Ask HN: Have you set up a procedure to disclose your passwords in case of death?

340 points by bsjaux628 ↗ HN
After coming back from my home country where the insecurity is a big part of the daily life (armed robbery, kidnapping, murder), I started thinking of what would happen if something happened to me and how would I be able to ease the burden on my love ones to manage my digital assets (cancel subscriptions, keep my digital libraries, etc). So I ask: do you have a procedure in place to grant or transfer access in case of death?

My first idea would be using a password manager for everything, list every device used for 2SA and confine within my will a master password.

260 comments

[ 3.7 ms ] story [ 305 ms ] thread
Here is what I am thinking:

- Setup keypassx with all key accounts/passwords

- Setup 2FA on a phone app such as Google Authenticator. Then make a backup on another phone (you can copy Authenticator app data on another phone easily). Bonus: setup Authy app on a desktop as well.

- Record a video of you showing anything critical

- Write down any details that only you know.

-Put all this in a simple HTML/Markdown page and save on an encrypted disk and/or S3. For backup, save a copy on a flash drive.

- Keep the encryption key and flash drive in a physical locker that only is accessible to your spouse (if any) or anyone else whom you want to. If you are using a physical 2FA device such as Yubikey, then keep a copy in this locker as well.

- Make a Will which explains who/how can access all this if you die suddenly.

Seems a little overkill? 2FA isn't even really necessary if you have a password manager. Write down the master passwords on some paper, put it with the rest of your documents in a fire safe. Access to someone's email account is the biggest thing you need anyway since everything can be reset through it.
Or just use a password manager as usual but distribute your password with shamir split between several trustworthy parties, one of whom would be a solicitor or someone like that (along with your will)
I did that recently as a backup measure, 1Password comes with a good "emergency kit" that you can print out and store in a safe place. It has instructions on how to access the vault and the password in plain text.

The big advantage of a password manager that is consumer friendly (Like 1Password) is that you can store everything in there (documents, passport, notes) and it will be accessible to whoever needs access to it. Not some obscure command line knowledge necessary.

It is also a lot easier than having hundreds of papers / letters in your house. Even if it's not about the security aspect, having everything in one place is a big advantage.

I also use 1PW and agree it is a good choice. I would be cautious with saving too much information and files (documents, keyfiles etc) in it. With their latest update to v8 they removed the ability to print as PDF or save an attachment, so you will have a very hard time getting it out. Only way seems to be screenshot (too bad if the text is longer than a screen) or sharing via mail (you get the draft and from there copy the attachment). Am not sure if they try to hold your data hostage (VC "capture value" play) or greatly overshot on security.
> With their latest update to v8 they removed the ability to print as PDF or save an attachment

That's not true, there's a "Download" button that downloads the raw file. Just tested that on the latest Beta of v8 on macOS.

i asked their support and they acknowledged the removal of PDF-printing, regarding attachment: i didnt mean an attached file but the ability to e.g. save a secure note as an attachment. my fault for using bad english. your remark that you can save an attachment via download button is correct.
Yes. A password manager and a written document in my successors hands with the passphrases for it and the home laptop with crypted disk. Plus Google account handover logic with dead man's switch, and list of domain and virtual host providers.
Absolutely not. Everything dies with me.
I'm only afraid that if I go quickly, I won't be able to destroy everything I've written and drawn. If I want people to know something of me, I'll present it to them. I'm not looking to be mined for content after death and recontextualized.

My passwords and encryption are to enforce that policy digitally.

I’m using 1Password Family with my partner which provides the functionality for defined users to recover all passwords for the other user. [^1]

So in case of my death or my partners death, we can recover each others passwords.

[^1]: https://support.1password.com/recovery/

Lastpass has this as a built in feature for at least their family plan. You can set another account to be an emergency access account. The owner of that account can initiate a request for access to your passwords. You'll get an email informing you of the request, and you have a configurable amount of time to reject it. Failure to do so will lead to them getting access to your vault.

Not sure the security mechanics involved that allow for it, but it seemed like a very neat product for this very thing (and I've added requesting access to the death checklist I gave to my wife), since it means I'm not having to provide my password to anyone (or even get it out of my head and enclose it somewhere physical), but my wife can still get access to it in the event of my death (or my being incapacitated for a sufficiently long period of time that she needs it).

My master password is written down in a sealed envelope, which has been placed in a secret place that my wife knows (but always forgets). My lawyer has a sealed envelope with the location of the secret place, and my will has instructions to give that envelope to my wife (in case she forgets the secret place, which is often). The will also says who gets ownership of the secret place and the envelope in the case with both die together.

When my kids get older they'll move to the top of the access list for the envelope with the location of the secret place and ownership of said place.

Why don't you encrypt your password twice, give the resulting file or string to both of them, replicated twice or more ?

And each one of them has the password for one of the two encryption layers ?

This way it won't get lost.

My family isn't that technically savvy and would probably require help with the decryption, but I'd be dead.
oh, that's a good point, indeed.

I didn't factor in the technical ability of my relatives. I guess I should.

> I guess I should.

Not just technical ability, but state of mind etc. Anything needed quickly (not everyone will have such) should be straightforwardly accessible by someone who is both distracted and busy.

I used to sort my data into organised archives on USB HDDs, until I went to college.

Then I found it time consuming and began to just dump home folders and SD cards onto SATA HDDs for back ups

And now I haven't even done back ups since I began to work.

Tagging some USB stuff would be the most straightforward for them, I guess. A bit like a "play me if I don't come back" VHS as seen in movies.

And I would include the letters to unsubscribe to everything, and GDPR requests to delete my data as mentioned by the creator of the thread in

>So I ask: do you have a procedure in place to grant or transfer access in case of death?

There’s probably a way to low-tech it by printing half of each password glyph (with a suitably ambiguous design) on transparent slides that you need to overlay with each other to be able to read the password.
Gonna suck if you die in a house fire that also burns up that sealed envelope, though.
The envelope is not in the house. :) That would be silly.
Yes. Password manager with all essential entries shared between spouses. Plus a written document describing how to get into the password manager should we both go. We shared the location of the document with key people.

Still, there's probably more we could do, and a number of bases left uncovered. For example, we each have a number of monthly subscriptions that are auto-drafted but won't need to continue after death. We should identify those and have cancellation plans.

Plus we both have lots of crap, and possibly some important in various online/cloud storage services. Even with password access, it would be hard for survivors to know what to look at and why.

And then there are the accounts with two-factor auth. What if one of us goes with our phone? Oy!

As long as they can get into the email, they can eventually get into everything else. If there are second factors in the way, I have backup codes printed out and stored in a safe location that they will be able to access. And this only matters if the official facilities, e.g.: Apple Legacy Contact, don't pan out.
I just have the computer and emails passwords and my phone pin stored in a safe place. I have a few critical MFA codes stored as well in case my phone suffers the same fate I do.

Any other important password can be reset from those things and discovery of accounts can be done via email and credit card statements.

My odds of dying in the next year are remote enough that I don't feel the need to get the process perfectly laid out when it probably change in the >40+ years I expect to live.

Yes, I have set this up to give my wife access after 14 days: https://www.lastpass.com/features/emergency-access The long delay is simply for security purposes so there's not instant access for someone who hacks _her_ accounts.

> Give someone you trust access to your vault. When your trusted contact requests Emergency Access, you can decline their request within the specified waiting period. Otherwise, your vault is added to their LastPass account.

Are there any technical details of how this works on the backend?

I thought LastPass only kept encrypted user data that only the master password can decrypt. Would this process mean they keep an accessible copy?

I suppose the process could be to encrypt my master password with a public key generated by the spouse account (with the private key stored in their encrypted bundle), that LastPass servers can store and provide on delayed request?

I would imagine it involves something like encrypting your master password (or more likely some other encryption key that won't change) with their master password as if it were anything else they had stored in their account. The difference is that it's blocked by the time delay.
I think something like that might be how it's done. I don't think they could use the master password directly (at least I hope not, wouldn't that mean transmission of a master password from the client?), though I suppose they might have a mechanism of generating a consistent key pair just from the master password.

However it works, I think LastPass should have a technical section that describes the mechanism in more detail

LastPass describes how it works at [1].

They also have a technical whitepaper describing a lot of their cryptography including shared folders and recover codes. I found the current version[2] which disables ctrl-f for some reason, and an older version[3] which allows ctrl-f.

[1] https://support.lastpass.com/help/how-is-emergency-access-se...

[2] https://support.lastpass.com/download/lastpass-technical-whi...

[3] https://assets.cdngetgo.com/da/ce/d211c1074dea84e06cad6f2c8b...

I believe, when you set this up, they re-encrypt your data with the other user's keys so it's never accessible by Lastpass.
I think the problem with that would be the copy would go stale fairly quickly right? I suppose the process could make it so the data set is encrypted with all associated keys everytime it's uploaded from the client
Shared key.

You have a key, which encrypts a shared key.

Your spouse has a key, which encrypts the same shared key.

Vault is encrypted with the shared key.

Access is controlled separately. But upon successful share, their existing key can decrypt the shared key which decrypts the vault.

My dog has likely seen me type in my password at some point, but otherwise, no one else gets access even after death.
I think the same

Why would anyone access my Discord account, or my kawaii and punk music playlists on Deezer. This quality content goes with me into the grave.

OK content is unencrypted on my computer, anyway

My son has biometric access to my phone. From there, he can do everything. It works for me.

My son is the one human who matters the most to me -- there's a letter in there for him, too. I add to it periodically.

At least on an iPhone, biometric access won’t work if the phone has been powered off, such as due to the battery running out.
On my Samsung, it is probably the same on iPhone, i always need to enter my pin/password to be able to unlock it after a restart. After that 99% works with Biometric access but some things still need the pin/password.
Ahh yes, he knows the code too. But that’s a good point for others.
What if the phone is destroyed or lost or stolen?
We have multiple iOS devices in our family plan, including multiple iPads.

This works for now, with our current array of tech. My company offers a free sponsored account with one of those companies that offers after-death account and paperwork services. I intend to look into it, but don’t want anything tied to employment or to a company that’s not as likely to survive as it is for 20 years.

Also, I should mention, all my passwords are in 1Password. That’s a known password too.

As others have said, lock code is safer. iPhones sometimes will demand the code instead of biometrics from time to time. Also, any app protected with biometrics can be unlocked with the code, so the code is the safer bet.
Not really. I'm honestly kind of surprised at the preparation some people have put into the expectation they might die soon. All of our accounts are joint and I'm not hiding any assets. I have pretty sizable life insurance policies that will make her a millionaire overnight. If a porn subscription refuses to cancel when she shows a death certificate, I'm guessing she can find a way to cope. I know she can cancel my debit card all the subscriptions charge because I accidentally canceled hers just last week. I don't think I have anything I would call a digital library. Not really much of a data hoarder. I don't rewatch movies much and haven't take photos regularly since 2002 or so, and most of those I never bothered to develop, though I actually still have the film in a shoebox in the closet if she wants to try.
One thing to consider, is that even if you have 2FA keys and full access to an account and can do things with it, you may be illegally doing such after the account-holder's death.

For example, depending on how your bank account is setup, it may be legal for your wife to take money from it while you are alive but become illegal after death until probate is complete. The reality is nobody cares because 90% of the time the surviving spouse gets everything anyway, but it's there.

Check your local laws.

This. I have set up automatic wire so my employees receive one or two month automatically, but the truth is, it’s probably illegal for the to receive that money.

Same goes for next of kin’s access to my accounts. Uncharted territory, but those are assets, and I don’t think people should be able to peruse assets of a defunct.

If you care you could discuss it with a business/estate lawyer and setup some sort of a trust - but the complications may be not worth it.

It’d only come up in an adversarial inheritance scenario so make sure you have a bulletproof will.

More importantly, do you have instructions and descriptions of everything?

Sure, my wife could access my accounts, but she'll be lost - which are important? which can be ignored? What do you do once you have access?

Where are all the bank accounts, credit cards, loans, and how are they setup w/autopayments & withdrawls?

Ditto for insurance policies, your random toys and tech stuff. E.g. what should be done with your random websites/URLs - let them expire, archive them, ?

And my social accounts too...

It's not good enough to just go over it together one night, you need clear documentation that can be quickly referenced and followed during a time of immense stress and grief. And then keep those docs updated!

It seems a little weird that your wife is so removed from the financial side of your setup. Does she really not know where your credit accounts are and how much are on them?
Not the OP, but for my prior relationship my ex wanted to be divested of that knowledge. I tried early on to keep them abreast of what was going on, but they were "not a numbers person," and whenever I tried to explain our complicated financial structures and how assets were liquidated and passed through various accounts to accomplish large projects their eyes glazed over. So, they trusted me to keep us solvent, and I made just about any request of theirs happen (which sometimes required a lot of juggling).

All relationships are different. :)

My partner is the same. I have a document that says "here is the name of our accountant. I recommend you do X for now".
Yup, my wife doesn't want to deal with such things. Total assets, yes, but the details of managing them are entirely my job. She doesn't want to deal with it and I don't want her to have online access because she would be way too easy to phish.
> where your credit accounts are

I don't know all of ours. I know our shared bank account, and that's about it (well, we have a shared password manager, so I could probably figure it out). It doesn't seem useful to have the knowledge, and when she dies, the least of my worries is a missed payment or two.

> how much are on them

I doubt most people on HN carry credit card debt.

I am gonna drop my will in the little library thingy with a copy of sun tzu later, for now I wanna let kids enjoy the holiday without having to wander around some stoner.

(My passphrases will cause a nuclear war if read in open court, fuck around and find out, consent matters.)

I have.

I had most of this done already, but about a year ago a friend of mine -- very healthy! younger than me! -- literally dropped dead. It was a bolt from the blue, for sure, and the trouble that followed for his widow was a wake-up call.

For some reason, he and his wife weren't on a "family" plan with Apple, which meant, from Apple's POV, they were just two customers, and lawyer letters and whatnot would be required to get her access to even his pictures on the phone.

Apple NOW has a feature that allows you to nominate a "digital legacy contact" for your Apple data. If you're on iOS, I RECOMMEND IN THE STRONGEST POSSIBLE TERMS THAT YOU CONFIGURE THIS IMMEDIATELY.

https://support.apple.com/en-us/HT208510

As for the rest of my digital life, everything is in a password manager, and my wife understands that the master password for said vault is in the safe.

How do you protect against government accessing your safe, getting your master password and accessing all your digital files. If I am not mistaken, Fifth Amendment protects one from incriminating themselves by giving up their own password, but in your case they just need to confiscate and open your safe.
If the feds want your data and are willing to confiscate your safe to get it, they can probably get your data without confiscating your safe.
> How do you protect against government

In general; you don't. If the gov. wants to make you do something, you're going to have to do it. In many western countries, that's only a vague threat, an many others it's a lot more real.

Theoretically, you could have two components to the password: something long and random that is written down, and something easily remembered and personal. A special moment, a place, an anniversary only the two of you would know, etc.

What benefit does the long random part provide?
It prevents it being guessed. The memorable part protects against someone finding the written down/recorded random portion and using it since they don't have the remembered part, but the remembered part on it's own is somewhat vulnerable to guess work
I don't.

If one has something going on such that state-level actors might want nefarious / adversarial access, well, one should be taking MUCH MORE SERIOUS STEPS about personal digital security.

Your "regular everyday normal mfer" (as the song apparently incessantly looped on Instagram goes) has no such enemies. My personal digital opsec is designed to keep me and mine safe from likely threats, and the threats I face are pretty banal -- brute force attacks, mostly. I am 100% unconcerned about governmental intrusion into my safe to gain access to, e.g., my online banking passwords.

You do realize state actors include the IRS, the FBI on a fishing expedition for a crime that occurred near your house, being framed for a crime because you look similar, false DNA matches, etc, right? All of these things are non-zero, and significantly above non-zero that everyone and their grandmother should consider it. Unfortunately, pandora's box opened with Snowden. We are all targets. The only difference is what degree of a target you've made yourself. If you work in tech, you're already high on a priority target list somewhere.
(comment deleted)
By the time the FBI gets a warrant and takes my safe with all my secrets, it's too late. Maybe I'm naive but I don't have time to live my life with your degree of paranoia. Good luck to you in your endeavours to avoid anyone knowing anything about your life.
It's not about preventing people from knowing anything about my life. It's about control and threat surface. You can do these things without thinking after a little practice. I would like to present the version of myself I want the public to know about and have full control over that. Incursions into my privacy violate that idea.

It's not paranoia. That would imply they aren't out to get you. They are. Leave the government out of it for a second. If someone's phone is stolen it's very likely their entire identity, a majority of their secrets, documents like medical ID cards, credit cards, etc have been compromised. This is akin to "getting a warrant to a safe" (which in reality is just court-ordered theft) and it will completely destroy a person. In the context of the discussion if you were able to break into a dead person's phone you could very likely build a complete picture of their life. Perhaps one they weren't interested in you knowing about.

I'd prefer to avoid those situations. First, by not making myself a target, and second by protecting any and all data I have the best I can. I rarely think about it but I know if my phone is stolen, my computers are taken, or I get caught up in a fishing expedition the threat surface is extremely limited (provided the information isn't beaten out of me).

You have chosen to have a different risk tolerance than the person you’re replying to. They explained their threat model, you disagree. That doesn’t make you right or them wrong.

It’s simultaneously true that for your model they’re being naive and for theirs you’re being paranoid. That’s fine.

I'm pretty sure that song is a blatant ripoff of "Regular Everyday Normal Guy" which predates it by about a decade. https://www.youtube.com/watch?v=5PsnxDQvQpw
I googled the lyric when posted because I only have it from the contextless world of Instagram reels, and I have a fetish for accuracy.

It was indeed from Jon Lajoie, but not the song you link. It looks like he did a followup track called "Everyday Normal Guy 2" which includes exactly the loop you hear (with "motherfucker" and not "guy" in the refrain) everywhere on social media right now.

https://www.youtube.com/watch?v=GmG4X9PGOXs

If they get a warrant from a court, they can open the safe.

As the question is about granting access to accounts after death, it seems an odd worry. The government is also likely to get access to your data from your Google, Facebook, etc. If you have a server in the cloud, they can probably go to your hosting provider to get physical access.

So unless you have data in secret offshore servers in countries that won't cooperate with the US government, then a safe is not your weakest link.

My question was regarding about having secret to your password manager in a safe, which I agree think is still on-point with the topic for "Have you set up a procedure to disclose your passwords in case of death?".

Storing secret to password manager that can be easily accessed by government and state actors negates all the trouble that password managers went through ensuring no one besides you can access it. I believe every good password manager encrypts data in a manner so that the provider itself can't decrypt it if government tries to get access to it.

Don’t keep anything behind that password that the government doesn’t already have access to!

Government already has access to banking and phone records, most online accounts and data from Apple, MS and Google.

(comment deleted)
I prefer to think of the NSA as my cloud backup provider of last resort, paid for by my (overly abundant) tax dollars and responsive to a FOIA request ;)

/s

I think for 99%+ of people that’s not much of a concern, but if it is for you, what’d be wrong with burying it under a rock in the yard, or any of the 100+ sneaky ways one could secret a envelope somewhere for safe keeping (there is a slip of paper in the copy of Moby Dick at Bob’s house in the library, and if it’s not there, there is backup one at uncle Jim’s in the NE ceiling tile of the ground floor guest bathroom).

I’m sure others have much better ideas…

I think your statement about 99% of people it not being concern is true at any given snapshot of time, but not true across the lifetime of those 99% people. Case in point: Harvard student gets denied entry because of his friends' social media posts which were discovered upon searching his phone [https://techcrunch.com/2019/09/02/denied-entry-united-states...]. If you were to ask him, he would say he is part of 99% and has nothing to hide or be concerned about, and is probably true for most of his life, besides that period where his friend posted something on whatsapp and his phone being searched.
Same here. In fact, I took it one step further and drafted a document that outlines all the important business contacts I have the she would need to contact in case of my death. To liquidate assets, and/or help with keeping the businesses I have running. Online services, hosting providers, etc.
Man, that's probably the smart way to go.. I just told my wife to take my half-assedly secured computer to one of my tech friends to break into it
Google has Inactive Account Manager, which is a dead man's switch for your account. Everyone should set that up too. https://support.google.com/accounts/answer/3036546?hl=en
Anecdote: I'm the account manager for most family members. One day my sister was angry with me, removed me as the account manager, and some months later locked herself out of her account after having trashed her phone and forgot her password.
I like that they have this, it means if I ever go missing unexpectedly that there'll be someone who can access my last known location, and access to social media comms to understand why.
I just tried to set that up and got a page that says it’s not available for my account.
You must already be deceased to use this service.
Probably not available for business & education accounts. Maybe not available in all countries?
I've done the same with taking the password manager approach and putting the master password in the safe. I've also place a "death envelope" in there that outlines who would need to be notified from my employer and other important contacts. We also have "safe opening" class every so often.
Wow this was quite possibly the most helpful Hacker News comment to date.
Will your paper in the safe survive in the case of a house fire that kills you?
If it's a fire-rated safe, probably. Good point about paper, though, electronic media likely wouldn't survive. I'm going to update my records--the main stuff goes in a cloud account, but paper in the safe with the credentials.
My neighborhood burned up a couple years ago, and safes were fairly worthless, fire-rated or not. Papers were ash, precious metals were all melted. Many safes had shattered, or were so degraded they could be broken with a kick. Just a warning... I'm sure some safes can withstand intense housefires, but it seems like most claiming so, can't.
Now that I read it again, the comment was about storing the master password in a safe, in which case, you could stamp it into a metal plate or some other solid that has a high enough melting point. Steel seems like a good choice of melting temperature, with titanium even better. Or try tungsten, for a much higher melting point.
This doesn't give the contact access to your keychain. Only messages, files, photos, etc. In order for them to inherit things like cloud passwords you'll need to set that up yourself somehow.
It's not really necessary (though it might be helpful). For important accounts (financial, mostly) there will be a policy and process for granting access to the estate upon presentation of acceptable proof of death.

A credit report will identify any open credit accounts and those creditors can also be instructed to provide payoff information and close the accounts.

The main thing you will need to handle the death are lots of certified copies of the death certificate. One per account, generally, and copies/digital scans are not accepted.

> A credit report will identify any open credit accounts

In the US, for most traditional assets, sure, but not necessarily elsewhere. If you have accounts your spouse/partner/next of kin doesn't know about, then you should list them somewhere and include that list in your end-of-life paperwork.

Who cares about the debt? Trust me. The debtors will find your estate and if they don’t, your dead anyway.

The main area to record would be asset accounts, valuables held in safe deposit boxes, files, or secret locations holding things like cash, stamps, coins, treasury certificates, partnership agreements, titles, deeds, etc.

Well, if the estate has any assets, the creditors legally have a claim. Just makes things smoother and quicker to identify all of them up front.
You don't need certified death certificates for creditors and the like, only for assets you want to claim.

When my mother died multiple places *asked for* certified copies, I simply told them she's dead, there will never be another authorized charge, nothing is currently owed so no payments will be made, do what you will with the account.

No. I don't want them to see unfinished projects.
“If you’re not ashamed when you launch, you’ve launched too late.”
(comment deleted)
The project may not be a business idea, or professional work, good enough is not always applicable even if it is professional it could be a book, a composition or painting .

many creator have had unpublished manuscripts specifically taken care of in a way to preserve their brand legacy

I've set up Bitwarden granting time-delayed emergency access to a couple of family members.

I've also left a thumb drive with a Bitwarden export and printed paper in a safe place for my family, describing how to access everything important.

I trust my family not to abuse that, but if I was less trusting I'd look at Samir's Secret Sharing to ensure family members had to collaborate to retrieve my sensitive info. Or leave the data with a lawyer.

I made sure to pass on my 2FA secrets too.

I have. I have a password manager containing everything, with the password to that enclosed in my end of life paperwork with the lawyer/in the bank vault. My will spells out who is to do what with that information.
Like many others here, I also have a 1Password account shared with my wife so she has access to all of our accounts.

Besides that, I have a tag called `after-he-dies` with some secure notes in it, including a note that tags every account at a bank or investment account where we have money, so that she won't risk losing 20k or something because she doesn't know where every money account is or whatever.

That tag also includes a note with instructions for how to make sure that the accounts that automated bills pull out of don't run out of money.