Now that we’ve covered what a password manager is and how it matters in estate planning, this entry will take us through how to set up your password manager with this use case in mind, or to set a password manager for the first time.
Who should know about your accounts (and what are their contexts)?
Who are the folk who need access? Who don’t you want to have access? For a deeper dive into this question, you can also do a threat model, but in the meantime, here are the three factors to focus on for this use case:
- Trust : you are granting access to your bank account, to your social media, to everything you have online. You should be excited for the person/people you grant it to speak for you (posts to social media), manage your money (withdraw and deposit funds, sign for things in your name), and the like.
- Technical ability : after reading through the rest of this post, consider who in your life has the technical ability to understand and execute your password-manager-related request.
- Legal context : the law around who can access an account is still squishy. Accessing an account you’ve been given the right to via a will may still overlap with a nasty law called the Computer Fraud and Abuse Act (CFAA). Come back soon for a link from the legal side in how to set up your fiduciaries to succeed and be safe.
How will you notify them?
The folk you select need to know when to access and act upon your digital assets. Just like other aspects of estate planning, it can be difficult to talk about these inevitabilities, but it’s better for folk to know what is expected of them than to have it sprung upon them. Additionally, setting up a way for them to be reminded at the time of need will help refresh folk’s memories. I use a mailing list, to which any of the folk I am often around can post. You might add the reminder in with you will and other related paperwork.
How and when will they gain access?
Password managers store all your passwords in one encrypted file called a “password vault.” The person(s) executing your estate will need to be able to find this file. Some places that file might be, which will need to be communicated:
- A device you share with that person, such as a laptop. If it’s on your own machine, they’ll also need a password to unlock that device – how will you get that to them? This is the best option if you live with a loved one you trust.
- You can keep the encrypted file of your passwords in “hard copy” – such as a thumb drive stored in a lockbox or secret place. This means the fiduciary will need to know where to find the object on which the file is stored, and be able to access it. This is the best option if you’d like to keep the file offline and generally out of touch until it’s needed.
- The file can be kept in “cloud storage” like Google Drive or SpiderOak. This means just about anyone can look at the file, but unless they have the password, they won’t be able to unlock it. This is the best option if you’re concerned people won’t find or keep track of a physical object.
Unlocking the password file
- The fiduciary will then need to be able to decrypt (sometimes called “unlock”) the password file. This person or persons should be someone you trust – see the above section on “Who Should Know About Your Accounts?” You should trust them both to not unlock unless necessary, and to remember/store the password.
- It is also possible to put your password in escrow, often with the attorney who helps with your estate planning. Be sure to check that they understand the setup and are able to execute on it.
- For the technically savvy, it is also possible to split your password amongst multiple people, so that no one person might decrypt (or be compelled to decrypt) the password file. Then the trick is for them to be able to be in touch with one another in order to execute the digital estate.
Our lives have changed in the digital age. So, too, will our deaths. Through some careful planning, you can make yourself more secure at the same time you ease the execution of your digital estate – by using a password manager. Those you care about will have an easier time when they are already in duress. After the initial setup, your life should be easier, not harder, with a password manager. You should be able to live your life normally, and have your password manager and a system you trust be kept up to date though its use so when you fail out, your system doesn’t.
The next entry will be a checklist to help you set up and make sure a password manager for your digital assets is working. Let me know if you have any questions! I’d love to improve this blog entry and the checklist.