I think most people are familiar with the notion of creating wills, powers of attorney, trusts and such to manage their physical and financial estate in the event of their incapacitation or demise. Written instructions carry legal weight for your survivors which minimizes uncertainty of ownership and helps keep the vultures from stealing your hard-earned loot from your family. In modern times, there is another factor to consider, your digital estate. What is that?
The days, we may have a large number of online accounts established for banking and other financial institutions, Facebook, Amazon and so forth where a wealth of information about us resides. Some of them may be access to large collections of digital media (books, movies, music, etc). If you cease to be, what happens to all that stuff? To some, it could be just as important as that baseball card collection. But unlike the baseball cards, it's not something you left in boxes at the house. Your successors will need access to all those online treasure troves.
So somehow, you need to leave them a list of accounts along with the usernames, passwords and any second authentication factors. The first, best step is to use a password manager as detailed in previous posts on this blog. This keeps the entire list in one place along with all the supporting information. Unlike the baseball cards, however, this presents some additional challenges.
First, consider that while you're still here, you will be updating this database periodically with new accounts, changed passwords and so forth. So you cannot just put a copy on a CD and put that in a safe or tell the relatives to hang on to it "just in case". It will go stale and some of it may become useless. So you need to document where the latest version should be along with the location of any backups of it. And it is not just the content of the database that may change. Good security practice is to change the master password occasionally. So you cannot just tell them where the file is and hand them a copy of the password even if it is encrypted or otherwise obfuscated.
Second, consider anything that uses two-factor authentication. What are the second factors? Yubikeys, perhaps authenticator apps on your cell phone, some other OTP token and so forth. You can document what to use in the database, but they have to lay hands on it. Where did it go? And if it cannot be found, is there an access recovery procedure that can be followed? Document it. Make sure all relevant information like security questions and answers are documented in the database too.
So the strategy I chose was to establish a second password database whose sole purpose was to hold the master password of the main database. The password for this database is extremely strong as a maximum length, randomly generated string. So I can change the master password of the primary database and just remember to update the secondary database. This secondary database password was printed as part of a letter stored with my estate attorney. If I did want to change this password, it just takes an update to the letter as well. This second database still requires the same second factor of the Yubikey. So I trust the lawyer to a point and if anything untoward happened, he would be the first suspect reported to the police. And he does not possess a copy of either database or the second factor. The family can get this key and with instructions start unraveling the puzzle to get full access to everything. In the event of loss of the Yubikey, there is a separate recovery passcode stored in a separate, secure location (i.e. not even with the lawyer), but documented for the family.
This may all seem a bit extreme or paranoid-ish, but I think it's a reasonable way to leave access without compromising my living, daily use.
No comments:
Post a Comment