What Happens to My Passwords When I Die?
My friend's father is dying right now. Cancer is killing him slowly, but surely.
It's a painful situation, of course, but since it's a slow death, he's had the opportunity to help his wife transition to a life without him. One of the areas he always managed was the finances, so now she's had to learn how to do them. This was a hard transition, but at least there was a transition. It would have been a much harder for her to learn his system for finances if he died suddenly, like in a car accident.
We're all going to die, of course. And it's certainly not pleasant to think about, but we do need to think about it. You need to think about wills, life insurance, disability, insurance, 401K, etc., but in today's world, there is one more thing to think about; your passwords and online accounts.
It's very likely that your spouse or children don't know what online accounts you have, much less your passwords. If they don't know this information, it could be very difficult (or impossible) for them to access the key information they need. The money in these accounts could be gone forever.
Do your loved ones know your passwords? Do they know which online accounts you have? Could they access your bank accounts? Your PayPal accounts? Your social media accounts? Your email accounts?
So what is the right way to keep your accounts secure, while also passing this information along to them if you die? I've been doing some research on this, because I didn't know myself. Here's what I've learned...
What is your password system?
So I'm going to assume that you have a system in place that allows you to create and manage a long, complicated and unique password for every site you use. If you aren't doing this, you MUST do this right now. This system should be a password manager, a password book or a password algorithm, or a combination of all three.
All three can work, but the password manager is the best solution.
A PASSWORD MANAGER. I've written about this many times before. A password manager is extremely important. A password manager is a software program that generates a strong, unique password for every site you go to, and it stores them in an encrypted way. All you have to remember is your master password, and it will give you access to all of your accounts.
The easiest solution is to use Apple products, and use Apple's built-in password manager called Keychain. I personally would not trust Google's password manager, because I do not trust Google in the slightest.
A couple things to understand about password managers are; your master password should be long and complicated, but it needs to be something that you memorize. Also, you will want to turn on Two-Factor Authentication! You will have to research how to do this for each password manager. I recommend Bitwarden.
A PASSWORD BOOK. By this I mean a physical journal that you use to store all of your passwords in. It is important that you have some sort of off-line way of protecting some key passwords, but don't keep them right next to your computer, and you have to be VERY careful not to lose this book or get it stolen. This is so important, that you may want to have different password books and not keep all of your information in a single location. You may want to, depending upon how valuable your online accounts, use a cypher or look at other old-school ways of protecting information.
A PASSWORD ALGORITHM is another solution. I wrote a detailed article about this here. This kind of solution is Ok, if you are only protecting yourself from random attacks, but if someone wants to specifically target you for some reason, they may be able to figure out your algorithm.
It's not just about your passwords though...
Giving your spouse / heirs access to your accounts is not just about sharing your passwords. You should have Two-Factor Authentication enabled for every important online account you have. This is another layer of protection and it's something that you definitely should do, but it's also another layer of difficulty for your spouse. Two-Factor Authentication is typically tied into your phone, so tell your spouse your phone password, and make sure that they keep your phone number active until all of this is figured out.
Transferring Your Passwords.
So the way you transfer your passwords to your spouse or heirs depends upon the system you are using. You may have a safe deposit box, or you may entrust it to a lawyer for safekeeping.
A PASSWORD MANAGER. An advantage of using a password manager is that if your spouse has access to it, they will know all of your accounts and will have all of the passwords. So all you have to do is give your spouse the master password, right? That should be all they need if they are actually using your computer that you usually use, but if they need to access your password from a different computer, they will need your two-factor authentication code for your password manager. And here's the thing; many password managers, such as BitWarden, are so secure that if you don't know the password or the two factor authentication recovery code, you're SOL, as they say. That means that you are "$#it out of luck". Even the company itself isn't able to recover it.
A PASSWORD BOOK. You'll need to tell your spouse where the book is, how to use it, and if there are any cyphers (secret codes) that you use. Again, you will need to record the recovery passwords for the two-factor authentication.
A PASSWORD ALGORITHM. This should also be stored in a password book that is locked away for safe keeping.
Provide detailed instructions...
It's important that you provide detailed instructions to your spouse. Do you have investments that they don't know about? Do you have a Coinbase" account that they don't know about? Even if you think they know about it, tell them. It's so easy to lose money forever with online accounts.
As a final note, please don't rely upon this article for all of your advice in this regard. Do your own research. I haven't even considered legal or tax considerations in this article, so you need good advice in this regard. My main goal was to make you think about an issue that you've never had to think about before. Because if you don't, your hard earned money may be completely inaccessible to your loved ones.
Here's a real life example of someone who ran a Bitcoin business in Canada and then died without telling the passwords to anyone, and he lost $135 million in his client's Bitcoin (or there is speculation that he faked his death and is living somewhere on a tropical island right now, but I digress).
Please leave your thoughts, comments and questions below.