Contents
The Problem: Death
I’m the designated nerd in my family, so I handle all of our online accounts. To keep them secure, I use randomly generated, unique passwords and two-factor authentication.
But that means that my wife doesn’t know the online logins for our iTunes account, our bank and retirement accounts, our gas company, our cable company, our water and power company, and so on and so on.
What if I died or was suddenly incapacitated? How would she access our accounts?
Requirements
- I need a system that’s secure. I don’t want to weaken all my online accounts just for the off chance that I get hit by a bus.
- I need a system that can outlive my hardware. What if my hypothetical death also destroyed my laptop, tablet, and phone?
- I need a system that can be easily understood by my tech illiterate survivors.
The Solution
Ingredient List
- Dropbox
- Printed or handwritten letter
- Secure physical location (safe, deposit box, etc)
Step One: Put all your passwords in 1Password
1Password is a password management app available for Mac, Windows, and iOS. It saves your passwords in a secure vault with a master password. Instead of having to remember hundreds of weak passwords, you only have to remember one strong password. The app can generate random, unique passwords for all your online accounts, so if a service gets hacked, your other accounts are safe because each has a unique and unguessable password.
Step Two: Put your 1Password vault in Dropbox
1Password can store your secure password vault in your Dropbox account. That means that by leaving detailed instructions and a few key passwords, all of your online account information can be accessed from one simple file.
Step Three: Write a letter explaining how to access your Dropbox account and 1Password vault
The letter should be stored in a secure location like a safe or safety deposit box in a sealed envelope with the date written on it. And you should tell people important to you about the letter and where to find it. If you have a legal will for your estate, you should mention the letter in that will.
Writing the letter is the hardest step. It should include the following information:
- Your email account username and password. If your family needs to reset any of your passwords, they’ll need access to your email.
- Your Dropbox username and password.
- Your 1Password Master Password.
- Your passcode for your cellphone.
- Detailed instructions for how to access the 1Password master vault.
Here is some example text from my own letter.
Accessing a two-factor authentication protected gmail account:
My Gmail account is protected with two-factor authentication. This means you need both my password and the Google Authenticator app on my iPhone in order to access it. If you can’t access my phone, you can use a special one-time only backup code to get into my Gmail account without using the authenticator. Once you log in with a backup code, you should turn off two-factor authentication so that you don’t get locked out of the account.
Accessing Dropbox and 1Password:
My writing as well as an encrypted archive containing all of my online passwords can be found in my Dropbox account.
Inside my Dropbox is a file called 1Password.agilekeychain. This is an encrypted archive that contains all of my passwords, including those for important accounts like my bank account. It can be opened using a program called 1Password which is available at https://agilebits.com/onepassword.
Bonus: List Your Online Assets
Passing on all of your online accounts to your survivors isn’t useful if they don’t know what’s worth saving. At the end of the letter, write down a list of every online asset that’s important or valuable to you. For instance, web domains, online photo storage accounts, and anything you’ve written online and want preserved.
