Password Managers for Estate Planning : a checklist

Now that we’ve covered what a password manager is, why they are useful for estate planning, and what specifics to consider while setting up a password manager for estate planning, the final step is to execute on the plan. What follows is the last part in this blog series: a checklist for implementation.

1. Select a password manager.

The available password managers and their features are changing over the years, and people more technically and security-savvy than I am are continually doing high-quality analysis of the ones available. Rather than give an overview, here are some aspects you should consider when selecting from those currently available:

  • Does it run on your operating system? You are likely viewing this blog entry on a Windows PC, an Apple computer or phone, or an Android device. While most password managers will run on all of these, it is important to verify.
  • What is the cost? Some have a one-time cost, others have a monthly fee.
  • Does the password manager have sharing built in? Some even have sharing specifically for estate planning built in now!
  • Can you use it? Is the interface clear and easy to navigate? If you’re not going to use it, there’s no point in getting it.

2. Set up your password manager

  • Install your selected password manager.
  • Go through the set-up process.
  • Make sure your password for the password manager is memorable or that you have saved it physically somewhere.
  • Try it out with a few sites you commonly use, without changing your passwords for those sites yet.
  • If it sticks for a few days, start migrating more passwords into the manager’s vault.
  • If it sticks for a of couple weeks, start changing your passwords to more complicated ones, which will be stored in the password vault.

3. Notify folks of your setup.

  • Select the people involved with your digital estate planning based on the previous posts in this series as well as your own guidelines.
  • What do you want these folk to do with your digital assets? Make a list of actions and who should take those actions.
  • Define when you want what actions to be taken, and how they’ll know.
  • Describe how to find and unlock the encrypted password file to those folk.

4. Do a test run

All this overhead only matters if it works. Set up a time with the person you’re trusting with your password, plus possibly another trusted person or two, with whom to walk through the process. Make sure it works, and that everyone knows what’s going on. Then drink tea and have cookies!

Not ready to do this? That’s ok! Instead you can…

Inventory the most important accounts you use in another way, such as a spreadsheet. Ideally you will store this printed out and left in a lockbox or with your attorney, rather than on your computer.

Extra credit

If your life is compartmentalized (maybe the folks in your book club hate the folks in your cribbage club, or your work life and personal life have different levels of security concern and different people need to have access upon death or incapacity), it might be worthwhile to “tag” the accounts in your vault for those different compartments. Various people might be assigned to take actions in specific groups, rather than one person issuing a blanket statement to all social networks and account providers. This takes regular upkeep and additional planning which might seem overwhelming, so don’t embark upon this until/unless you’re completely comfortable in the rest of the setup!

How to Set Up a Password Manager with Estate Planning in Mind

Now that we’ve covered what a password manager is and how it matters in estate planning, this entry will take us through how to set up your password manager with this situation in mind, or to set a password manager for the first time.

Who should know about your accounts (and what are their contexts)?

Who are the folk who need access? Who don’t you want to have access? For a deeper dive into this question, you can also do a threat model, but in the meantime, here are the three factors to focus on for this use case:

  • Trust : you are granting access to your bank account, to your social media, to everything you have online. You should be excited for the person/people you grant it to speak for you (posts to social media), manage your money (withdraw and deposit funds, sign for things in your name), and the like.
  • Technical ability : after reading through the rest of this post, consider who in your life has the technical ability to understand and execute your password-manager-related request.
  • Legal context : the law around who can access an account is still squishy. Accessing an account you’ve been given the right to via a will may still overlap with a nasty law called the Computer Fraud and Abuse Act (CFAA). Come back soon for a link from the legal side in how to set up your fiduciaries to succeed and be safe.

How will you notify them?

The folks you select need to know when to access and act upon your digital assets. Just like other aspects of estate planning, it can be difficult to talk about these inevitabilities, but it’s better for folks to know what is expected of them than to have it sprung upon them. Additionally, setting up a way for them to be reminded at the time of need will help refresh folk’s memories. I use a mailing list, to which any of the folks I am often around can post. You might add the reminder in with you will and other related paperwork.

How and when will they gain access?

Password managers store all your passwords in one encrypted file called a “password vault.” The person(s) executing your estate will need to be able to find this file. Some places that file might be, which will need to be communicated:

  • A device you share with that person, such as a laptop. If it’s on your own machine, they’ll also need a password to unlock that device – how will you get that to them? This is the best option if you live with a loved one you trust.
  • You can keep the encrypted file of your passwords in “hard copy” – such as a thumb drive stored in a lockbox or secret place. This means the fiduciary will need to know where to find the object on which the file is stored, and be able to access it. This is the best option if you’d like to keep the file offline and generally out of touch until it’s needed.
  • The file can be kept in “cloud storage” like Google Drive or SpiderOak. This means just about anyone can look at the file, but unless they have the password, they won’t be able to unlock it. This is the best option if you’re concerned people won’t find or keep track of a physical object.

Unlocking the password file

  • The fiduciary will then need to be able to decrypt (sometimes called “unlock”) the password file. This person or persons should be someone you trust – see the above section on “Who Should Know About Your Accounts?” You should trust them both to not unlock unless necessary, and to remember/store the password.
  • It is also possible to put your password in escrow, often with the attorney who helps with your estate planning. Be sure to check that they understand the setup and are able to execute on it.
  • For the technically savvy, it is also possible to split your password amongst multiple people, so that no one person might decrypt (or be compelled to decrypt) the password file. Then the trick is for them to be able to be in touch with one another in order to execute the digital estate.

Our lives have changed in the digital age. So, too, will our deaths. Through some careful planning, you can make yourself more secure at the same time you ease the execution of your digital estate – by using a password manager. Those you care about will have an easier time when they are already under duress. After the initial setup, your life should be easier, not harder, with a password manager. You should be able to live your life normally, and have your password manager and a system you trust be kept up to date through its use so when you fail out, your system doesn’t.

The next entry will be a checklist to help you set up and make sure a password manager for your digital assets is working. Let me know if you have any questions! I’d love to improve this blog entry and the checklist.

Why a Password Manager for Estate Planning?

Password managers aren’t just for security and privacy, they can also be useful for digital estate planning. This entry takes us through how to consider setting up “password vault” access in case of emergency and incapacitation. The previous entry went over what a password vault is. This entry covers why a password vault is useful for estate planning. The next will cover how to set up a password manager with estate planning in mind, and the final entry will offer a checklist with extra credit.

We do a lot in digital space these days – manage our bills and banking; socialize, share adventures, get tickets to a show; and store our emails, photos, and videos. All of these actions require accounts (usernames and passwords). Some people use what are called “password managers” to keep track of all those accounts and the associated passwords. There are many resources on how useful password managers are regarding security and privacy which we encourage you to check out if interested (1, 2, 3). But here we’re talking about estate planning. This entry isn’t about just privacy – but how you share to others when appropriate.

When you see friends and family in the physical world, your online accounts are invisible and inaccessible. When a friend or family member sees you on a social platform (like Mastodon or Facebook), or sees your bank name on your screen over your shoulder or on your card at a shared meal, they are unlikely to have access to those accounts, just as they are unlikely to have access to your bank account because they walked into a branch with you one time. That’s the main point of having a password – so your accounts are your accounts.

The password vault maintained by a password manager is a record of your accounts and how to access them. This is valuable for your daily life, and is also a valuable asset for fiduciaries. By carefully choosing with whom and how you share a way to access your password vault, you make your digital life visible and accessible – just like your photo albums and china plates.

Using a password manager can make your accounts visible and accessible not just to you, but also to those you care about when they are closing bank accounts, searching for photos of that one day at the park, and notifying your online hobby group of your passing. The trick is letting the right people know, and limiting their access only until they need that access. The next blog entry will cover how to consider setting up your digital estate with a password manager, and who to involve in the process.

Password Managers for the Non-Technical

Most of the folk who read this blog probably know what a password manager is. You likely even have opinions about what the best one is. The core audience to the Networked Mortality project, however, does not. While any user of technology is impacted by digital estate planning (either because they are doing it or because they are not doing it), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into management and future planning, this first in a series of posts will describe what a password manager is in this context. The following entries will cover how to set up a password manager with estate planning in mind; and a checklist with extra credit.

Many folk (maybe that’s you!) keep passwords in written format, share passwords with a family member, or have the browser remember passwords. These are understandable ways of dealing with your accounts – remembering passwords is hard! But these techniques don’t set you up to succeed for estate planning, nor do they protect you from abuses.

The area of study dedicated to thinking about how computers store and transmit information to authorized and unauthorized users is called Information Security, sometimes abbreviated to “InfoSec.” InfoSec experts have long advocated for “strong” passwords, meaning they should be long, with many strange characters. For instance, “password” is not a good password. “2=7Am8,KI5eOL!3AnvbGHjT” is a great password. But how would anyone remember something like that?!

Luckily, smart people have made something called a Password Manager. There are now many different options available, but they all basically work like this:

  1. You create a vault, which requires one password to lock and unlock.
  2. By unlocking that vault, always with that one password, you can use all the other passwords you usually have access to. You don’t have to remember which password goes to which account – the vault does that for you!

This means that you need to remember one password, and because the program is remembering all the rest of them for you, they can be long and complicated like D7z8~t;adn4VfLqR!LhUzLlix}sSH6H|1 which prevents others from guessing them. It’s like carrying around a bag full of keys. You only have to remember the one bag in order to have all the keys with you.

  1. Then you need to put your current keys into the vault. Each password manager has a clear way to add accounts – often as you use them.
  2. This is also an excellent time to change simple or redundant passwords into complex ones.

Please take a look at some password managers – do a search for “password manager” and read what other folk have to say about them. The next post will take you through thinking about using password managers for estate planning, the following post will include questions to keep in mind while doing so, and a final blog post will offer a checklist and some extra credit.

I’m super happy to answer any questions you have. These blog posts will be further improved upon as people ask questions and point out issues – so every bit of feedback you give helps others.

Password Managers for Estate Planning – primer post

While any user of technology is impacted by digital estate planning (either because they are planning or because they are not planning), few have the technical literacy to manage their digital assets. These skills are necessary to plan for the future of those assets, which is what is then defined in an estate plan. In order to move into digital management and future planning, this Networked Mortality blog series will have several posts on topics such as password managers and digital media assets, which go through this arc of explanation.

We’re going to assume some things about our user base, of which readers of this series are a part, or are supporting someone who is:

  • Low/negative desire to try new technologies, especially when complicated.
  • Interact with one or two devices, which other people likely have access to.
  • Deal with memory loss or other cognitive impairments.
  • Any threats tend to fall within the elder abuse model.

And we’re going to assume some things about our purpose.

  • Autonomy should be advocated for whenever possible.
  • Privacy is important.
  • We should respect an individual’s wishes.
  • Death is a community-centric event.

From this perspective, the first set of blog entries will start tomorrow – using password managers for estate planning. The first will cover what password managers are for this audience (literacy), the second how to adapt or set up a password manager for estate planning (management), a third on how to consider choices to be made when doing that set up (future planning), and finally a checklist with extra credit will be offered for individuals to execute.

Politics and Death

This was co-written with Fin

When Mihi died, we had some problems beyond just the holes in our chests and the salt in our eyes. 0) He was part of many communities – the medical community, the hacker community, the data journalism community, and many more. We wanted to create a site where these communities could come together, which was complicated as we are 1) activists of one flavor or another, and so most of us aren’t on facebook, 2) facebook memorial pages squick us the fuck out anyway1 2, and 3) there aren’t other accessible options out there for collaborative memorial pages3. Continue reading

Networked Mortality


Death is different now. In a time of networks and social media, it’s not just having a song remind you of your deceased loved one anymore, it’s Spotify suggesting you listen to their playlists. It’s scrolling just a bit too far too soon and seeing their last shares on Twitter or Facebook. It’s not just figuring out funerals and atom-based belongings granted through wills (or figuring things out there wasn’t any pre-planning), it’s a faceless mass of internet informing you that your friend has died. It’s not just compiling half-finished scrawled songs and old love notes, it’s debating cracking the password for a laptop full of memories. Because the internet and technology haven’t just changed how we live – it’s changed what happens in death. And we can simply be awash in tragedy in these new ways, or we can use those new connections to show our care and values, even through death.

Today the spontaneity of planning, which makes it possible to search for a place to eat with your incoming friend while already out the door, forms habits making the avoidance of planning for death even easier. But after working through the unexpected deaths of a number of networked friends, I have started explicitly planning for the eventuality of my own death, to ease the burden on others. I’ve set up a living will (detailing things like whether I want to be kept on life support — I don’t), a will (what to do with my corpus and my corpse — open them up and share the contents), and mechanisms for notifying the many communities I inhabit, helping them find each other for support. The compartmentalization of online selves otherwise makes discrete and care-full notifications difficult, and sadly the current viable option is mass broadcast.

Because I’m also from the parts of the internet that care about open access and free software, friends and I have taken my death preparations and formed a guide for the bits of postmortem planning other guides may have missed. Based on ideas from open access and information security, it includes topics like how to deal with passwords, contact lists, plans for account deletion while archiving information, and donating one’s body to science in ways that support open research.

This living documentation is called NetworkedMortality, and I hope it helps others to start thinking about and planning for the inevitable, either privately or in this wiki-based and public place. Just as the internet is about creating, storing, and transmitting knowledge, this guide is about contributing to something larger than the individual. It’s about continuing to build the commons, establishing protocols for death in the digital. The sorrow of death need not also be accompanied by confusion over what intentions would have been or who should know what. Funeral home directors and lawyers have helped guide us through the protocols of death in the better-known world. In this new space those steps are considered by Twitter, Facebook, and Google, but I at least would prefer to trust people I know to deal with my wishes more accurately and with more love. We’ll be hosting a “death drill” to test out these new protocols on December 13th from 2p-5p at the Berkman Center.

Too often, we think only about the short term – this quarter, this school year, this laughably short short life span – when considering how we plan as well as what we build. We must instead intentionally look to the public future, and our responsibility as members of that shared story. We must contribute to freely available knowledge which lasts beyond our brief moments. An unavoidable part of life is death. Let’s care for each other, and hold true to our values, through the entirety. Let’s network our mortality, together.

P.S.
It is possible to speak about death without fear – I hope you can act from this place.  If you are in danger of harming yourself, please get help, rather than indirectly indicating through things like estate planning.