56 comments

[ 5.3 ms ] story [ 86.8 ms ] thread
The joke about two hard problems in CS being naming and caching rears its head again.

You need a name that will stick around for a long long time fundamentally on things like this.

This service: what guarantees or technical architecture mean it will stick around? Through upgrades, acquiring, economic ups and downs, death of owner? This website looks like a two bit shop.

It just highlights the transient nature of the web. Even things like facebook seem to have about a 20 year arc then things get acquired / renamed / subsumed.

The issue is the URL and DNS. There's no way to fix some link to a document or a service in stone for hundreds of years, even though we have the tech. Maybe government could provide that?

Corporations have the same issue addressing their files with links, especially in acquisitions / rebranding or re-re-re-branding.

And then of course there's hacking. Paper really does have its advantages sometimes.

"We regret to inform you the owner of deadmanswitch.com has died and we are unable to access the servers"
I keep a key for everything in my password manager, and the company has a procedure for giving access to next of kin when I die.

2FA is kind of screwing this up screwing this up though, adding another hurdle.

2fa backup codes can be useful here for the services that provide it.
That's a great point. Google and Github allow it, but it'll still be difficult for non-technical people if they inherit my account. Stunningly some banks don't allow 2FA backup code. Sigh.
You can mitigate some of this by reducing the number of accounts you have to deal with as you age, even if it costs a bit more.

For example, while it may make sense to bank with a big national firm that doesn't even have branches nearby, perhaps moving things to a credit union with local branches at some point is worthwhile, because at least then the next of kin can walk in and hash things out. After all, it's been done before.

Many accounts can just cease - no real need to post a "I'm dead now" to hacker news, for example.

Definitely a great strategy. I found it helpful to consolidate cloud storage too (i.e. not spread stuff across OneDrive, Dropbox, iCloud, Google Drive, etc.).
it bothers me that the article starts with

> we use X technology that is better than Y technology

it makes me think the entire point of the article was to advertise X technology to me.

One of my startup ideas is the creation of a virtual assistant service that would help out in situations like the one described. You’d give full access/permission to this service (major security and selling point drawback), and in case you didn’t respond it would manage your accounts according to your wishes (transferring of ownership, closure of accounts, setting up of payments, funds allocation…).

The easiest and more practical way is to have a couple of friends/relatives/spouse be aware of your wishes and leave detailed instructions on what to do.

The dead man’s switch is a very clever alternative way of doing this.

The challenge is this is a single point of failure. I do remember my old man continually reminding me where his papers are.
Feel like there's no real difference now. People today who don't use (or don't want to use) password managers keep their passwords/credentials in the Notes app or some combination of "most used symbols and numbers".
So my question is how you trust a service like this. I've thought of similar but each time I see someone with that solution I'm reluctant to use it. If Google or someone as big came up with that I'd have more trust in them given the reputation and scale they've built over a number of years but new entrants will struggle.

All I can think is you need a really well known way to create trust. Maybe starting with an open source solution.

A great conversation starter. One that we continue to have and don't actively have solutions for. We should have one. We should build one. We should make it open source. We should build a community around that effort they can manage it for a multi generational time period.
Archive.org?
That's simply an archive for web pages. That doesn't address the OPs point about your entire life being online and needing to pass this on to a spouse or children. We need a way to manage multi-generational services, identity and credentials. When I die how is my spouse going to deal with all that comes with not just physical assets but also all the digital ones that now seem to manage everything else.
I was curious if they'd expand their services to have digital memorials for people uploading all their junk for public review for those interested in leaving behind such a monument. Maybe we can pay in advance for digital cemeteries that host our files indefinitely.
In some ways I feel this could benefit from a government-orchestrated solution. The government already issues death certificates. If they could be digitized and turned into some kind of proof-of-death token that combined with another secret key would unlock ownership of all accounts, that would be pretty cool.
Compost for the walled garden
What happens to all our wealth when we suddenly have a stroke or other serious illness and can no longer understand what a password is or how to read an SMS on our phones?

As a very IT-literate user I already struggle immensely keeping track of all my insurances, investment portal logins, bank account logins, etc. I shudder to think what would happen in the case of becoming cognitively incapacitated in some way.

A solution has to start somewhere, and this is such a place: https://github.com/sowbug/b39tools. It produces five physical cards, each containing a share of a Shamir's Secret Sharing Scheme secret, that can be used to decrypt a text document with important passphrases that next of kin will need.

Every time I return to this repo, I think it's awful, and I try to improve the recovery phase's usability.

That said, the author of the article notes that "[His wife is] not a techie and has absolutely no interest in becoming one." I'd advise him to separate the concerns of living the life of a techie, and handling the death of one. If you've ever been an executor of a loved one's estate, or worse, in charge of the estate of someone who died without a will but with significant assets, you know that dealing with someone's affairs after death is complicated or expensive (and often both). Asking someone to install some software and enter credentials is well within bounds.

Your relatives won't need a password or login to access your financial stuff. once you die the executor of your estate will be able to apply to the relevant companies manage your affairs.

Of course, if all your assets are in bitcoin then they are screwed.

You're correct, but there's a practical difference. Having the credentials allows a distribution in minutes, whereas going the old-fashioned route of sending in copies of paperwork, sometimes with notarization or even signature-guarantee requirements, can take months. Ask anyone who's needed to use the U.S. government's Treasury Direct site to manage savings bonds.

And it's considerate to keep a list of accounts with credentials that your loved ones can consult during a difficult time. Especially with paperless communications these days, they might have no way of knowing an account even exists, and might learn only years later when escheat is approaching.

I guess as long as it's legal to remove assets with the credentials of the loved one who passed. In some countries you have to pay any inheritance taxes before you are legally able to take control of assets.

I 100% agree with listing accounts as part of a formal Will and Testament.

For the US, where I and the article author are based, there's no federal inheritance tax, and federal estate taxes are assessed only on more than US$12-13 million. If someone has to deal with these amounts in the United States, it's much less likely that they lack the means to coordinate the estate.

Only six states assess inheritance taxes, and only 12 assess estate taxes. Few (none?) assess those taxes against surviving spouses, children, or parents who inherit, and most are exempt if the inheritance or estate is under US$1 million.

I live in one of the 12 estate tax states, and their estate had no such tax obligations as a sole-surviving spouse. As a sole surviving spouse with no children, my state also granted me automatic and immediate default probate control over my partner's estate upon their death, and would have even if they didn't have a formal will.

Their will only specified a few of their financial accounts, and my access to their digital estate allowed me to manage the rest either directly or by simply knowing that they exist so I can submit the forms and certificates to close them out. (One such account had a $0 balance; it was purely administrative work, but still necessary.)

Having children, ex-spouses, or legal guardianship over a dependent all complicate these considerably, but in many cases it really is this simple.

> Having the credentials allows a distribution in minutes

Not really since that wouldn't be legal. The estate is going to have to be processed through whichever local laws apply to it and that's going to take the time it takes whether you have passwords or not.

My backup plan at the moment is the emergency access feature of my password manager (bitwarden), I designated my SO as a trusted contact and gave them "takeover" permission, so they can reset my master password and access my vault in case something happens to me.

Disclaimer: I wasn't paid to promote this, and the emergency access feature is only available on the premium (paid) plans. I still wholeheartedly recommend bitwarden as it has served me well over the years.

When a person is cognitively incapacitated, someone else can petition the court to appoint a conservator. The conservator can then forward the court order to financial institutions and gain control of all accounts.

However, this can be a lengthy process and sometimes things fall through the cracks. Bills often go unpaid for a while. The conservator might not even be aware of some accounts, especially if the account holder signed up for electronic statement delivery.

My wife and I run a tech business and can handle/have access to our mutual tech assets. But it we both die? We're setting up a casual agreement with a local tech-peer to manage the transition/sale/etc. of our business assets. I'll be making and printing (on paper) documents with access credentials. While passwords change, I'm confident this trusted advisor will be able to worm their way in even if some of my password are no longer valid. 2FA is the biggest question as some vendors don't' offer printable backup codes. I believe the solution might be giving access to my backup 2FA device to this advisor.

Personal tech assets? I have no plan, but soon my kids will be old enough to be able to manage with proper instruction.

When we're gone. the simulation stops, and all memory state is recycled. Well thats for me... you are all NPC's
So.... All your base are belong to us?
What about the other human players in the MMORPG?
Its a simulated simulation.... :-(
When the actual player dies, we're all dead man.
we are all NPCs in somebody else's game.
Maybe I'm the exeption, but there is nothing digital in my current life that I have any expectation to live beyond me. If anyone cared about my photographs, there are folders and folders of negatives. If anyone cares about the music I've written, there are printed folders with all my music in them. Same for short stories and screenplays. Honestly, I've always treated the entirety of tech as ephemeral. Of course, being permanantly single makes that a little easier for me.
Same. I'm perfectly fine with my email address and all my other online accounts disappearing or being completely inaccessible. Nothing else I save is of any real value to anyone but myself. Like, who the hell wants my... ~840hrs archive of my twitch streams?
LastPass is the only password manager that I know of that comes with a Dead Man's Switch. (1) (2)

I like the UX of the other password managers more, but I need one I can share with my lawyer so that when I kick the bucket he can take care of things for me.

And I'm sure there are security implications. But, like giving having a neighbor hold on to a spare keys to your house, it's worth the trade off. You have to trust some people -- there are people who can help if you let them.

Anyway, until others have this functionality, it kinda means I'm stuck on LastPass. And that's OK... it's fine.

It's hard to write software for adults and also keep up with the latest and greatest design choices. (Or even design choices from the last 5-8 years, ha!)

But a note to all the other people making password managers... please jump on the "we're all going to die someday" bandwagon. (=

(1) https://en.wikipedia.org/wiki/Dead_man%27s_switch

(2) https://blog.lastpass.com/2016/07/how-to-get-started-with-la...

This is one of the main reasons I could never own a lot of crypto currencies. "Not your keys not your coins" sounds great until you're hit by a bus and family members have to figure out what you own. At least if you have an exchange account a lawyer can probably find it.
That's a solved problem in Western countries unless you you distrust all of the following: secure storage, loved ones, your lawyer/trust manager, information unlock services.
That last one is the important part? I dont really want to send my loved ones a copy of the key because I can't trust they wont keep it secure.
You just need one or two of those methods, not all. I personally would keep one copy in a secured physical location and the other with my lawyer in your situation.
I guess my issue is figuring out where the value is?

There are legal procedures for anything important (eg. financial accounts). You don't need the password, you just go through the legal frameworks that have been set up for years.

Almost everything else mentioned just doesn't matter that much. My personal site? Why would my wife want access? I guess maybe to put a "good bye" not or something but in the long run it doesn't matter.

My emails? Again, why would my family care? It'll rot away just like I will! (morbid, I know, but I liked the humour!)

The creative stuff I have made is either easily available on the web, or I intentionally don't want it shared, so whatever.

Social media posts and the like are unimportant.

Photos maybe? I have those backed up on an SSD, no password needed for that.

I used to care a lot about this, but over time I just realized how unimportant that stuff is once given a long enough time frame.

Almost the same as me...

I explained to my wife where the SSDs with backups are kept.

I regularly remind her that "the red plastic wallet" contains a printout of our financials. With a death certificate, she can chase up with the bank.

I have a ton of friends I only know over the internet. I'm involved in a few communities as a pretty central figure. This is the weird sorta edge to this. I would like people to know what happened to me, and that I just didn't stop replying to them or leave them. I own a few Discord servers I'd want to pass off.

It's understandable that not everyone has people they talk to weekly where they don't know real names or locations outside of time zones. You say social media posts are unimportant, but I think that's only true if everyone in your social media circle know who you actually are.

> My emails? Again, why would my family care?

when the author wrote "our emails" my assumption was that the family all has <name>@customdomain - so that would absolutely include the spouse's (and maybe other family members') emails.

I agree, have you ever had to go through a dead relatives stuff? You can tell it meant something to them, but most of it does not mean anything to you. Most of it gets thrown out, a few things get sold, a few mementos are kept, some of the tools go in a toolbox, a lot goes to Goodwill. Mostly nobody wants it, nobody wants to continue maintaining all your stuff, nobody is going to take over your blog (they'll start their own instead), they are not interested in your kaliedescope collection or collection of antique dinner plates, a lot of your stuff is more worn out and useless than you think even if it works fine for you (as long as you reboot it every Wednesday). They have their own life to live. More expensive assets are worth trying to preserve, but your IoT house system is not a rabbit hole anyone wants to reverse engineer or read the 1000 manual pages about. Concentrate on the important things, let go of the rest. If you have enough warning try giving some of it away. Then you might find someone who will appreciate some of it.
I think the simplest answer is - have at least a few friends or relatives that are tech savvy enough to help your spouse or whoever figure things out. Our house is a rube goldberg machine of IoT devices, VLANs, and servers with VMs and other junk. No way I expect my wife to deal with any of that. But she does have access to a very simple, password protected file, that she can share with my father in law or one of a few friends of mine that are capable of sorting everything out (while also probably cursing me for how needlessly complex I've made turning on a light switch).
I've been thinking the same recently about finance rather than tech. In the grand scheme of things, I couldn't care less what happens to websites I run. All I'm concerned about is that my family are looked after.

I manage all of the household finances and my partner doesn't involve herself for the most part. My simple solution: write an Apple Note and share it with her summarising everything I can think of.

I add to it every now and then when I think of something important. Hopefully it serves as a good starting point if the worst comes to the worst. It does make me think I should add a few notes about tech, though, such as 1Password and iCloud.

I have the password for my main e-mail written down in an envelope in a safe which I hope my kids will be able to use to notify everyone on various online forums of my demise, and one of them to take over my digital assets (over a thousand books in the Kindle store, hundreds of MP3s on Amazon Music).
In the week before my spouse passed, they gave me access to their BitWarden vault and gave me their current and past cell phones, which I used after they passed to:

- Update and lock or delete all of their social media, chat, and forums accounts, both personal/locked down, professional/public, and hobby-related. This was the primary way that many of their extended network found out about their death, including people not on social media who found out through their offline social connections.

- Access their contacts to organize memorials with all of the close contacts they had that I didn't — former coworkers, friends from places they lived before we met, extended family I didn't have contact info for, etc.

- Respond to text messages and social media posts from people who hand't yet heard and tried to reconnect with them in the months after their death.

- Update, identify, and closed any shared accounts, financial and otherwise, that didn't already automatically pass over to me. This was especially useful for their 401k, which blocked preferred forms of rollover disbursement into another account unless I had information I could get only via access to their web account.

- Transfer their website domains, some of which needed to persist for various reasons, to my domain management account, and forward their email addresses to my accounts.

- Deactivate their LinkedIn account, which required an inordinate amount of legal action — such as submitting legal proof of small estate probate, which even my state office told me not to get because it was unnecessary in our situation.

- Access utility accounts that were under their name and pay bills that were associated with my spouse's credit cards, pending the provider cutting over administration to me, which in some cases took weeks or required deleting the account with their credentials.

- Download their email, photos, documents, tax returns (they filed our taxes some years), recipes, and other digital products like licenses and Bandcamp music, from cloud services, online storefronts, and encrypted storage.

- Update our pets' microchip registrations, and vet and boarding contacts, to add me or make me the primary contact.

While my partner's illness had been terminal and treated for months, their decline and passing was much more sudden than either of us expected, occurring over the course of about three days. We were barely able to update their advance directive accordingly to the new diagnosis before they were physically and mentally incapable of doing so. If we hadn't handed off the broader pieces of their phone and BitWarden vault first, everything would've been much more difficult.

Since their passing, this access has been useful for prosaic things, like finding proof-of-purchase details for appliances they bought using their email account or phone number in order to get warranty service, or finding a book with library tags on the spine in their belongings and checking their account to see if they had checked it out so I could return it.

But there are lots of things I don't strictly need in my spouse's digital estate that I often find that I'm happy to have. I have dozens of conversations, voice messages, photos, and videos that we only shared via email early on in our relationship that weren't saved in other places, some of which existed only in their account. Our engagement photos were sent as archives in emails from the photographer to my partner, who hadn't forwarded that email to me because I was looking at them over their shoulder, and it included many that we hadn't added to our cloud storage. They owned a guitar that I hadn't known much about until I read through the emails of their acquiring it, and realized it was rarer and more valuable than I had anticipated by a considerable amount. They had most of the contact with the artisan who crafted our wedding rings, and I was able to use those contacts in my partner's email to reconnect with them and...

lots of threads here about passwords and credentials and all that. How do people feel about exhaustively adding all such credentials to the iOS Passwords list under Settings? Is that smart or dangerous? I'd like to hear people's thoughts on that approach.

By way of example I recall seeing a robbery video online I think in Chicago where some fella was walking to work early in the morning like 5am and a car passes him by, pulls a corner, waits for the victim to cross before them, comes out pulls out a gun and has the guy hand over his phone and I think verbalize the code or pass it over unlocked. I think the guy stole venmo or something off his accounts, something like that, and I forget if they were actually interested in the phone or just the information on the phone.

I am working on this, for much the same reasons.

I bought two Apricorn drives with a keypad, and am saving dumps of my passwords there. Also working on a detailed set of instructions. Now need to find a good dead-man’s switch.