After the Bell Tolls For Thee — What Happens After you Die?
Somebody had to Say It
I’ll start this post off with a disclaimer: I am not a lawyer. I strongly advise you to consult a lawyer who specializes in wills and trusts so that when you do shuffle off your mortal coil (in the way, way future) your descendents think of you fondly.
You Don’t Even Have To Be Dead!
All these concerns apply if you become incapacitated, as well.
Or in The US
This is a mostly US-Centric post, so if you do not live in the US or would not be subject to US laws in this area, you’ll need to research the situation where your estate or legal affairs would be managed.
Moving On
If you are in a relationship without a legally settled status where you live or where you have assets, it’s probably even more crucial that you consult an attorney to maximize the chances of the outcome you wish.
The basic advice, though, is more or less the same: When you pass away or become incapacitated, your family/loved ones will need access to your computers and other such devices, as well as websites and information you protected with a password or other security measure.
Given our past discussions here about the state of computer security (not so great) and the number of websites that hold your personal and financial information that your heirs will need to access, what do you do to make that transition as seamless and least costly as possible?
A Bright Spot?
On July 16, 2014, The Uniform Law Commission passed the Uniform Fiduciary Access to Digital Assets Act (UFADAA): Uniform Fiduciary Code.
When this is final, sometime later this year, it will be up to individual States to decide whether to adopt the the measures of this act. So, as you might imagine, you will need to know how to make it easy for your heirs to comply with any applicable legal requirements. With luck, this Act will make it easier. Because right now, wowza.
[D]igital assets may have additional obstacles to overcome that do not apply to traditional types of property. These additional obstacles in the digital world include: (1) passwords; (2) encryption; (3) criminal laws regarding unauthorized access to computers (including the Computer Fraud and Abuse Act); and (4) data privacy laws (including the Stored Communications Act, also known as the Electronic Communications Privacy Act). UFADAA helps fiduciaries address obstacles #1, #3, and #4, but it doesn’t solve obstacle #2—encryption.
Uniform Law Commission Blog Post. Emphasis added.
Whoops!
It might be illegal for you to access certain of a deceased person’s accounts — even if you have the password.
Do You Have Trust Issues?
I have just made my first ever legal joke. Savor it.
//High Five!!//
Here we go: In order to make your digital information available to your heirs, you are going to have to decide who you trust with sensitive information. You will have to put documentation where a grieving person is going to find it in a timely fashion. I don’t think you should make them guess nor should you assume they will find it quickly without you telling them where to look.
If you have encrypted data that your heirs or caretakers will need to decrypt, then you must document somewhere your encryption key and the hashes and then you must make the storage location known and accessible to them. I see no way around this.
If you have made out a will and decided who will have a Power of Attorney, then you will have an easy/easier way to open a conversation with the people who will be managing your estate or affairs.
The Ideal World
Ideally, we should be able to present documentation that proves our right to access someone’s digital account when that person has died or is incapacitated. Once that is right is established, we would then be able to have passwords reset and administer accounts as necessary, subject to any privacy concerns that might still exist.
We do not yet have that world. Therefore, we would be wise to make sure our survivors or legal caretakers have the access they need to deal with your demise or protect your assets while you are not able to.
The Minimum
Document your accounts including:
- user name
- password
- Answers to Security Questions
- Answers to other Challenge/Response questions
Separately document:
- Credentials to the master password/file/document/database
We have previously discussed password managers. If you are using one, then, until such time as the situation is more ideal you are going to have to document the master password with the understanding that someone is going to need to access it.
This is NOT something you should do lightly. This is why you should consult an attorney.
What To Document in Your Digital Life?
NOTE: You may already be thinking, huh. I went and encrypted my hard drive (or other media) so that no government entity or bad actor could snoop on my private business. And now a government entity could just subpoena my future heirs or other representative for the keys? This is quite a potential loophole. If you are in this situation, well, see above, IANAL, but you will need to assess the situation your heirs would be in if they could not access the information. You may need to consult an attorney and get advice on whether leaving that information with an attorney would make the information subject to legal protections not extended to non-attorneys.
In addition to websites generally, document these sorts of website/digital information:
- Banking/finance
- Retirement
- Bitcoins
- Insurance
- Other investment accounts
- Website domains you own or operate
- Domain registrations
- Nuclear launch codes
- Passwords on individual files or directories
- Accounts you manage(d) for others (parents, children, spouse, significant other)
- Information required to access internet connected devices (phones, tablets, etc.)
- If your device access is biometric (eg: fingerprint), have you set up an alternate method of access?
- Access codes/pins
- login credentials to your desktop and/or laptop
- Your encryption key to encrypted media
- Credentials for any virtual machines your devices run
- Your car, if it’s internet enabled
- Access to other devices controlled by digital accounts
Additional Resources
Plan your digital afterlife with Inactive Account Manager — Google
Protect Digital Assets After Your Death — Kiplinger
What happens to your online accounts when you die? We ask Facebook, Twitter, Google and Apple — PC Advisor
I’m sure I haven’t covered everything. What steps have you taken?
Steps I have taken: burying my head in the sand.
I know, I know, this is something I really need to get my head around so I can sort it out. I feel like my financial things are less urgent because although I do have internet banking, it is also accessible directly via a local branch where it can be dealt with without needing to know all my passwords and things. But websites, online accounts, and especially my books… yeah, I need to sort things out so that it’s not such a nightmare for whoever ends up dealing with it.
I too am an ostrich. I have a will and a trust. But all online passwords are in my head. I don’t even know if my DH has a clue about who provides Iinsurance or electricity or how the bills get paid for the main house or the summer house. Scratch that. I know he doesn’t. I’m not sure he even has house keys. Maybe I should write this stuff down and tell him or my mother. Hmmmm. To do list.
I’m setting up my will on Tuesday. This gives me eve more to think about.
Sadly, I have no nuclear launch codes to pass along. I feel so left out :(
After Heart Bleed, I made all my passwords different and more complicated, because I was one of those idiots who duplicated passwords across multiple sites. I started to keep track of all the passwords I use, and it’s insane how many there are. I set up a spreadsheet (secure info handwritten in case of hack) to capture them all, and it’s over 50 passwords I use on a regular basis. Trying to keep track of them all now that I’ve gotten out of the habit of duplicating them is impossible without the notes, and I’m considering using a password keeper. Any suggestions on which one to use? Is there a real value to them beyond aggregating all the logins?
Y’all, also?
You don’t need to die for this stuff to become an issue. I got squished by an RV whose driver fell asleep and spent 5 weeks in the ICU and another 6 months in inpatient last year. To say I was incapacitated is to understate. Significantly understate.
I thought I had my act fairly together, having been one of the executors of a *very* unexpected and ill-prepared estate. Had I died that might’ve been true, but I didn’t (yay!) and so while people could get to my bank account, they couldn’t deal with the utilities or get access to medical records or sign the paperwork that made my health insurance stick around (our HR lady is extraordinary – she got that resolved by sheer force of will) or sort out how the yard guys got paid or figure out which vet took care of the dogs or cancel my subscribe and save stuff (although Amazon customer service was FANTASTIC and went way above and beyond to make that happen). And while all that stuff is relatively petty, my family assures me (at length, and I believe them) that it is no treat to trying to resolve all that stuff while shuttling back and forth between the ICU/hospital and trying to keep their own lives going.
Head in the sand has always been my preferred way, but based on the last year, I advise against it.
@Annie V:
Annie V: Thank you for sharing your story. I’m glad you recovered. As your story proves, we should all be taking care of these things sooner rather than later.
Several years ago, my parents got their will done, along with that came Powers of Attorney and Do Not Resuscitate orders. They elected to give the Power of Attorney to me and to a sibling. This way, there are two of their children who can make decisions on their behalves if they are unable to.
Then we had to have conversation about what they wanted for the end of their lives. My father, in particular, was and is adamant that no extraordinary measures be taken. My mother as well.
I’ve seen the turmoil that happens when someone has not been clear about their wishes and has not put their affairs in order.
@cayenne:
Cayenne: The previous article about security (link in the post) talked about password managers. Several were mentioned in the comments. Given the current state of technology, a password manager is an excellent solution.
In addition to a password manager, I also have my passwords, accounts, software keys, and encryption keys in an encrypted database. I use the one developed by Bruce Schneier (Password Safe). Password Gorilla is a port of that to MacOs. And then I shared the password to the password safe with a sibling as I have also documented my parents account information in it, but also because if something happens to me, I’d like someone to be able to get their hands on that information.
@Ros:
My thought about online banking is this: If something were to happen to you, yes, someone could go to a branch and get things sorted. But, with so many people having on-line bill payments with payments set automatically, in that initial period of grief/shock/dealing with your death or incapacitation, being able to handle your accounts online could be a significantly helpful thing. Automatic payments or just the payees in an account can give clues about what assets and liabilities are where.
@Annie V: Thank you very much for sharing that. You make a really good point. I had been wondering about leaving all my stuff along with my will at the solicitor’s, but actually there are some things that need to be accessible in case of emergency, not necessarily just death. And yay for being alive!
@IAM JSON: Thanks, Jason. I’ll have to think about it all, I guess.
@Ros:
None of this is easy. At all.
@IAM JSON thanks for the link to the previous post & sorry for missing the colossally obvious! In my defence, I’ll say that I hadn’t had enough caffeine :)
A little personal experience on DNRs (do not resuscitates), as a warning.
My elderly and sick father had one, had had many over the years, and that was absolutely what he wanted. However, when he was checked into the hospital for chest pains (many, many times during the last year of his life), during the computer intake, the nurses always asked about whether he wanted all measures taken. He said yes, meaning that he wanted the treatment he had come to the hospital for, but not meaning to overrule the DNR. However, even with the DNR in his medical files – his most recent wishes were “all measures” because he hadn’t understood that his oral answer, which he thought was limited to a specific procedure being approved, overrules the paperwork.
So luckily I figured out the miscommunication and everything was cleared up and they got the computer system (which is what they REALLY use) to match the paperwork and intent – but it took an outsider coming in to determine that everyone was talking at cross-purposes.
Thank you Annie and Anna, for sharing your stories. I’m another one who needs to come up for a better solution to such scenarios. Sigh.
Regarding password managers, I use 1Password and I would absolutely recommend it. It has its quirks, but I love that you can install it on your phones and pads as well as your computer and it will synch between devices. This way, my hubs and I can update it and access it no matter where we are. When he first insisted we use it, I was resistant, and I do find it to be a pain sometimes, but it’s a lot better than trying to use an Excel spreadsheet or using just one password at multiple sites. It has a notes section for each login also, so you can add in any security questions/answers, special keys or other notes and keep them all in one place.