Ask Slashdot: How To Securely Share Passwords? 402
THE_WELL_HUNG_OYSTER writes "My tech-savvy father died suddenly and unexpectedly. He did everything online: bill-pay, banking, eBay sales (and other auction sites), PayPal, investing, etc. When he died, he still had online auctions up for sale, items I had no idea how to fulfill when sold. He still had unprocessed auction refunds, people claiming they returned items and are waiting for a refund. Fortunately, he left Gmail open and logged in when he died, so I was able to configure his account to forward to mine for any future emails he received. He even had his health insurance automatically debited from his checking account (who needs health insurance when they're dead?) I had no way to log into these systems to cancel pending transactions. I called every institution; some were willing to help while others required me to fax/mail death certificates and proof of executorship (which I didn't have yet). Meanwhile, auctions were selling for items I had no idea how to fulfill; debits from his checking account were occurring even though they were irrelevant; etc. You get the idea. How can I share my login credentials with my siblings so they don't have to go through this when I'm gone? I change my passwords every month and never use the same password on more than one site. I don't want my siblings to be able to impersonate me unless I'm dead, so publishing a monthly list to them won't help and would be insecure."
Dont worry about it (Score:5, Insightful)
Re:Dont worry about it (Score:4, Insightful)
Yes, but there's plenty of files that I personally want protected against prying eyes while I'm alive, which I wouldn't mind relatives seeing after I've passed. It is private information, but once I'm dead, I do kind of like the idea of people getting to see the areas of my life which were too private for me to be comfortable sharing in life.
The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them. I think pretty much the only way is to involve an attorney so that you can have attorney client privileges and then have the attorney disclose those after you're dead.
I don't believe that wills are protected in that way typically, you probably could send it to yourself via the post office, but I'm unsure as to whether subpoenas could force you to open them. Sending them internationally certainly would allow for them to be opened by ICE.
Re: (Score:2)
The challenge is finding a way of disclosing those passwords without the possibility of a subpoena getting at them
Unfortunately, there is no such thing. The best thing you can hope for is to force multiple subpoenas to be required i.e. by using a secret sharing system.
What you probably want is for your attorney to have all but one of the shares, and for a relative or trusted friend to have the last. Thus, the attorney and the relative must work together to recover the secret, and you are protected from a situation in which the attorney might be compromised. Depending on how sensitive your secrets are, you might
Re:Dont worry about it (Score:4, Insightful)
It is easy store a copy of passwords on an ecrypted drive. In your will leave the password . It can't be touched until you die. Update the password with the will. Nothing can legally be touched with your accounts until your estate has been settled. So with the will is perfect.
Re: (Score:3)
It can't legally be touched until you die
FTFY. If you have secrets that might be worth using extralegal methods of obtaining, hiding it in a will may not be sufficient. Laws can only go so far in protecting people; sometimes you need to protect yourself.
Think low tech (Score:2)
Re: (Score:3)
not secure enough. manually invent(steal) an un cracked encryption, like the cia building cypher. to learn how to do cyphers there are plenty that work out there that can't easily be decrypted without the key(map) to the cypher. then split the key to the cypher to 5 pieces with instructions to collect and decypher in your will etc. this way you can safely generate (in paper) the new passwords every month which get sent to a 6th party that doesn't have access to the disassembled key. i suggest you learn how
Re:Think low tech (Score:4, Interesting)
My thought is somewhat related, I haven't implemented this yet, but it is on my "to-do list".
My main plan is to put instructions in an envelope that is sealed near my will. Making sure that familly/friends know where it is. The instructions would direct the person to send a specific code/password to a specific email address on my hosted server. (could also be a private web form or some such) Once recieved the server would send me an email notifying me of the request, and giving me 4 days to cancel it. If I do not reply within 4 days (adjust to suit whatever length of time you think is the longest you could possibly go without finding a net connection while still being alive and well), it would automatically send the information to the original requestor.
This has the advantages of the sealed envelope where I can detect tampering, but where the information is still easily accessible to those who require it (without them really needing to remember how it all works), but with the added advantage that if I am still alive I can stop the process before any sensitive information is released (in case the original envelope is stolen/otherwise compromised). For added security you could add a list of IPs/email addresses who are authorized to trigger the system (of course that becomes one more thing that you have to remember to keep up to date) and if you are concerned about the security of the server being used, the file being sent back can be encrypted with the decryption information in the original envelope.
Setting up the scheme is relatively simple/straight forward the harder part is keeping all the data it needs to send back updated so that it is useful once recieved.
And for those who say "you won't care, you're dead", you're right in that I won't care then, but I do care now what I am going to put my loved ones through, so I'd rather make things as easy for them as I can, they'll be dealling with enough when I die that I don't want to make things any more difficult than they have to be.
Not your Will (Score:3)
Don't leave it in your will.
First, the Will will not be read for a while - sometime weeks - after the death. So if you want something with a quick turn around time (like e-Bay) then don't.
Second, a Will is a public document - which maans anybody can get ahold of it. Another issue.
In most cases leaving instructions with your trusted lawyer should be sufficent - unless you are truely paranoid. (and considering this is /. ....)
Re:Not your Will (Score:4, Insightful)
Will are only public after you are dead.
You missed the point that if you die your accounts are frozen as part of your estate. Joint accounts however remain un changed.
No one is to touch your ebay account even with auctions pending until after the will has been read. That is part of estate law.
Re: (Score:2)
The key is ultimately to think about it and plan ahead.
The examples you're using are hardly ones that can't be planned for. The trick is the subpoena, there are few limitations to that power, and if somebody gets a subpoena for your computer they're going to have access to anything which isn't encrypted. They could subpoena any keys that have been recorded on paper without violating ones rights, unless those happen to fall under a relatively small number of categories.
Ultimately, if you haven't checked in w
Re: (Score:2)
The solution we've developed to this problem is the use of a password safe such as KeePass by each user and having the Master PW written (hardcopy) stored in both the fire proof safe and our safe deposit boxes. This ensures that private account access remains private until after death and that the information can not be revealed even by subpoena due to the 5th still being applicable while alive.
To us, the primary benefit is the ability to quickly and safely access those accounts as needed due to the master
Re: (Score:2)
I think the concern is about being forced to reveal what you've written down while still alive.
Re: (Score:2)
Exactly. Once I'm dead, I don't care about that, I would prefer to know that nothing that gets released would harm somebody that I care about, but once I'm dead it won't affect anything other than the memory of me.
My Condolences (Score:2)
On the WELL_HUNG loss.
Snark has its place, but first, have some simple regard for a man who's lost his Father.
"To lose one parent, Mr. Worthing, may be regarded as a misfortune; to lose both looks like carelessness."
-- Lady Augusta Bracknell
Re: (Score:3)
Re: (Score:2)
You'll be dead.
Okay, Dr. Evazan. No blasters, no blasters!
KeePass (Score:3)
I use KeePass with the Firefox plugin.
Re:KeePass (Score:4, Insightful)
KeePass is GREAT. I've talked my mom and wife into using it. My mom simply put the master password in her safe-deposit box and left instructions in her will to allow us access to it. My wife and I simply shared our strong master passwords with each other and stuck them into our respective KeePass DBs.
It is a bit of a hassle keeping everything up-to-date, but it is well worth the hassle you leave for your loved ones to try and sort out potentially dozens of passwords after you're gone. Just think about how hard it is sometimes to prove that you own an account that you've forgotten the password for. Now multiply that by the fact that you're dead and your loved ones have to prove that you intended for them to get into your accounts.
Do your family a favor and make it easy for them to find all your passwords in the event that you kick it sudenly.
Re: (Score:2)
Only one caveat for the auto generated passwords. Make sure the site you are generating the password for actually accepts the length password you are generatin
Re: (Score:2)
Secret Sharing (Score:5, Interesting)
Give shares to relatives and trusted friends.
Keys to the kingdom (Score:3)
I don't think it'll be too hard.
If you keep your passwords securely in a master storage system (IE: KeePass or the like), and keep the master password for that in a physical location that your siblings will be able to get access to in the event of your demise, then they can use that to get access to all the accounts you held.
Think along the lines of those "snap cards" that were in 1980's cold war movies. The sibs have to break it open to get the master password paper, so you know it continues to be secure. There could even be instructions on the paper along with the password.
Re:Keys to the kingdom (Score:4, Insightful)
You may be able to access it but you are likely not able to legally access it.
The passwords are necessary, but not sufficient.
Short answer, seek appropriate legal advice. Laws change from place to place and time to time. Your specific requirements may not be generalizable. It might cost you a couple of hundred dollars and might save you thousands.
Re: (Score:2)
You could just write it on your walls with UV paint and mention it in your will. :)
Re: (Score:2)
You could just write it on your walls with UV paint and mention it in your will. :)
That's all good & well...until one of your kids has a trip part at your house & somebody inevitable breaks out the black lights.
Re: (Score:2)
Re: (Score:2)
> I gave the master password to my wife right before I went into
> surgery earlier this year. Luckily she didn't need it!
1/\/3vERre@LLyl0VedUANYw@Y!?:-P
Password safe (Score:2)
Set up a password safe and seal the master password in with your will. Make sure your siblings know how to get access to it.
This has the additional advantage of preventing you from having to memorize your new passwords.
duh? (Score:5, Insightful)
Write them down.
Leave the sheet of paper in your desk drawer, locked if you're paranoid.
Done.
Re:duh? (Score:5, Funny)
The CIA has a tiny little camera in there, so that's just not safe.
Re: (Score:2)
> The CIA has a tiny little camera in there, so that's just not safe.
If the CIA is fucking around in OUR jurisdiction again, we're gonna be really pissed! (Wouldn't be the first time...)
The FBI
Re: (Score:3)
it's funny -- once you've been paranoid how things like that stop being funny.
i've seen people rip apart their rooms claiming there are cameras recording them.
i've been lucky i have only once have had auditory hallucination, though sometimes i vocalize things. the government pays for my drugs and my living costs, which is a good thing. the drugs have mellowed me out a lot. not having to worry about becoming homeless is also nice. but i had to change gears. the government might support me forever, but for t
Re: (Score:2)
The submitter mentions that he changes his passwords monthly. Overkill in my opinion, but I won't fault him for it. Making monthly trips to the brick-and-mortar bank are a bit inconvenient, but hardly the end of the world.
Re: (Score:2)
Safe deposit box (Score:2)
Write them down. Leave the sheet of paper in your desk drawer, locked if you're paranoid. Done.
Write it on paper but put it in a safe deposit box at a bank. If you are concerned about the delay in getting a death certificate to transfer ownership of the box then make your heir/successor a co-owner of the box.
By telephone or in person (Score:2)
Call them, give in person, or postal mail on a piece of paper.
LastPass (Score:3)
Lastpass and safebox (Score:3)
I keep my passwords in Lastpass (any similar program will do) and then keep the master password in my safe deposit box at the bank.
I also keep a list of all important accounts and sites (banking, etc.) so that whoever it may concern will be able to know where to find what is important.
My wife knows this, and she would then be able to access all relevant accounts, as well as know which accounts are important.
Well, the solution is obvious (Score:3)
Re: (Score:2)
Re: (Score:3)
That's a good idea except for the fact that the execution of the will takes more than a few minutes to execute. Sometimes days, sometimes weeks. The post office and/or banks don't hand over the key fast and easy.
Best option is to have it held by a law office as a durable power of attorney. You get death certificate, law office hands you the holdings granted to you in the will.
Of course I don't understand the context of the poster's question; ending/paying auctions and satisfying debt isn't something that
Encription (Score:2)
Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).
Alternatively setup a dead man switch.
Otherwise you have to source trust form somewhere.
Re: (Score:2)
Simplest solution is to encrypt the list with multiple keys (so they at least have to collaborate).
Close, but probably not going to work. You are relying on the availability of each person in the encryption chain, and you need their secret keys to be in a particular order. I am in my mid 20s, and I do not plan on dying for a long time -- people who receive a secret key now might be dead, missing, or otherwise unavailable when I die. Encrypting the secret in every possible order is prohibitively large except for a very small number of parties involved.
What you really want is called a secret sharin
Re: (Score:2)
Dead man switch: an automatic story post to slashdot?
We had similar problems (Score:5, Informative)
We had a similar issue when my father passed away. We quickly realized that we could easily pretend to be him, just tell people his SSN and other personal information, and we were able to handle nearly every circumstance. It was an eye opening experience just how easy it is to pretend to be someone else. This was about 7 years ago so things may be different. I assume that you can still get away with it more often than not.
What we did was get his personal information, spread it out on the table, and then call up the institution. When they asked a question it was a simple matter of looking up the information as necessary.
Re: (Score:3, Insightful)
Re: (Score:2)
Peggy is a man in the Ukraine, I see no reason why you can't be a Jennifer.
Re: (Score:3)
My parents still own my *great grandfather's* timeshare condo in his name. When he died my grandmother just took it over as "him" because it seemed easier than going through he whole rigmarole of death certificates, etc. When she died my parents were honestly a little afraid to rock the boat given that the man would be about 100 by now, so they didn't change it either. Someday I expect to pass my children a timeshare on an 110 year old condo theoretically owned by a 160 year old man.
Re: (Score:2)
(If you dont know those things, try google).
Secure password storage and an attorney (Score:5, Insightful)
Place your passwords into a secure repository (like KeePass) and keep it updated. Give the password to the repository and other containers (I keep my KeePass in a TrueCrypt container) to someone you trust to execute when you die. An attorney. A trusted friend. Etc.
If required, make the password a two-part thing and give each part to different people.
Re: (Score:2)
For extra paranoia, seal the envelope containing your master password with tamper-evident tape.
Think through whether changing passwords every month is a good idea. I could give you my opinion but Bruce Schneier published a brief analysis on the subject:
http://www.schneier.com/blog/archives/2010/11/changing_passwo.html [schneier.com]
Options (Score:5, Interesting)
It contains a list of services you can use to "inherit" your personal info when you die.
Lastpass and sealed envelope (Score:2)
Lastpass - and a sealed envelope with your master password.
Or, last pass and share passwords you can allow.
While Last pass is likely to vanish after x years, there will be some similar solution in the future.
The sealed envelope is pretty good, provided you can leave it somewhere someone else [and not everyone else] can get to it.
-Greg
Meatspace is for the living... (Score:2)
Lawyer (Score:4, Interesting)
Have a standing arrangement with your lawyer - send him a letter every month with instructions that the letter is only to be opened in the event of your death and to destroy the previous month's letter. The letter of course contains all the passwords and a list of people the list of passwords is to be given to. He'll probably charge you a monthly fee for the service.
If that's too expensive, I'm sure a PO Box is cheaper, and leave the key with your spouse/siblings.
Dan Brown It (Score:2, Funny)
Obvious (Score:2)
There are still a couple uses for a physical bank aside from notary service...
Rent a tiny bank safe deposit box for about 10 years prepaid. It doesn't cost very much, although I suppose it depends on local competition and your income level... Place copies of relevant documents in safe deposit box. Along with some silver and gold coins, unused but valuable jewelry, etc. Certified copies of birth cert, photocopies of documents like passport, etc.
Make sure all the details of the deposit box are in your wil
Re: (Score:2)
Almost forgot to mention, the smallest (cheapest) deposit boxes are scarcely bigger than a letter envelope... They will not hold a burned CD, or many printed papers. But multiple SD / CF cards will fit. This is a handy way to back up your most valuable / irreplaceable digital files in case the house burns down or whatever.
Re: (Score:2)
Aren't you forgetting a small detail? Using a dead person's credentials is fraud / computer hacking / some other legal issue. Just because you have the passwords and relevant data, you don't have the legal right to use them. You at least need Power of Attorney. The safe deposit box is a good idea, but it isn't sufficient.
In short, consult a lawyer. Not Slashdot.
Encrypted database on physical device (Score:2)
I keep all my passwords on my phone in an encrypted database. The people that matter know my master password on that database, but they don't (currently) have physical access to my phone. That will change after I'm gone.
Re: (Score:2)
as long as you promise to die in a graceful fashion , or leave your phone somewhere else when such grizzly event is going to occur.
Use an email account for password recovery (Score:2)
Use a single email account for the purpose of account and password recovery. Post the account and password on a yellow sticky note and/or will that information somewhere. Then, all they have to do is the "Forgot Password" thing and they will gain access to everything else.
Write them down and lock them up (Score:2)
My wife and I both have written down our most commonly used passwords including our OSX Keychain passwords. These go into an envelope which has our signatures over the seal and then placed in a lockbox. If someone happened one either/both of us the details on these passwords are in our wills.
Safety deposit box (Score:2)
You could try something like:
(Alternately, this could be something a lawyer could help with -- something like holding passwords in trust, only to be given up in the event of X, Y,
You're making it too hard. (Score:2)
This isn't a difficult problem.
Print them out and put that piece of paper where you have all the other "if I die" pieces of paper. For example, your will, insurance policies, titles/deeds to any real property.
For example, a bank safe deposit box or on file with your lawyer if you have one. Just for geek sake, I also have digital scans in PDF form of every one of those pieces of paper. They're burned to a CD and kept in a small fireproof safe in my house.
In the event of a "bug out" emergency, I grab the smal
My father died a few years ago - Morningstar (Score:5, Informative)
My mom wanted to get into their Morningstar account and didn't have the password. I called and explained the situation -- basically that her husband was deceased and she needed the password, and I said I'd call on her behalf. What steps do I need to take to get it? The rest of the conversation:
Operator: "What's the username he has the account under?"
Me: "Uh, billsmith2222 is the username."
Operator: "OK, let's see... looks like the password is Sarajane. The 'S' is uppercase."
Me: -- Stunned silence --- "Thanks?"
I was glad it went so quick, as I had expected to have to send a death cert and jump through god knows what other hoops, but it freaked me out how casually they gave it to me. I mean, I didn't do anything to verify that I was even any relation to the account. All I had was the username. Obviously someone was new, disgruntled, or just plain stupid, but it worked in my favor for once.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
That means they have username and password stored in plaintext. Somebody is gonna hack that database.
Hell, it means they are probably transmitting them in clear text. Just sniff the traffic to the website.
Re: (Score:2)
Safe deposit box (Score:2)
Dead Man's Switch (Score:5, Informative)
Dead Man's Switch [deadmansswitch.net]
Its a project that emails you periodically. If you don't respond it fires off a pre-defined message to a set of individuals you've chosen. Full disclaimer here, I have nothing to do with the project and I have not yet tested it myself but it doesn't seem like a difficult system to set up.... cron job + mail server + port listening app.
Death Envelope (Score:2)
How i do it: (Score:2)
3 stage affair.
I have a friend let's call him Andrew whose machine I have a log in to. On that machine is a list of instructions of what to do on my death. Andrew does not know this file is on his machine but knows I use his machine for various random things.
Another friend called Brian who knows about this file but does not have access to it. To access the file he'd have to contact Andrew who would login as root and therefore be able to read the file and pass it onto Brian..
As part of these instructions mos
Re: (Score:2)
Sounds great until Andrew, not knowing the file exists (because he never looked apparently...) reformats his machine or the drive array becomes irrecoverably corrupted before you're able to setup a replacement, or Brian and you are on a camping trip and both die in the same rockslide.
If you're going to jump through hoops to have your passwords passed on, you should at least make the system more robust.
Re: (Score:2)
Good point, I kind of assumed I'd have enough time to recover from reformats. ;-)
Also i guess myself and partner have a comparatively high probability of dying in the same accident, again a big weak spot.
This then leads to a very tangled treasure hunt... I guess you can either have redundancy or security/trust but the combination of the two is difficult.
Good challenge though; just means I'll have to come up with a more complex scheme
I ANAL (Score:2)
Actually as far as bank accounts go... I don't think you can legally "pretend" to be a dead person by writing checks in their name or logging in to their back account. In any event you need official death certificate plus will papers to access old accounts. My power of attorney papers expired when my parent did. I had to re-access the accounts as the executor of the will. Continuing a business via Ebay or otherwise is probably fine, as you are acting as an agent of the business not impersonating the decease
passmywill.com (Score:2)
There is a service for that (Score:5, Interesting)
Write it down... (Score:2)
and keep them locked in your desk. We do this at home. No one can hack our locked desk drawer without physical access. We can still change our passwords and update the information on our pad which happens to be a cheap and small ledger book from the local office supply store.
No need to make it complicated. It's not that we're that interesting of a target in the first place.
Meanwhile (Score:2)
"do not open until death" envelope (Score:2)
Obfuscate and split (Score:2)
Your biggest problem is the monthly password change-up. Your family will probably lose interest in keeping the pieces of random text you send them once a month. Maybe make the old password pieces redeemable for a dime when you give them a new one? Tha
Re: (Score:2)
Re: (Score:2)
Asking a lawyer to change your will every time you sign up for some website sounds like an expensive proposal.
Don't over think it. (Score:2)
Keep a list of updated passwords in your wallet.
I'm sure someone will go though your wallet when you die.
Sounds like you've got bigger problems (Score:2)
Frankly, if you can't trust your siblings to not impersonate you while you're alive, what makes you think you'll be able to rely on them when you're dead? The tasks you're describing following your farm purchase are typically handled by whoever you name as your executor. Failing that, it's your spouse, your closest relative, or, as a last resort, a disinterested third party referred to as an "administrator of the estate". That person then has the legal authority to demand access to your accounts. It takes t
gnupg it (Score:2)
give encrypted files to siblings. give private keys to trusted friend(s).
Use a multiple XORED key (Score:2)
I had a similar situation when I went traveling for a year. I created a message containing all my passwords and xor'ed it with 5 keys. Then set out each unique key to a person I trusted. Here is the code:
http://pastebin.com/8vtdGeBS [pastebin.com]
How to handle this (Score:2)
I went through something like this a couple of years ago when my father passed away. He had online accounts, bills and so on. In most cases you are stuck. Banks are very fussy about executorship and won't help until you get it. And if you access an account after the death date you can get into trouble, so be careful.
You may be able to get some accounts frozen by sending the death certificate. Banks are generally ok about that.
As far as the auctions, try calling the customer service line of the auction. I am
Password to encrypted file (Score:5, Informative)
Condolences for your loss.
Unfortunately many companies do not have good procedures in place to handle the death of a customer, adding frustration to an already unhappy time. However, it is the good ones who do require the death certificate.
You need to be executor in order to settle his affairs. These companies asking for death certificates aren't just doing it for their own security purposes. They are legally required to act only on instruction from your father or someone he has expressly authorised them to recognise as an agent (an executor is a form of agent that everyone is obliged to recognise).
There are many reasons for this. There are related frauds committed against people still alive, and frauds against the deceased. Families squabble a lot over these and related matters so the institutions rightfully want to ensure they deal with the appointed person. Even with the best of intentions, the deceased may have wanted someone specific to settle their affairs and the particular person might not be it.
As regards you personally, record passwords in an encrypted file, Keypass or whatever, and leave your lawyer with instructions and a sealed envelope containing the password to your encrypted file. Alternately use a safety deposit box, the bank is usually the first place anyone goes with the death certificates and they will advise of the box - however they charge an annual fee.
More importantly, arrange your will and set who will be executor while you're at your lawyer.
Treasure Map (Score:2)
Bury the master password in a box. Leave a treasure map in your will.
Might as well make it fun for someone.
Do it properly (Score:2)
A contact is a legal agreement between two parties. Living parties. If an auction ends and the seller is dead, no contract is formed. Whether you can convince ebay of that is a different question.
The same principle applies to most other contracts: health insurance is automatically terminated, you just have to tell them that it happened. Messing around with the deceased's credentials is not going to solve the problem, unless it is a trivial matter.
Of course it is worth thinking about those trivial matter
It's Quite Simple (Score:2)
1. Record all your passwords
2. Place them in an envelope.
3. Place the envelope in a spaceworthy, superluminal-drive equipped vessel.
4. Send the vessel close to the event horizon of a black hole
5. Contract with an organization to send a message (via superluminal communications) to the vessel upon your death, ordering it to enter the black hole
6. Give your relatives/interested parties the location of the black hole
7. Have your relatives analyze the Hawking radiation from the black hole to recover the pa
Re: (Score:2)
Sure you can securely share it. It's not ideal, but you can ensure that the password is only available to those people. If they then share it with other people, that's a completely separate issue.
Fire/water-proof safe. . . (Score:2)
If you're going to keep your passwords, or a master password, in the house, then you probably should invest in a fireproof, waterproof safe and keep it in there. Otherwise there's a small, but not-zero, chance, that if the reason you die is a fire or flood, the password might be lost with you.
I'm thinking I'm going to keep a local copy in a safe, and maybe give a copy to an estate lawyer or something to hold in trust until I die. That way, hopefully one of the two copies will survive.
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
Yea, buy an IronKey, that way you know everyone will be able to get your data out after you die regardless of your password!
Seriously? Mentioning IronKey on slashdot? It can be exploited 18 different ways to Sunday, as has been posted here on MANY occasions.