, and put a third key in your safe deposit box. If you have someone else (friend, family member, lawyer, etc.) who you can absolutely, without-fail trust, consider asking them to store a third copy of these documents for you.

Now, as far as tech solutions to managing some of this:
1Password is my choice for electronic management of account info - encrypted, available on all devices via dropbox sync;
Quicken is how I manage my day-to-day financial accounts - all my holdings are detailed there, and I also sync that file via dropbox;
LegalZoom is what I used to whip up a quick Will for myself, basically saying "all my shit goes to my wife." I haven't yet reviewed it with a lawyer, because we're newly married and don't have kids or any major assets - renters right now. But I expect in the next year or two, I'll sit down and make a phone call to a local lawyer to actually set up a real will that will cover my situation in a more custom fashion.

My wife knows my 1Password master password and I know hers, though we each have our own password store on our own computers. I trust her, she trusts me... your mileage may vary on that score - don't share it, just write it down and safe deposit it if you don't trust your lady.
They're also written down in the packet of information in the safe deposit box.
All the quicken account info is also written down and stored in safe deposit, along with the will, and two keys:
-- to the small lockable fireproof/waterproof box (SentrySafe brand, fwiw - cost about $50, iirc) which sits on top of...
-- the small lockable metal filing cabinet next to my desk.

I keep "important stuff" (passports, a handful of "can't lose these original photos", marriage certificate, car titles, birth certificates, insurance info, important medical records etc. etc.) in the fireproof box, and "less-important but still confidential" stuff (last year of account statements for each account, last 10 years of tax returns, paycheck stubs, service contracts, etc. etc.) in the cabinet, both of which sit in our locked and security-system'ed apartment.

We review things once every six months (generally around tax time, when we're going through a lot of this crap anyway, and again towards the end of the year when we get benefit open enrollment at work, as again, it's a useful prompt to say, "did we need to change our insurance or health care plans or blah blah blah?"), and I'm fairly comfortable that if I get hit by a bus, my stuff will be accessible to my wife. If we both die in a plane crash, well, the will also references the safe deposit box with printouts & the keys to the filing cabinets for our heirs; In case of a fire/evacuation/etc., most of the non-fireproof-box stuff could safely be lost (statements, old tax returns, etc. can always be re-printed if necessary), and we could easily grab the fireproof box and carry it with us if we had more than 15 seconds to get out, which would preserve the really important stuff.

The only "secure" answer here is one where there are multiple, secured, plainly-readable paper copies of the information which are physically secured so that only certain people can access them. Encryption and electronic storage is not the answer for long-term storage, it should be considered a convenience only - great if it's still working and accessible when it's needed, but not your only or final line of defense.

(* Note: Not an employee of LegalZoom, Quicken, Dropbox, or 1Password - feel free to substitute similar services as you see fit. I name those, because they're what I use and what I've found to be the best suited to my needs)

Slashdot (3, Funny)

cowboy76Spain (815442) | more than 2 years ago | (#40576887)

My way is getting the info into an /. article.

After that, the editors will take care that it is periodically available again as if it was a new article.

a couple of flash cards (1)

roman_mir (125474) | more than 2 years ago | (#40576909)

a few flash cards with the copies of necessary documents in them strategically placed in a bank deposit box or a safe place at home and a copy in another location.

Here's a crazy thought... (1)

AtlantaSteve (965777) | more than 2 years ago | (#40576913)

... why not actually, you know, involve your wife in your family's finances while you are still alive?!?

Don't get me wrong, I believe that a healthy relationship includes privacy. I wouldn't share my personal email password with my spouse, etc.

However, your 401k and mortgage? That stuff involves marital property... why doesn't she already know where the accounts are and how to access them? Of course this is Slashdot, so I could make a ton of jokes about male and female relationships (do you really have a wife?). Regardless, it just strikes me as bizarre that someone's spouse would have no idea how to check the family's mortgage and retirement accounts. Even if you could ensure that she had the usernames and passwords after your death, do you really want her having to figure it all out from square one under those circumstances?

Of course, you also have to provide for the scenario of you and your wife dying at the same time (e.g. car accident). This is why you should have a will drafted, and an executor who knows where the accounts are. Usernames and passwords are pretty moot in that case anyway, the executor will need a death certificate to start the legal process.

This is a two-part problem. (0)

Anonymous Coward | more than 2 years ago | (#40576915)

Firstly, as others have pointed out, it is a physical security problem - which may be further divided into two more parts: location and durability.

It's hard to beat a lawyer's office for location - a bank safety deposit box is good, but much more open to the government and other powers-that-be. If there's even the slightest hint you may have any government beefs at all, I'd go with a well-established law firm.

For durability, humans haven't invented an information-storing medium more durable and accurate than the vinyl record - not since we chiseled shit on stone, anyway. ...so - a custom cut LP in a lawyers office is the ideal solution for non-digital storage. This also has the added benefit of having your loved ones hear your voice after the end. It doesn't have to be just an endless droning recitation of passwords. [n.b.: important accounts should have two passwords - one that is never, ever used and so immune to keyloggers, etc. during your life. this will avoid the problem of recording something that may be out of date when you tap.]

But SECONDLY, if a digital solution is required, *digital* durability and longevity is the main issue.

I would propose that there is no more digitally secure medium anywhere on any network that is more durable, more immune to alteration, and less dependent on any one provider (or group of providers) than the Bitcoin blockchain.

The blockchain exists on on hundreds of thousands of computers around the world, and it is on every one of them with *exactly* the same information. I don't believe there is anything on the internet that could be seen as more durable or more 'immortal' than the bitcoin blockchain. It is possible to insert a short message into any bitcoin transaction - there's an app for that. A short list of passwords and how to use them could be encrypted, broken up into the requisite number of transactions, and placed into the blockchain - with the password and decryption instructions passed on through a lawyer, or given to all of your heirs and assignees through your most trusted relative/loved one.

Ain't that stuff handy?

Digital Asset Estate Planning (1)

grot (57003) | more than 2 years ago | (#40576921)

I'm the CTO for Yet Another Cloud Service, but this one may be of interest to the tin-foil-hat crowd (of which I consider myself a member). The service is Cloudfeet (www.cloudfeet.com) and one of its genesis use cases is exactly this. I'm a patent attorney, and my business partner is an estate planning lawyer.

There are a few services out there (www.mywebwill.com, www.legacylocker.com) that purport to be suitable for this application, but there are several problems with them. Principally, they're not hooked into the legal estate/probate mechanisms of any particular state, so you have little assurance that what you want to happen after you die, actually will happen.

Another problem is the tin-foil-hat part: if you don't have the encryption keys to your data, then you don't have any control over the data, or any reason for confidence in its security.

Cloudfeet uses client-side encryption, but with a (patent-pending) twist: you keep your RSA key, but the private key is encrypted using a key that Cloudfeet holds. Cloudfeet will send that key to you if you're able to complete the two-factor authentication process. Thereafter, it's a fairly straightforward implementation: you decrypt your private RSA key, then use that to decrypt individual document keys, then use those to decrypt documents.

Since Cloudfeet doesn't have your (encrypted) RSA key, we can't snoop on your documents or deliver them to the FBI in response to a National Security Letter. However, since your private key is encrypted using a key that Cloudfeet has, you don't have to be especially careful with it (although, of course, you should treat any encryption key carefully). For an attacker (or LEO) to read your documents, they have to get both your encrypted private key (over which you have exclusive control) and the key-encryption key (which Cloudfeet maintains).

Getting back to the main topic, digital asset estate planning, our system is designed to fit into ordinary probate proceedings. The canonical case for that is:

* Your estate planning lawyer sets up an account for you, with two-factor authentication & all.
* Your encrypted RSA key is printed as a QR code, which is affixed to your will and other important docs.
* You can store whatever digital information you want to preserve (e.g., passwords) in your Cloudfeet account.
* When you die, your executor can obtain your encrypted RSA key from your will, and Cloudfeet will provide the encryption key in response to your executor's request, supported by the court order appointing him to administer your estate.
* With the encrypted RSA key and the encryption key, he can access your saved passwords and carry out the instructions in your will.

More info at www.cloudfeet.com [cloudfeet.com] , or contact info@cloudfeet.com [mailto] .

Safe Deposit Box (1)

the eric conspiracy (20178) | more than 2 years ago | (#40576925)

Be careful. Once you join the choir invisible anything in your name will be subject to potential access restrictions.

That includes a safe deposit box that is in your name.

http://www.finweb.com/banking-credit/accessing-deceased-s-safe-deposit-box.html [finweb.com]

Bank accounts will potentially have restrictions as well. Be sure these have appropriate beneficiaries set up so your heirs have access without the long delays and legal folderall associated with probate.

Keep it simple. (1)

westlake (615356) | more than 2 years ago | (#40576929)

Here is the problem:

Because electronic media is more sensitive to heat and humidity than paper, media safes are constructed differently and insulated more heavily than those designed to protect paper.

Media safes are rated using the same hourly classes as those designed for paper except they are tested to maintain a temperature of 125 degrees F or less compared to a fire resistant safe which is tested to maintain a temperature of 350 degrees F or less.

There is a lot to be said for doing what people expect: keeping paper copies of your essential records in a safety deposit box which your next of kin can access without a hassle.

You digital records should quite safe in their Mormon vault in Utah and the limestone cavern in the Appalachians.

That doesn't mean you family will remember how to link to them --- or even be able to link to them --- when they are most needed.

The most efficient method to date has been.... (0)

Anonymous Coward | more than 2 years ago | (#40576943)

Carving them into clay tablets in some Ancient language. Multiple Ancient languages would be prudent for redundancy.

Start with the threat model ... (1)

bdemchak (1099961) | more than 2 years ago | (#40576981)

Seriously ... what are you trying to protect? Who are you trying to protect it from? And how much is it worth for them to crack it?

More likely, you're trying to make sure the important information is available to a competent executor, and if it's not immediately available, it's in a form the executor can get it indirectly. You can assume the availability of friendly experts (including lawyers and application users), even if for a price.

If you're worried about someone digging up your treasure and walking away with it, don't ... except for Bill Gates (who has plenty of advisors for this) ... you're not special. None of us are.

Here are the steps I follow:
1) Have a competent legal firm draw up estate documents and leave custody of the documents with them ... make sure everyone knows which firm you chose.
2) Have a copy of the documents in the hands of the executor and family members. You can seal them, but make sure you have an executor who knows how to open and close accounts, pay bills, understand stock dividends, selling houses and cars, can talk to lawyers, and can get expert help when he/she needs it.
3) Get a program like WillMaker to help you document your assets and wishes (even if you use a lawyer to draw up the real documents).
4) As a matter of hygiene, don't be switching your money between custodians and accounts very often ... it's harder for someone new to find it all, even given the few years it will take to clean up your estate.


And do all of the above every few years as circumstances change.

Stability and predictability are your friends.

Paper and pen. Keep it simple. (2)

ip_freely_2000 (577249) | more than 2 years ago | (#40576983)

There's a plain looking red notebook in my desk drawer. The first five pages are blank. I've written down username/passwords and account numbers for everything. I've told her it's there and I keep it updated. I don't pretend the information is at risk from a meth-induced burglar. The FBI is not coming knocking. I have not discovered a secret to the universe. My method is simple and immediately available to my wife or daughter if it's needed.

Non-issue. Put it in a letter in your will. (0)

Anonymous Coward | more than 2 years ago | (#40577011)

"In the event of my untimely demise, my wife and family will need access to all of my private data (email, phone, laptop password, SSN, etc) and financial accounts and passwords (banks, 401(k), mortgage, insurance, etc). What's the best way to securely store all that data knowing the data is somewhat volatile (e.g. password changes) and also that someone else who is not technically savvy will need to access the most up to date version of it? Suggestions include a printed copy in a safe deposit box, an encrypted file, a secure server in the cloud, or maybe a commercial product."

Your wife and family will NOT need access to all your private data after your demise. You're mistaken. Anything your wife should have access to after you die she should have access to BEFORE you die. If you are keeping something from her, the first and biggest question is "WHY?!?" If you have an e-mail account, for instance, that you are deliberately keeping her from knowing about, that you use to arrange trysts with other ladies, etc., either stop it, or have the balls to tell her what she deserves to know before you contract a fatal case of KILLED BY ANGRY HUSBAND of the woman you're fooling around with. The last thing she's going to want, amidst funeral arrangements, fighting with your insurance company over whether or not your death could have fallen under the "we don't cover that" clause of your agreement, is to find out you were carrying on affairs behind her back, or telling all your friends about how she cries during sex...

Again, if you're married and have no secrets from each other, (that is, you're relationship is healthy and doesn't have that form of malignant cancer called "hiding things",) she should already have all that information. As for financial accounts, she should have HER OWN LOGIN for that stuff. If you're married, and your financial institution doesn't support that, find a new one that doesn't have it's head up its ass. For legal reasons, they HAVE to be able to know WHICH holder of an account logged in and made changes, etc. May I recommend USAA, which grants members who are married individual Member Numbers, each with its own login credentials, even when both members have access to joint accounts. If you're concerned about going that route, in the event of divorce, you have bigger problems. Also, I got divorced, and USAA (not that I'm a shill for them, they're just the only bank I'll deal with anymore, all my other dealings are with Credit Unions...) was very good about removing HER access from MY accounts. (I opened them...) so she can't access my information, etc. anymore, even knowing as she does my full legal name, my date and place of birth, my social security number, etc. (I was in the military, she HAD to know... they require "sponsor's SSN" for EVERYTHING.)

So just to recap, she should have her own logins for anything involving money, real estate, etc. For devices, keep a master list in a safe somewhere, or just do what everyone else does, use the same one password for everything. Sure it's shitty security, and begging to be hurt, but if you're that worried about it.. realistically, every device you have can be reset from without, by the appropriate person. Your phone, for instance. She takes a notorized copy of your death-certificate, and marriage certificate, and the phone to the phone company's nearest corporate store, and tells them "My husband died. Here's proof. Here's proof he was my husband. Unlock this phone." I'm pretty sure they'll do it. They'll have to call the regional manager, but they'll do it.

As for your laptop, there are procedures for voiding the BIOS passwords, I remember an old Toshiba laptop of mine had the bizarre instruction to use a bridge, (or paperclip) to connect pin 17 and 5 of the 20 pin LPT1 port, or whatever it was, I may have the pin numbers wrong, but it was essentially like that. (This was back when laptops had printer ports!) Hold the power button for 12 seconds... I was shocked to see that it worked... it did, though. Hard drive passwords are almost as easy, boot from CD or thumb drive, and reinstall the OS. If you're worried about data on the drive, simply back it up periodically (WHICH YOU SHOULD BE DOING ANYWAY) to CD-ROM or external HDD, or to a thumb. Pick whichever you like the best, none is perfect or infallible, any could be lost or stolen, destroyed by fire, corrupted by virus or the peculiarities of the storage medium. It's a lot like life.

You could just jot down user names and passwords and keep it in your wallet, making sure to use something water-resistant, and protect your wallet. Better yet, encrypt the passwords, using some scheme like Caesar shift, or something, with the key kept in one or more secure locations that are NOT your wallet. For instance, decide there's things you NEVER use in your passwords. Let it be "k" "i", and the number 8, along with an asterisk. Look at the keyboard and you'll see why this is easy to remember.

Then write on your little sheet of paper, if your password for Yahoo! Mail is dungeon23, write down that it's kdungeon283i.

Even if someone finds the piece of paper, knows your login ID, they won't know which characters are nulls, (the k the 8 and the i).

The important part is to remember what system you used, and to hope no one else can guess or infer what you did.

Does anyone miss the days before everything was online and required secret passwords? I often wonder why fingerprint readers haven't simply proliferated and replaced all this BS.

But to recap, your spouse should have her own login, she can get the device passwords reset, your data should be backed up off computer, she either should already have access to your e-mail, or she doesn't need it, and your kids don't need any of that shit, unless you think there's a real chance you and your wife both will predecease them. Having made these preparations, you can now die safely.

Really, though, your old archived e-mails will be the least of your kid's concerns after you and your wife both die.

If you're that worried, put it all in a letter, and put it in your will. Passwords change, but hey, a court-order will open most of those things. If you specify in your will that you want ANYONE you have an account with to let your heir(s) have access when you die, they'll probably allow it. Honestly though, if your heir(s) biggest concerns after you die is not your loss, but the loss of your data, you fucked up somewhere.

Lots of bad advice here (1)

the eric conspiracy (20178) | more than 2 years ago | (#40577071)

Once you kick that bucket any accounts in your name only will be frozen until probate is resolved. Attempts to access these accounts are criminal acts.

Safe deposit boxes in your name only ditto. You must have court assignment as executor to get into the box. It takes time to get that and if you don't have a will the court may appoint an executor.

To avoid this you want to set up joint accounts and beneficiaries on the accounts so that these accounts will automatically be transferred to the people you want them to go to without the probate wait.

You do want to have a list of account numbers somewhere - ideally that would be in the hands of a trusted person who is named in your will as executor.

Also you might want to get rid of any email delivery of account balances info you have. That mail delivery of information post demise can provide valuable information as the the existence and status of the account to your survivors.

Also you want real estate papers somewhere accessible for possible sale of property by the executor.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?