Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Privacy Security

Ask Slashdot: How To Securely Share Passwords? 402

THE_WELL_HUNG_OYSTER writes "My tech-savvy father died suddenly and unexpectedly. He did everything online: bill-pay, banking, eBay sales (and other auction sites), PayPal, investing, etc. When he died, he still had online auctions up for sale, items I had no idea how to fulfill when sold. He still had unprocessed auction refunds, people claiming they returned items and are waiting for a refund. Fortunately, he left Gmail open and logged in when he died, so I was able to configure his account to forward to mine for any future emails he received. He even had his health insurance automatically debited from his checking account (who needs health insurance when they're dead?) I had no way to log into these systems to cancel pending transactions. I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet). Meanwhile, auctions were selling for items I had no idea how to fulfill; debits from his checking account were occurring even though they were irrelevant; etc. You get the idea. How can I share my login credentials with my siblings so they don't have to go through this when I'm gone? I change my passwords every month and never use the same password on more than one site. I don't want my siblings to be able to impersonate me unless I'm dead, so publishing a monthly list to them won't help and would be insecure."
This discussion has been archived. No new comments can be posted.

Ask Slashdot: How To Securely Share Passwords?

Comments Filter:
  • by Anonymous Coward on Tuesday November 01, 2011 @01:03PM (#37909302)
    You'll be dead.
    • by hedwards ( 940851 ) on Tuesday November 01, 2011 @01:21PM (#37909576)

      Yes, but there's plenty of files that I personally want protected against prying eyes while I'm alive, which I wouldn't mind relatives seeing after I've passed. It is private information, but once I'm dead, I do kind of like the idea of people getting to see the areas of my life which were too private for me to be comfortable sharing in life.

      The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them. I think pretty much the only way is to involve an attorney so that you can have attorney client privileges and then have the attorney disclose those after you're dead.

      I don't believe that wills are protected in that way typically, you probably could send it to yourself via the post office, but I'm unsure as to whether subpoenas could force you to open them. Sending them internationally certainly would allow for them to be opened by ICE.

      • The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them

        Unfortunately, there is no such thing. The best thing you can hope for is to force multiple subpoenas to be required i.e. by using a secret sharing system.

        What you probably want is for your attorney to have all but one of the shares, and for a relative or trusted friend to have the last. Thus, the attorney and the relative must work together to recover the secret, and you are protected from a situation in which the attorney might be compromised. Depending on how sensitive your secrets are, you might

        • by peragrin ( 659227 ) on Tuesday November 01, 2011 @01:37PM (#37909804)

          It is easy store a copy of passwords on an ecrypted drive. In your will leave the password . It can't be touched until you die. Update the password with the will. Nothing can legally be touched with your accounts until your estate has been settled. So with the will is perfect.

          • It can't legally be touched until you die

            FTFY. If you have secrets that might be worth using extralegal methods of obtaining, hiding it in a will may not be sufficient. Laws can only go so far in protecting people; sometimes you need to protect yourself.

          • Put the passwords in a sealed envelope known to a few specific family members. Probably near the will. You can tell if it has been accessed... To further the scheme you can let them verbally know that the password is scrambled in some manner such as "Last 4 chars are in reverse order" or similar. The fact it is offline protects it from anything except for direct physical access by someone who already knows it exists and it keeps it under your physical control until you aren't there.
            • by kesuki ( 321456 )

              not secure enough. manually invent(steal) an un cracked encryption, like the cia building cypher. to learn how to do cyphers there are plenty that work out there that can't easily be decrypted without the key(map) to the cypher. then split the key to the cypher to 5 pieces with instructions to collect and decypher in your will etc. this way you can safely generate (in paper) the new passwords every month which get sent to a 6th party that doesn't have access to the disassembled key. i suggest you learn how

            • Re:Think low tech (Score:4, Interesting)

              by green1 ( 322787 ) on Tuesday November 01, 2011 @02:43PM (#37910578)

              My thought is somewhat related, I haven't implemented this yet, but it is on my "to-do list".

              My main plan is to put instructions in an envelope that is sealed near my will. Making sure that familly/friends know where it is. The instructions would direct the person to send a specific code/password to a specific email address on my hosted server. (could also be a private web form or some such) Once recieved the server would send me an email notifying me of the request, and giving me 4 days to cancel it. If I do not reply within 4 days (adjust to suit whatever length of time you think is the longest you could possibly go without finding a net connection while still being alive and well), it would automatically send the information to the original requestor.

              This has the advantages of the sealed envelope where I can detect tampering, but where the information is still easily accessible to those who require it (without them really needing to remember how it all works), but with the added advantage that if I am still alive I can stop the process before any sensitive information is released (in case the original envelope is stolen/otherwise compromised). For added security you could add a list of IPs/email addresses who are authorized to trigger the system (of course that becomes one more thing that you have to remember to keep up to date) and if you are concerned about the security of the server being used, the file being sent back can be encrypted with the decryption information in the original envelope.

              Setting up the scheme is relatively simple/straight forward the harder part is keeping all the data it needs to send back updated so that it is useful once recieved.

              And for those who say "you won't care, you're dead", you're right in that I won't care then, but I do care now what I am going to put my loved ones through, so I'd rather make things as easy for them as I can, they'll be dealling with enough when I die that I don't want to make things any more difficult than they have to be.

          • Don't leave it in your will.

            First, the Will will not be read for a while - sometime weeks - after the death. So if you want something with a quick turn around time (like e-Bay) then don't.

            Second, a Will is a public document - which maans anybody can get ahold of it. Another issue.

            In most cases leaving instructions with your trusted lawyer should be sufficent - unless you are truely paranoid. (and considering this is /. ....)

            • Re:Not your Will (Score:4, Insightful)

              by peragrin ( 659227 ) on Tuesday November 01, 2011 @02:33PM (#37910444)

              Will are only public after you are dead.

              You missed the point that if you die your accounts are frozen as part of your estate. Joint accounts however remain un changed.

              No one is to touch your ebay account even with auctions pending until after the will has been read. That is part of estate law.

        • The key is ultimately to think about it and plan ahead.

          The examples you're using are hardly ones that can't be planned for. The trick is the subpoena, there are few limitations to that power, and if somebody gets a subpoena for your computer they're going to have access to anything which isn't encrypted. They could subpoena any keys that have been recorded on paper without violating ones rights, unless those happen to fall under a relatively small number of categories.

          Ultimately, if you haven't checked in w

        • The solution we've developed to this problem is the use of a password safe such as KeePass by each user and having the Master PW written (hardcopy) stored in both the fire proof safe and our safe deposit boxes. This ensures that private account access remains private until after death and that the information can not be revealed even by subpoena due to the 5th still being applicable while alive.

          To us, the primary benefit is the ability to quickly and safely access those accounts as needed due to the master

    • You'll be dead.

      Okay, Dr. Evazan. No blasters, no blasters!

  • by click2005 ( 921437 ) * on Tuesday November 01, 2011 @01:04PM (#37909318)

    I use KeePass with the Firefox plugin.

    • Re:KeePass (Score:4, Insightful)

      by txoof ( 553270 ) on Tuesday November 01, 2011 @01:35PM (#37909772) Homepage

      KeePass is GREAT. I've talked my mom and wife into using it. My mom simply put the master password in her safe-deposit box and left instructions in her will to allow us access to it. My wife and I simply shared our strong master passwords with each other and stuck them into our respective KeePass DBs.

      It is a bit of a hassle keeping everything up-to-date, but it is well worth the hassle you leave for your loved ones to try and sort out potentially dozens of passwords after you're gone. Just think about how hard it is sometimes to prove that you own an account that you've forgotten the password for. Now multiply that by the fact that you're dead and your loved ones have to prove that you intended for them to get into your accounts.

      Do your family a favor and make it easy for them to find all your passwords in the event that you kick it sudenly.

    • KeyPass is awesome. Let it generate a very long, strong password for every site or purpose you need and you need only remember one password. Save that password in a safe place and give that to your children. I put the db up on Dropbox so I can access my passwords anywhere I can get internet access (and yes I have a strong master password as well).

      Only one caveat for the auto generated passwords. Make sure the site you are generating the password for actually accepts the length password you are generatin
      • Password Safe is another program that will do the job. I can't live without it. Runs well enough in Linux under Wine, too. So I'd echo the recommendation to share your master password with a trusted family member and then store all other accounts & passwords in the KeyPass/Password Safe database. Another thing to watch for on auto-generated passwords is symbols. Some sites won't accept them.
  • Secret Sharing (Score:5, Interesting)

    by betterunixthanunix ( 980855 ) on Tuesday November 01, 2011 @01:04PM (#37909320)
    http://en.wikipedia.org/wiki/Shamir's_Secret_Sharing [wikipedia.org]

    Give shares to relatives and trusted friends.
  • by RollingThunder ( 88952 ) on Tuesday November 01, 2011 @01:04PM (#37909322)

    I don't think it'll be too hard.

    If you keep your passwords securely in a master storage system (IE: KeePass or the like), and keep the master password for that in a physical location that your siblings will be able to get access to in the event of your demise, then they can use that to get access to all the accounts you held.

    Think along the lines of those "snap cards" that were in 1980's cold war movies. The sibs have to break it open to get the master password paper, so you know it continues to be secure. There could even be instructions on the paper along with the password.

    • by ColdWetDog ( 752185 ) on Tuesday November 01, 2011 @01:28PM (#37909666) Homepage

      You may be able to access it but you are likely not able to legally access it.

      The passwords are necessary, but not sufficient.

      Short answer, seek appropriate legal advice. Laws change from place to place and time to time. Your specific requirements may not be generalizable. It might cost you a couple of hundred dollars and might save you thousands.

    • You could just write it on your walls with UV paint and mention it in your will. :)

      • You could just write it on your walls with UV paint and mention it in your will. :)

        That's all good & well...until one of your kids has a trip part at your house & somebody inevitable breaks out the black lights.

      • by xclr8r ( 658786 )
        "I'm Dead Jim" would make a great but extremely insecure final password.
  • Set up a password safe and seal the master password in with your will. Make sure your siblings know how to get access to it.

    This has the additional advantage of preventing you from having to memorize your new passwords.

  • duh? (Score:5, Insightful)

    by Anonymous Coward on Tuesday November 01, 2011 @01:05PM (#37909340)

    Write them down.
    Leave the sheet of paper in your desk drawer, locked if you're paranoid.

    • Re:duh? (Score:5, Funny)

      by davester666 ( 731373 ) on Tuesday November 01, 2011 @01:15PM (#37909496) Journal

      The CIA has a tiny little camera in there, so that's just not safe.

      • > The CIA has a tiny little camera in there, so that's just not safe.

        If the CIA is fucking around in OUR jurisdiction again, we're gonna be really pissed! (Wouldn't be the first time...)

        The FBI

      • by kesuki ( 321456 )

        it's funny -- once you've been paranoid how things like that stop being funny.

        i've seen people rip apart their rooms claiming there are cameras recording them.

        i've been lucky i have only once have had auditory hallucination, though sometimes i vocalize things. the government pays for my drugs and my living costs, which is a good thing. the drugs have mellowed me out a lot. not having to worry about becoming homeless is also nice. but i had to change gears. the government might support me forever, but for t

    • by necro81 ( 917438 )
      In my case the sheet of paper is in a safe deposit box. Only my wife and I can access it, and our survivors (should we both suddenly kick the bucket) have power of attorney. It may not protect against a subpoena, but I am not that concerned.

      The submitter mentions that he changes his passwords monthly. Overkill in my opinion, but I won't fault him for it. Making monthly trips to the brick-and-mortar bank are a bit inconvenient, but hardly the end of the world.
    • Mine are all squiggled on post it notes. (This is also for my own convenience; memory like a sieve, etc.) I think also part of the challenge is just organizing all this information. I know what bills are drawn from my checking account, and my husband does, but anyone else is going to be scratching their heads over some of that stuff.
    • Write them down. Leave the sheet of paper in your desk drawer, locked if you're paranoid. Done.

      Write it on paper but put it in a safe deposit box at a bank. If you are concerned about the delay in getting a death certificate to transfer ownership of the box then make your heir/successor a co-owner of the box.

  • Call them, give in person, or postal mail on a piece of paper.

  • by Wonko the Sane ( 25252 ) * on Tuesday November 01, 2011 @01:06PM (#37909364) Journal
    Using some kind of password manager, either a third-party service or a local application, would make that kind problem easier to solve.
  • by blindbat ( 189141 ) on Tuesday November 01, 2011 @01:06PM (#37909366)

    I keep my passwords in Lastpass (any similar program will do) and then keep the master password in my safe deposit box at the bank.

    I also keep a list of all important accounts and sites (banking, etc.) so that whoever it may concern will be able to know where to find what is important.

    My wife knows this, and she would then be able to access all relevant accounts, as well as know which accounts are important.

  • by AdamJS ( 2466928 ) on Tuesday November 01, 2011 @01:06PM (#37909368)
    Make it a part of your will. Store your passwords in a physical deposit box and have your relatives be given the key upon your death.
    • by AdamJS ( 2466928 )
      That is to say, for passwords that shall remain static. Otherwise you can have a password to a system of passwords that you must constantly update.
    • That's a good idea except for the fact that the execution of the will takes more than a few minutes to execute. Sometimes days, sometimes weeks. The post office and/or banks don't hand over the key fast and easy.

      Best option is to have it held by a law office as a durable power of attorney. You get death certificate, law office hands you the holdings granted to you in the will.

      Of course I don't understand the context of the poster's question; ending/paying auctions and satisfying debt isn't something that

  • Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).
    Alternatively setup a dead man switch.
    Otherwise you have to source trust form somewhere.

    • Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).

      Close, but probably not going to work. You are relying on the availability of each person in the encryption chain, and you need their secret keys to be in a particular order. I am in my mid 20s, and I do not plan on dying for a long time -- people who receive a secret key now might be dead, missing, or otherwise unavailable when I die. Encrypting the secret in every possible order is prohibitively large except for a very small number of parties involved.

      What you really want is called a secret sharin

    • by tibit ( 1762298 )

      Dead man switch: an automatic story post to slashdot?

  • by Anonymous Coward on Tuesday November 01, 2011 @01:06PM (#37909376)

    We had a similar issue when my father passed away. We quickly realized that we could easily pretend to be him, just tell people his SSN and other personal information, and we were able to handle nearly every circumstance. It was an eye opening experience just how easy it is to pretend to be someone else. This was about 7 years ago so things may be different. I assume that you can still get away with it more often than not.

    What we did was get his personal information, spread it out on the table, and then call up the institution. When they asked a question it was a simple matter of looking up the information as necessary.

    • Re: (Score:3, Insightful)

      by dead_user ( 1989356 )
      My bank refuses to talk to me about my wife's account. Even with her sitting next to me telling them it is OK. Now when they ask for Jennifer, I say I'm her, in by best husky voice, provide the last 4 of the SSN, and magically I have full access to her account. I mean come on... I'm a 40 year old guy with an unmistakably male voice. How can they possible accept that I'm Jennifer? They don't give a shit about fraud. They just want to be able to tick their little boxes.
    • My parents still own my *great grandfather's* timeshare condo in his name. When he died my grandmother just took it over as "him" because it seemed easier than going through he whole rigmarole of death certificates, etc. When she died my parents were honestly a little afraid to rock the boat given that the man would be about 100 by now, so they didn't change it either. Someday I expect to pass my children a timeshare on an 110 year old condo theoretically owned by a 160 year old man.

    • Yes, these days, you have to know where he was born, and his mother's maiden name as well. Massively more secure!

      (If you dont know those things, try google).

  • by Jake73 ( 306340 ) on Tuesday November 01, 2011 @01:08PM (#37909394) Homepage

    Place your passwords into a secure repository (like KeePass) and keep it updated. Give the password to the repository and other containers (I keep my KeePass in a TrueCrypt container) to someone you trust to execute when you die. An attorney. A trusted friend. Etc.

    If required, make the password a two-part thing and give each part to different people.

  • Options (Score:5, Interesting)

    by Alter_3d ( 948458 ) on Tuesday November 01, 2011 @01:10PM (#37909428)
    Check this Wikipedia article [wikipedia.org]
    It contains a list of services you can use to "inherit" your personal info when you die.
  • Lastpass - and a sealed envelope with your master password.
    Or, last pass and share passwords you can allow.

    While Last pass is likely to vanish after x years, there will be some similar solution in the future.

    The sealed envelope is pretty good, provided you can leave it somewhere someone else [and not everyone else] can get to it.


  • ...and a place for paper, pen, filesafe, key.
  • Lawyer (Score:4, Interesting)

    by Stormthirst ( 66538 ) on Tuesday November 01, 2011 @01:13PM (#37909478)

    Have a standing arrangement with your lawyer - send him a letter every month with instructions that the letter is only to be opened in the event of your death and to destroy the previous month's letter. The letter of course contains all the passwords and a list of people the list of passwords is to be given to. He'll probably charge you a monthly fee for the service.

    If that's too expensive, I'm sure a PO Box is cheaper, and leave the key with your spouse/siblings.

  • Set up a series of convoluted and ambiguous riddles and puzzles to lead your survivors on a wild adventure to recover your secret code.
  • by vlm ( 69642 )

    There are still a couple uses for a physical bank aside from notary service...

    Rent a tiny bank safe deposit box for about 10 years prepaid. It doesn't cost very much, although I suppose it depends on local competition and your income level... Place copies of relevant documents in safe deposit box. Along with some silver and gold coins, unused but valuable jewelry, etc. Certified copies of birth cert, photocopies of documents like passport, etc.

    Make sure all the details of the deposit box are in your wil

    • by vlm ( 69642 )

      Almost forgot to mention, the smallest (cheapest) deposit boxes are scarcely bigger than a letter envelope... They will not hold a burned CD, or many printed papers. But multiple SD / CF cards will fit. This is a handy way to back up your most valuable / irreplaceable digital files in case the house burns down or whatever.

      • Aren't you forgetting a small detail? Using a dead person's credentials is fraud / computer hacking / some other legal issue. Just because you have the passwords and relevant data, you don't have the legal right to use them. You at least need Power of Attorney. The safe deposit box is a good idea, but it isn't sufficient.

        In short, consult a lawyer. Not Slashdot.

  • I keep all my passwords on my phone in an encrypted database. The people that matter know my master password on that database, but they don't (currently) have physical access to my phone. That will change after I'm gone.

    • as long as you promise to die in a graceful fashion , or leave your phone somewhere else when such grizzly event is going to occur.

  • Use a single email account for the purpose of account and password recovery. Post the account and password on a yellow sticky note and/or will that information somewhere. Then, all they have to do is the "Forgot Password" thing and they will gain access to everything else.

  • My wife and I both have written down our most commonly used passwords including our OSX Keychain passwords. These go into an envelope which has our signatures over the seal and then placed in a lockbox. If someone happened one either/both of us the details on these passwords are in our wills.

  • You could try something like:

    • Keep a list of passwords (I use Emacs + GPG, but there's bound to be something out there that'll work for you if that's not your style)
    • Print out the list monthly (if that really is how often you change passwords)
    • Seal it and put it in a safety deposit box at your local bank
    • Tell everyone "In case of my death, go here for passwords"

    (Alternately, this could be something a lawyer could help with -- something like holding passwords in trust, only to be given up in the event of X, Y,

  • This isn't a difficult problem.

    Print them out and put that piece of paper where you have all the other "if I die" pieces of paper. For example, your will, insurance policies, titles/deeds to any real property.

    For example, a bank safe deposit box or on file with your lawyer if you have one. Just for geek sake, I also have digital scans in PDF form of every one of those pieces of paper. They're burned to a CD and kept in a small fireproof safe in my house.

    In the event of a "bug out" emergency, I grab the smal

  • by 93,000 ( 150453 ) on Tuesday November 01, 2011 @01:22PM (#37909594)

    My mom wanted to get into their Morningstar account and didn't have the password. I called and explained the situation -- basically that her husband was deceased and she needed the password, and I said I'd call on her behalf. What steps do I need to take to get it? The rest of the conversation:

    Operator: "What's the username he has the account under?"
    Me: "Uh, billsmith2222 is the username."
    Operator: "OK, let's see... looks like the password is Sarajane. The 'S' is uppercase."
    Me: -- Stunned silence --- "Thanks?"

    I was glad it went so quick, as I had expected to have to send a death cert and jump through god knows what other hoops, but it freaked me out how casually they gave it to me. I mean, I didn't do anything to verify that I was even any relation to the account. All I had was the username. Obviously someone was new, disgruntled, or just plain stupid, but it worked in my favor for once.

    • by Zmobie ( 2478450 )
      Another disturbing part is the fact that the passwords they have are obviously not hashed...
    • That means they have username and password stored in plaintext. Somebody is gonna hack that database.
      • That means they have username and password stored in plaintext. Somebody is gonna hack that database.

        Hell, it means they are probably transmitting them in clear text. Just sniff the traffic to the website.

    • by uncqual ( 836337 )
      What really freaks me out about this story is that they had the cleartext password. If I could tell, I'd never do online business with an institution that kept my cleartext password anywhere -- salt+hash only thanks (and, no, that's not a breakfast dish).
  • If you really want to be secure, keep an encrypted file with a list of all your passwords and account information. Put the password (or decryption key) in a safe deposit box, and leave instructions in your will on how to access the relevant information.
  • Dead Man's Switch (Score:5, Informative)

    by CapnStank ( 1283176 ) on Tuesday November 01, 2011 @01:26PM (#37909634) Homepage
    I've posted this previously but I keep thinking it deserves merit:

    Dead Man's Switch [deadmansswitch.net]

    Its a project that emails you periodically. If you don't respond it fires off a pre-defined message to a set of individuals you've chosen. Full disclaimer here, I have nothing to do with the project and I have not yet tested it myself but it doesn't seem like a difficult system to set up.... cron job + mail server + port listening app.
  • I heard Matt Yoder talk about a "Death Envelope" on Pauldotcom Security Weekly [pauldotcom.com]. He gave a presentation about it at DefCon. The slides are here [defcon.org].
  • 3 stage affair.
    I have a friend let's call him Andrew whose machine I have a log in to. On that machine is a list of instructions of what to do on my death. Andrew does not know this file is on his machine but knows I use his machine for various random things.
    Another friend called Brian who knows about this file but does not have access to it. To access the file he'd have to contact Andrew who would login as root and therefore be able to read the file and pass it onto Brian..
    As part of these instructions mos

    • Sounds great until Andrew, not knowing the file exists (because he never looked apparently...) reformats his machine or the drive array becomes irrecoverably corrupted before you're able to setup a replacement, or Brian and you are on a camping trip and both die in the same rockslide.
      If you're going to jump through hoops to have your passwords passed on, you should at least make the system more robust.

      • Good point, I kind of assumed I'd have enough time to recover from reformats.
        Also i guess myself and partner have a comparatively high probability of dying in the same accident, again a big weak spot.
        This then leads to a very tangled treasure hunt... I guess you can either have redundancy or security/trust but the combination of the two is difficult.
        Good challenge though; just means I'll have to come up with a more complex scheme ;-)

  • Actually as far as bank accounts go... I don't think you can legally "pretend" to be a dead person by writing checks in their name or logging in to their back account. In any event you need official death certificate plus will papers to access old accounts. My power of attorney papers expired when my parent did. I had to re-access the accounts as the executor of the will. Continuing a business via Ebay or otherwise is probably fine, as you are acting as an agent of the business not impersonating the decease

  • There is a site that will do just that: http://passmywill.com/ [passmywill.com]
  • by Riceballsan ( 816702 ) on Tuesday November 01, 2011 @01:36PM (#37909800)
    Lifehacker recently had an article on a service called "death switch" http://www.deathswitch.com/ [deathswitch.com] Basically it e-mails you asking if you are still alive, if you don't respond back, after 3 e-mails, it sends out the assigned message to who you specified. It does cost $20 a year
  • and keep them locked in your desk. We do this at home. No one can hack our locked desk drawer without physical access. We can still change our passwords and update the information on our pad which happens to be a cheap and small ledger book from the local office supply store.

    No need to make it complicated. It's not that we're that interesting of a target in the first place.

  • Sorry but, "Well_Hung_Oyster"? Seriously? (And the filter made me upcap it, nice huh?)
  • Write down everything you want to share on a piece of paper and seal it in an envelope. Store the envelope with other important documents. Tell your spouse and maybe another family member or close friend of its existence. Every time you update your passwords or other information, shred the old one and make a new one. Envelopes and paper are cheap. If you're extra paranoid, use some method to mark the envelope so you can tell if it has been tampered with, and don't tell anyone.
  • Obfuscate your list and split it into N pieces. Then N relatives have to work together to violate your privacy or steal your money. Maybe keep the Nth piece in your safety deposit box. No messiness with encryption keys that they won't understand anyway.

    Your biggest problem is the monthly password change-up. Your family will probably lose interest in keeping the pieces of random text you send them once a month. Maybe make the old password pieces redeemable for a dime when you give them a new one? Tha
  • he left Gmail open and logged in when he died

    No idea how it is where you live, but where I live it isn't your account to change. Not until somebody else says so.
    I could not even get to the safe where my parents keep their papers if they died or get to the bank accounts till they are assigned to me.

    Why would it be different with online things?

    What _you_ could do is see to it that your will includes all the websites, so the people who inherit whatever you leave behind will be able to do so legally with the he

    • by Arlet ( 29997 )

      Asking a lawyer to change your will every time you sign up for some website sounds like an expensive proposal.

  • Keep a list of updated passwords in your wallet.

    I'm sure someone will go though your wallet when you die.

  • Frankly, if you can't trust your siblings to not impersonate you while you're alive, what makes you think you'll be able to rely on them when you're dead? The tasks you're describing following your farm purchase are typically handled by whoever you name as your executor. Failing that, it's your spouse, your closest relative, or, as a last resort, a disinterested third party referred to as an "administrator of the estate". That person then has the legal authority to demand access to your accounts. It takes t

  • give encrypted files to siblings. give private keys to trusted friend(s).

  • I had a similar situation when I went traveling for a year. I created a message containing all my passwords and xor'ed it with 5 keys. Then set out each unique key to a person I trusted. Here is the code:

      http://pastebin.com/8vtdGeBS [pastebin.com]

  • I went through something like this a couple of years ago when my father passed away. He had online accounts, bills and so on. In most cases you are stuck. Banks are very fussy about executorship and won't help until you get it. And if you access an account after the death date you can get into trouble, so be careful.

    You may be able to get some accounts frozen by sending the death certificate. Banks are generally ok about that.

    As far as the auctions, try calling the customer service line of the auction. I am

  • by DaveGod ( 703167 ) on Tuesday November 01, 2011 @02:22PM (#37910330)

    Condolences for your loss.

    Unfortunately many companies do not have good procedures in place to handle the death of a customer, adding frustration to an already unhappy time. However, it is the good ones who do require the death certificate.

    You need to be executor in order to settle his affairs. These companies asking for death certificates aren't just doing it for their own security purposes. They are legally required to act only on instruction from your father or someone he has expressly authorised them to recognise as an agent (an executor is a form of agent that everyone is obliged to recognise).

    There are many reasons for this. There are related frauds committed against people still alive, and frauds against the deceased. Families squabble a lot over these and related matters so the institutions rightfully want to ensure they deal with the appointed person. Even with the best of intentions, the deceased may have wanted someone specific to settle their affairs and the particular person might not be it.

    As regards you personally, record passwords in an encrypted file, Keypass or whatever, and leave your lawyer with instructions and a sealed envelope containing the password to your encrypted file. Alternately use a safety deposit box, the bank is usually the first place anyone goes with the death certificates and they will advise of the box - however they charge an annual fee.

    More importantly, arrange your will and set who will be executor while you're at your lawyer.

  • Bury the master password in a box. Leave a treasure map in your will.

    Might as well make it fun for someone.

  • A contact is a legal agreement between two parties. Living parties. If an auction ends and the seller is dead, no contract is formed. Whether you can convince ebay of that is a different question.

    The same principle applies to most other contracts: health insurance is automatically terminated, you just have to tell them that it happened. Messing around with the deceased's credentials is not going to solve the problem, unless it is a trivial matter.

    Of course it is worth thinking about those trivial matter

  • 1. Record all your passwords
    2. Place them in an envelope.
    3. Place the envelope in a spaceworthy, superluminal-drive equipped vessel.
    4. Send the vessel close to the event horizon of a black hole
    5. Contract with an organization to send a message (via superluminal communications) to the vessel upon your death, ordering it to enter the black hole
    6. Give your relatives/interested parties the location of the black hole
    7. Have your relatives analyze the Hawking radiation from the black hole to recover the pa

Never buy from a rich salesman. -- Goldenstern