Summary: With all the digital data we take great care to secure, we need to consider who might need access to it and how if we're not around to unlock it.
This is actually a question I heard on an episode of Security Now with Steve Gibson and "the other Leo", Leo Laporte. They speak frequently about tools and techniques to keep data secure, and the question was - in that light - how to make sure that data is actually available to those we might leave behind on our death.
It struck a chord because I regularly hear the other side of the scenario. I frequently hear from those left behind, frantically attempting to access important, sentimental, or highly critical data that a recently deceased friend or family member has locked up extremely tight.
Think about it; what happens to your encrypted data, your online accounts, your pictures, or your "digital-whatever" if for some reason you're not around to access it?
What if you're the family money manager and suddenly your spouse needs access or information and has none?
It's not particularly pleasant to think about but with all the security measures we put into place these days to keep bad people out, it's worth also having a plan for letting the good people in, should the need arise.
•
Leaving Behind an An Inaccessible Mess
I heard from the wife of a member of the military killed overseas who wanted access to her husband's email account to retrieve critical information as well as to get a glimpse into the last days of his life. The service he used was a free email account with no effective customer support. There was nothing I could do to help.
I heard from the children of an elderly grandparent who needed to access his password-protected computer to retrieve the only copies of some very important family pictures. Fortunately, there are ways to break into Windows machines if you have physical access. Had this been another type of system I'm not sure we'd have been as fortunate.
I hear about scenarios like this on a very regular basis - those are just a couple of examples. Sometimes I can help (breaking into Windows, for example) but usually I cannot (online accounts without customer support are often gone forever).
There are also scenarios I worry about for myself. As you can imagine, I have a large amount of data that is very securely encrypted, and do a lot of things online that require secure access. If something were to happen to me, what would my wife do?
This type of disaster planning is at direct odds with conventional security wisdom. On one hand we say "never share your password with anyone", but on the other hand, that's almost exactly what you must do in case something were to happen.
It's not an easy scenario to solve, and not all solutions work for everyone.
But solve it you must. I think it's critical for those of us who would leave behind a confusing, encrypted, password protected digital mess to take steps to ensure that the right people, or the right person, would be able to have access and make sense of it all.
•
Who Do You Trust?
As with so many things, it boils down to a matter of trust. Who do you trust? And are you absolutely positive that, having trusted them today you will still trust them a year from now? 5 years from now? 20 years from now? How many friendships, relationships and even marriages last that long?
No, you don't have to commit to 20 years of trust - depending on how you set things up, a quick password change or two can instantly protect you from a relationship where trust has been lost. Hopefully, you'll have detected that change in trust early enough.
If you choose a professional, will they still be around? Will they still have your trust?
Steve and (other) Leo discussed a scenario where you give each of two people half your password, so that they have to agree that there's cause before using it. That's a possibility, assuming you can trust that they will agree when you would want them to.
Regardless of who you trust, you'll have to keep that question "do I still trust them this much?" in the back of your mind. Whenever the answer changes, then you'll perhaps have to go through the effort of protecting yourself from the previous "trustee" and find someone else.
It's not easy, but it is important.
•
Keeping it Simple - One Approach
Once you have someone you trust, what is it, exactly, that you give them? On one hand you don't want to give them every single password to every account or encrypted thing you might have. Not only is that another opportunity for your passwords to accidentally be revealed to others, but you also have to keep your friend updated every time you change one. Chances are you won't, and as a result, if they're ever needed, the passwords your friend would have are out of date.
You certainly don't want to use a single password everywhere. Yes, it would make it easier to hand it to your trusted friend, and even easier to update him when you change it. But it would also make it easier for a hacker or other bad guy to instantly have access to everything should that password ever leak out.
Here's what I do, presented merely as one example for your consideration. I think it solves most of the troublesome problems.
-
TrueCrypt: All of my key data is on a TrueCrypt mountable volume. That includes everything sensitive and everything that would be required to carry on in my absence. It's a volume that I use every day, so by definition that data is always up to date as well.
-
Readme.txt: In the root of that volume is a "readme.txt" file that describes what's on the volume, including what's important, and what might not be. It's a plain text file, guaranteed to be readable on any system at any time. There's also a document (typically somewhat out of date but better than nothing) with additional disaster instructions and requests.
-
PassPhrase: That encrypted volume is protected with a lengthy passphrase. Easy for me to memorize, and virtually impossible to guess.
-
Backup: The encrypted volume is periodically uploaded to a secure location on the internet. This is in case something happens to my home or my computers in addition to myself, or even as a backup for my own use should my computers become inaccessible.
-
Trust: I've printed the passphrase out on paper, and included additional basic information such as the secure location of the backup copy of the encrypted volume on the internet. I've placed it in a sealed envelope in a secure location in my home that my wife knows about, and also given sealed envelopes to two extremely well trusted friends - one local, and one out of the area. In the time of a disaster, any one of the three would gain total access with that information.
-
Revocation: In the unlikely event that I lose trust in any one of the three, I change the passphrase on my encrypted volume, and make sure that all backup copies are replaced with that new one. All I need do then is update the printed instructions with the new passphrase and hand it to my (new) trusted friends.
On the surface it seems a bit much, but realize: many of these steps are steps you should be taking already. You are protecting your sensitive data, right? You're backing up, right? Perhaps you are even using off-site backups if that makes sense for your situation?
What I've described above boils down to a little documentation, and a couple of simple additions to what I was already doing to ensure that things would be accessible after my death. The same holds true for you. You should already be making sure that your data, your passwords and your identity are somehow secure. Chances are building in a secure recovery mechanism for disaster recovery isn't going to be all that difficult.
Trusting the right person should be the part requiring the most thought. The rest is, essentially, just paperwork.
Related:
-
TrueCrypt - Free Open Source Industrial Strength Encryption TrueCrypt provides a solution for encrypting sensitive data - everything from portable, mountable volumes to entire hard disks.
-
Do you have a disaster plan? A disaster prompts thoughts on the plan that's keeping Ask Leo! running. (Podcast, with transcript)
-
Ready for disaster? Are you ready for the worst case scenario? (Podcast, with transcript)
Article C3495 - September 8, 2008
Chris' idea has one flaw that makes me very uncomfortable. If the computer was ever stolen, it would contains not only all the data, but also the passwords to access it.
I suppose, that it might be acceptable for someone who was extremely sure of the physical security of the computer.
One option for those who want a secure setup like Leo uses, but don't want to share the password with anyone until they are gone (or at least incapacitated) is to setup an automated email that would be sent in such a case. A simple (free) way would be to setup a calendar reminder with email notification on Yahoo (or one of the other free email services with a calendar) to send the password required to get into your stuff to the person you designate. You would then have to periodically reschedule this event before it went out. If you became unavailable to reset, the email would be sent. This scenario has the advantage that you do not have to update anyone with your password changes, but would probably require another (calendar/email) reminder to reset the "dead-man-switch". There would also be a delay before your email went out corresponding to how often you wanted to perform the reset maintenance.
I suppose you'd have to be quite paranoid to go to this much effort... Well, time to go reset my switch.
Posted by: Michael at September 9, 2008 8:03 AMTo brand that stuf on a CD sounds good. But to put that CD in the system and hope then that the system will be brought to a professional and than hope too that that professional will do the right things, is too much. I would not count on that. I would put that CD on a safe place and give instructions to the person(s) who would otherwise take care in these situations.
Posted by: Sad at September 9, 2008 8:12 AMHow about one of the Password key systems that hold all your passwords on a USB memory stick. You would have to give that passowrd to your trusted people but it would not be of use until they were able to get your USB key?
-Leo
I've given out my passwords to everyone i trust..
Posted by: Amin Gilani at September 9, 2008 10:25 AM.
plus.. there's text a file straight in my open hard disk that contains all the passwords and stuff required to open my accounts..
.
sensitive data that i don't want ANYONE else knowing will be lost with the password that's in my head =P
Well, sooner or later we'll be able to read a dead (person's) memory and recover data much like pulling out a hard disk from a dead system and plugging it into a new system or using disk recovery tools.
In the popular media we already see that scientists can tell which part of our brain is responding ( and hence the general nature of response) to a question. This is something like that Tom Cruise movie where he is being chased for a crime he is GOING to commit in the future.
I have no doubt that defence and spook agencies are already working on this. Imagine being able to interrogate a terrorist caught dead !
Regards
Posted by: Vikram at September 9, 2008 11:58 AMI have an almost identical arrangement to Leo's. Except my passphrases are all contained in RoboForm (so one master passphrase can access all the others). That master password is in a sealed envelope in a secret place in my house - and my family know where that place is.
Posted by: Mobius Tripp at September 9, 2008 1:57 PMI have often thought about this scenario (dying). My user files are stored on an external hard-drive, so it is accessible on ANY machine (family pics and stuff) - all one would have to do is remove it (it's USB), and plug it into a different computer. My main hard-drive just contains Windows and programs - all one has to do is insert the recovery disk and format the hard-drive. As it stands right now, nobody can access my external hard-drive until I actually get past the sign-on screen for Windows, so I guess it is SOMEWHAT safe, and yet easily accessible if I die. If somebody is going to steal my machine, a password will likely not stop them anyway. One advantage to this is in the case of fire - I can safe important files/pics/data just by yanking out the USB cable - the machine can stay where it is. Another advantage of this is that the main drive doesn't get as fragmented.
Posted by: Carl R. Goodwin at September 9, 2008 7:45 PMIMHO, like Leo says, every solution ultimately depends on trusting someone. A friend's wife walked out on him and filed for divorce. But before moving out on my clueless friend, she cleaned out their joint bank account to the extent that my friend had to depend on his family for even day-to-day support. And she was "the" loved one. Who can you "really" trust in today's world?
Banks or established Law Firms are neutral safe places. The account and safe deposit box can have a nomination facility whereby the nominated person has to produce a death certificate or a living trust assignment to access the account/box without a lengthy legal proceedings.
Posted by: Cynic at September 10, 2008 4:00 AMThree words: "Safe Deposit Box".
Keep an envelope containing a list of your major passwords (no need to disclose them ALL, only the ones your loved ones are likely to need!) in your Safe Deposit Box. Safe Deposit Boxes ONLY become accessible to someone else after you're dead, so by definition there is no risk of premature access by anyone else.
Yes, of course, there are problems. There always are! First, there is a yearly rental fee, typically around $30.00 or so; this isn't much but it may be a nuisance. Then, you need to update the secured information regularly, which usually means a special trip to the bank (another nuisance); and for your loved ones, there will almost certainly be a significant delay before access to the Box can be obtained. Still, it's a good sight better than no plan at all, and for many (perhaps even most) purposes it may well suffice.
Hope this helps!
Posted by: Glenn P. at September 13, 2008 9:17 PMReading your current newsletter I came accross REXFORDS solution to "WHEN I DIE".
Posted by: David Burlakoff at September 16, 2008 7:47 AMHis methods are the same that I use with my trusted heirs, with 1 additional step. Every week I send an encrypted e-mail that includes any NEW or updated accounts with the passwords for them, that I have started so that they are ALWAYS up to date on what & where my accounts are.