Is It Safe To Share The Password To Your Bank Account With An App?

Preserve and Protect your Digital Assets Through Digital Estate Planning with Stephen P Stewart, Esq.

The average American owns 90 online accounts and likely has no idea what happens to these assets when he/she dies. You can protect & preserve your digital assets through digital estate planning.

(firmenpresse) – [Digital Estate Planning](https://digitalestateplanning.com) is new legal frontier in estate planning and estate administration due to the mass proliferation of computers, smartphones, tablets, apps and online accounts like banking, investment, photos, cloud drives and more.

Did you know that you have a digital estate? You may think you dont, but if you are reading this blog you probably do. What is your digital estate? Similar to your traditional estate, your digital estate is comprised of the digital assets you own. Take a look at the following categories of digital assets which are considered in any comprehensive [digital estate plan](https://stephenpstewartlaw.com/digital-estate-planning/):

1. Hardware: computers, external hard drives or flash drives, tablets, smartphones, digital music players, e-readers, digital cameras, and other digital devices that can be used to store date electronically

2. Data: Any information or data that is stored electronically, whether stored online, in the cloud, or on a physical device

3. Online Accounts: email and communications accounts, social media accounts, shopping accounts, money and credit accounts such as PayPal, bank accounts, loyalty rewards accounts, photo and video sharing accounts, video gaming accounts, online storage accounts, and websites and blogs that you may manage, including any content you’ve posted to those sites, any communication and correspondence made through and stored on those sites, your personal information, credit card information, purchase and browsing history and any credit you may have and the information necessary to access those accounts.

4. Domain names

5. Intellectual property: including copyrighted materials, trademarks, and any code you may have written and own.

How many of these assets do you own? What happens to your digital estate? These are common questions that many people have as they begin to think about the implications of how many digital assets or online accounts they actually own and how many of them actually contain really important data or files.

The average American owns 90 online accounts and likely has no idea what happens to these assets when he or she dies. Do you? If not, dont feel bad. This is a very hard question to answer because the answer depends on several things, including:

1. Federal Law: The Electronic Communications Privacy Act (the ECPA), as amended, specifically, 18 U.S.C. §2702. The ECPA governs the voluntary disclosure of stored electronic content to third parties other than the owner by custodians of the electronic content. The rules are complex and there are different standards and requirements depending on, among other things, the nature of stored data and whether the account holder was the recipient or sender of the electronic communication.

2. State Law – The North Carolina Revised Uniform Fiduciary Access to Digital Assets Act (the NC Act). The NC Act prescribes rules and procedures by which fiduciaries such as executors and agents under powers of attorney may access stored electronic communications and content within the limits and rules prescribed by the ECPA.

3. The Terms of Service Agreement for each online account, such as Facebook, Google, and Yahoo!, have specific procedures for handling your account upon your incapacity or death and vary greatly in their flexibility, ease of use and degree of access granted to third parties, such as executors and agents under powers of attorney. For example, Google provides an Inactive Account Manager tool which allows you to designate persons to receive notice and/or access your stored content after a specified period of inactivity. You can also direct that the stored content be deleted. Other providers such as Apple and Yahoo provide that neither the account nor the stored content is transferrable at death. Rather, the account will be closed and the content deleted once they are notified of the death of the account holder.

How do you plan for your digital estate with so many variables and different providers?

Having established that (1) you have a digital estate; and (2) the rules governing your digital estate are complex, what do you do?

1. List all of your digital assets and how to access each and every one.

2. Decide what you want done with each digital asset you own, including whether they should be deleted, archived, or transferred to specific persons, such as family members or business partners.

3. Determine who you want to be responsible for managing and transferring your digital estate.

4. Determine what will be required to transfer, close, delete or otherwise manage your digital assets in each account. You should also provide for access to all devices such as computers, tablets and smartphones on which digital content is stored.

5. Consult with a qualified estate planning professional to formalize your digital estate plan and/or coordinate it with your traditional estate plan. In order to take advantage of some of the protections offered by state law such as the NC Act, you must include specific language in a will, trust, power of attorney or other document. TIP: Do not include usernames and passwords in a will, power of attorney or other document that may become part of the public record.

6. Store this information in a secure, but accessible place.

7. Review and update this information regularly.

In order to ensure that your digital assets are properly managed and preserved in the event of your incapacity or death, you need to make special advanced arrangements so your executor, trustee or agent will know what to do and will have the legal authority to do it. If you fail to properly plan for your digital estate, your loved ones will have a difficult time accessing your digital assets and, in some cases, access to accounts will be terminated and all digital content lost. Be proactive. Plan now. Get help.

What happens to your online accounts when you die?

What happens to your online accounts when you die?

BSides Manchester What happens to the numerous user logins you’ve accumulated after you die or become too infirm to manipulate a keyboard?

Some people have a plan, the digital equivalent of living will, or have chosen “family” option in a password management package such as LastPass or have entrusted a book of passwords to a family member.

But the consequences of doing nothing are not as neutral as some might expect and were spelled out during an informative presentation by Chris Boyd of Malwarebyes at BSides in Manchester on Thursday. The presentation, cheerily titled “The digital entropy of death”, covered what could happen to your carefully curated online presence after you log off.

Chris Boyd at BSides - Pic by John Leyden
The dormant accounts of the deceased can be abused, warns Malwarebytes’ Chris Boyd. Pic: John Leyden

Miscreants are already targeting obviously abandoned profiles. Boyd explained that in some cases it’s easier for fraudsters to gain hold of these accounts than the account-holders’ relatives, because crooks know the systems better and controls – although present – are often deeply embedded on the sites such as Facebook, Twitter et al.

Alongside regular postings asking for help on Facebook due to compromise of dead people’s logins (examples here and here) there’s also the problem of “cloning”.

“Facebook users have reported receiving friend requests from accounts associated with dead friends and family members,” The Independent reports. “Such requests appear to be the result of cloning or hacking scams that see criminals try [to] add people on the site, and then use that friendship as a way of stealing money from them or running other cons.”

Social media accounts are, of course, just the tip of the iceberg. Most people these days run 100+ accounts, as figures from password management software apps show. These figures are only increasing over time. Some sites are managing the inevitability of their users shuffling off this mortal coil with features designed to deactivate accounts after months of inactivity or other features, Boyd explained in a recent blog post:

Many sites now offer a way for relatives and executors to memorialise, or just delete, an account. In other circumstances, services would rather you ‘self-manage’ and plan ahead for your own demise (cheerful!) by setting a ticking timer. If the account is inactive for the specified length of time, then into the great digital ether it goes.

While a lot of services don’t openly advertise what to do in the event of a death on their website, they will give advice should you contact them, whether social network, email service, or web host. When there’s no option available, though, people will forge their own path and take care of their so-called ‘digital estate planning’ themselves.

Users would be ill-advised to leave everything to their next of kin. “Do some pre-handover diligence, and take some time to ensure everything is locked down tight,” Boyd explained. “If there’s anything hugely important you need them to know, tell them in advance.”

People may have bought digital purchases tied to certain platforms. Games on Steam, or music on iTunes or Spotify.

“Legally, when you go, so do your files (in as much as anything you can’t download and keep locally is gone forever),” Boyd explained. “That’s because you’re buying into a licence to use a thing, as opposed to buying the thing itself.”

Here’s a video of his presentation, if you want to see more…

There’s nothing stopping someone from passing on a login to a family member so they can continue to make use of all the purchased content, at least for now. Boyd predicted that at some point, all of our digital accounts tied to financial purchases will have some sort of average human lifespan timer attached to them.

Millennials mark the first generation not to know life before an always-on, everywhere internet, which will become the norm from now on. “Younger generations absolutely will demand reforms to the way we think about digital content, ownership, and inheritance,” Boyd concluded. ®

As well as the inevitable rise and fall of social media site (e.g. MySpace), and web 2.0 services there is also the issue of link rot, the phenomenon of more and more URLs not working over time. This issue is covered by Boyd in another recent blog post here.

Dealing with your digital estate

Dealing with your digital estate

 

My dad is one of those people who refuses to touch a computer and loves his old flip-style “dumb” phone. If you’re like my dad, you can probably skip this article. But if you’re someone who uses a computer, smartphone, or any other type of electronic device, please read on.

When thinking about estate planning, it’s easy to overlook your digital life. By addressing this issue now, you can help your family after you’re gone by allowing them to more easily locate contact information for your friends and colleagues, locate and access your online accounts so that they can be closed and any property in them distributed appropriately, and locate any important information (such as family photographs) that you have stored on digital devices.

Putting a plan in place to deal with all of your digital devices and accounts can feel overwhelming. To help make it a bit more manageable, I suggest breaking the task into the following steps: (1) make a list; (2) decide what you want done; (3) choose someone to be in charge; and (4) store this information securely.

Make a list – For most people, this will be the most time-consuming step. One way to attack this is to divide your digital assets into categories. For example, categories could include hardware (like computers, external hard drives, flash/thumb/USB drives, tablets, smartphones, e-readers, digital music players, and digital cameras), online financial accounts (like banking, credit cards, PayPal, frequent flier miles, insurance, retirement plans, stocks, and brokerage accounts), email and social media (like Yahoo, Gmail, Facebook, Instagram, and LinkedIn), online storage sites (like iCloud, DropBox, or Flickr), and any websites/URLs or blogs you own or manage. At a minimum, include all user names and passwords. Also, it’s a good idea to list any recurring payments you have set up through your bank accounts or credit cards, like utilities, insurance premiums, tuition, or loans. Be sure to update your list as you add or delete accounts or change passwords.

Decide what you want done – Once you know what your digital assets are, you can decide how you want to deal with them. First, as you make your list, if you find that you have any accounts that you don’t use any more, close or delete them now so your loved ones have less to deal with later. Next, for your online accounts, especially social media, check the policies for each site. Some sites, like Facebook, Google, and Instagram, give you options for how you’d like your account handled after your death. For many other sites, the only option is for someone to contact the site after your death. For digital photos or other electronic files on your devices (like original music or videos, recipes, or letters or stories you’ve written), write a letter of instruction for how these assets should be handled and keep the letter with your will and other estate planning documents.

Choose someone to be in charge – If you have a will (and if you don’t, get one!), you’ve already chosen someone to be in charge of managing your estate after you die. In Indiana, this person is called your personal representative. However, your personal representative might not be digitally savvy (like my dad) and therefore not the best person to handle your digital estate, so you may want to name someone else to deal with your digital assets. Also, although Indiana law gives personal representatives some authority over digital accounts, some companies may be reluctant to deal with anyone unless your will specifically authorizes them to access your accounts.

Store this information securely – There are many different ways that you can securely store information related to your digital assets. For example, there are dozens of “password manager” and “online vault” websites and smartphone apps that will let you store your passwords. Generally how these sites/apps work is that you create one master password for the site/app that then allows you (or your digital personal representative to whom you’ve given your master password) to access your list of other passwords. The websites/apps can vary greatly in regards to features and price (there are some good free ones), so be sure to do your research if you go this route. If you prefer something more traditional, options such as a safe deposit box, home safe, or memory stick could work. Just be sure that your digital personal representative knows where the information is and has access to it. Whatever method you choose, don’t put this information in your will, which will become a publicly accessible document after your death.

As with most estate planning issues, the challenges and complexities of creating a plan for digital assets vary with each person’s individual needs and circumstances. If you haven’t already made a plan for how your digital assets should be handled after your death, consider contacting an estate planning attorney to discuss your situation in detail. It’s never too soon to start planning.

Carrie S. Cloud is an attorney practicing at 146 E US Highway 52, Rushville, Indiana 46173. The information in this article is for general informational purposes only and is not legal advice.

The digital entropy of death: what happens to your online accounts when you die

The digital entropy of death: what happens to your online accounts when you die

Unless you’re planning on having your mind jammed inside some sort of computer chip, eventually mortality will catch up and you’re going to have to work out what you’ll do with all of your online accounts. When it’s time to shuffle off this mortal coil, you might, theoretically, be slightly annoyed if someone is using your dormant accounts to spam viagra or fake Twitter apps. The sad reality is, when we go, we leave behind a potentially terrifying amount of accounts lying around in the digital ether, and not all of them may be as secure as one would like.

Even if they’re locked down with multiple security steps, someone could break into a database and pilfer insecure information from the back end. We have the very odd situation of there being a digital zombie sleeper army, ready and willing to come back and cause all sorts of security/spam issues worldwide.

Is there anything we can do about it? Can relatives ensure we don’t come back as some sort of bizarre cyber-horror? Do websites and services have any process in place for this strange new world of accounts that are, to coin a phrase, just taking a nap?

Surprisingly, help is at hand more often than not. First, though, we need to have a think about some sort of tally.

There’s (not) security in numbers

Passwords are a great way to gauge how many accounts we have personally. Check out any number of “How many accounts do we have” articles going back several years. Very handy! An unintended side effect of said articles and their number crunching is that we can also use that data to try and map out the kind of problem we may be facing with orphaned accounts. The average UK consumer alone has something like 188 online accounts, and that figure is from 2015—no doubt the number continues to rise as every aspect of our lives winds its way online.

Speaking of number crunching: 151,000 people die every day. Something like 55 million people die every year. Even if just 10 percent of the 500,000 people who die in the UK annually had 188 accounts each, that’d still be 94 million accounts suddenly abandoned—more than enough to cause a spot of bother. Then throw in the accounts of the recently deceased from around the world, and the numbers are suddenly a bit panic-inducing.

I’d be surprised if scammers don’t set aside a little time for targeting obviously abandoned profiles. Aside from regular postings asking for help on Facebook due to compromise of dead people’s logins [1], [2], there’s also the problem of “cloning.” Once you start poking around this subject, problems are everywhere.

Setting the tripwires

Of course, there are a fair few security-centric things we can do now to ensure we make it as hard as possible for those going on a spot of dormant hunting. Multi-factor authentication, password managers, good browsing practices, blockers, security tools…in short, everything you’re hopefully doing by default anyway. It’ll all help to keep your accounts in lockdown when the time comes that you no longer require them.

Additionally, not all services will be around forever—the endless churn of the web will see to that. Today’s social network is tomorrow’s “bought out and turned into something for delivering pizzas by taxi.” One can assume a large portion of all but the biggest accounts you have will, eventually, crash and burn. Not good for them, not good for people using the service, but definitely good for anyone no longer fussed about the paradigm shift in pizzas and taxis.

As time has passed, digital providers have realised they need to start offering some options for relatives of the recently deceased—one can’t assume everyone knows their security stuff, and many relatives would be hugely distressed to see accounts of a dead relative tweeting about healthcare plans or posting movie promos to Instagram.

Many sites now offer a way for relatives and executors to memorialise, or just delete, an account. In other circumstances, services would rather you ” self-manage” and plan ahead for your own demise (cheerful!) by setting a ticking timer. If the account is inactive for the specified length of time, then into the great digital ether it goes. These are useful options to have available.

While a lot of services don’t openly advertise what to do in the event of a death on their website, they will give advice should you contact them, whether social network, email service, or web host. When there’s no option available, though, people will forge their own path and take care of their so-called “digital estate planning” themselves.

The D.I.Y. approach

What do you do if the visible services your loved ones used don’t do the whole “death resolution” thing? Worse, how do you even know about the potentially hundreds of logins they have sitting around elsewhere? Sure, you might know about the really obvious ones but people don’t typically draw up a list of the weird, wonderful (and possibly not wonderful) services they used and hand it to their next of kin.

What we are seeing is people making use of password managers in ways other than having a convenient and secure login to services; they’re also creating back up accounts for their digital departure. In these situations, a fully fleshed out password manager, containing all of a person’s logins, has its access stored in a secure place and given to a close relative. Of course, the relative receiving this digital treasure trove is going to be extremely trusted—they probably don’t want to hand it to that crazy uncle who shouts at family gatherings.

The manner in which they hand over the password manager account is incredibly important, too. Is it a physical thing? A login written on paper? Something digital? Is it secure? Maybe it’s a hard drive. Is it encrypted? How will it be updated with new logins/ changes to passwords? Does the relative live nearby if it’s physical? If they live far away, would something purely online make more sense?

These are all important questions that need to be thrashed out long before handing account information over, and it’s probably a bit much to put the onus on the recipient to start bolting security gates you may have left wide open. Do some pre-handover diligence, and make some time to ensure everything is locked down tight. If there’s anything hugely important you need them to know, tell them in advance—don’t hand over a hard drive and ask them why they didn’t make a backup two months after the thing has fallen into the bathtub.

Digital family heirlooms

That’s the grim stuff out of the way. What happens to accounts you’ve invested a ton of money in? You may have bought a lot of digital purchases tied to certain platforms. Games on Steam, or music on iTunes or Spotify—they’re all tied to specific logins in your name. When you die, what happens to the purchases? In the real world, you end up with a ton of dusty boxes. Online? Those “boxes” will be taken away from you.

In an ideal scenario, you could nominate someone to take over a digital account and they’d inherit the purchases. But legally, when you go, so do your files (in as much as anything you can’t download and keep locally is gone forever.) That’s because you’re buying into a license to use a thing, as opposed to buying the thing itself. I did have a whole pile of text for this bit, but as it turns out, the ground has already been thoroughly covered.

Logan’s (video game) Run

Logan’s Run, the sci-fi movie from 1976 where everyone has a timer ticking down till they hit the age of 30, is weirdly relevant to this discussion because ticking timers are most definitely going to be a thing. See, there’s nothing stopping someone from passing on a login to a family member so they can continue to make use of all the purchased content. The platform owners are never going to know about it. However, as those wheels of time continue to crank, at some point somebody is going to wonder why Steve McHuman is still playing games at the ripe old age of 123.

This is why I predict that at some point, all of our digital accounts tied to financial purchases will have some sort of average human lifespan timer attached to them. The moment it wanders past 100 or so years? Poof, gone. I mean, this is better than being chased down by a Sandman once you hit 30, but it does mean your digital purchases will almost certainly expire at a later date—and that’s assuming the services of today are even around in 100 years time.

Many are the grim ways that lead to his cybercave: all dismal

Well, not quite so dismal. Sorry, Milton. We’re in a bit of an odd situation at the moment, as we’re now well into the point in history where we have the last generation to know life before 24/7 Internet. For many, being online is an absolutely crucial resource of existence. Meanwhile, Internet of Things technology ensures it continues to leap from behind a screen to the real world. We can’t escape it, no more than we can somehow skip around Milton’s cave, and the younger generations absolutely will demand reforms to the way we think about digital content, ownership, and inheritance.

I just hope I’m around to see it. And if I’m not? Please, don’t touch my stuff.

This is a Security Bloggers Network syndicated blog post authored by Christopher Boyd. Read the original post at: Malwarebytes Labs

Swedish death cleaning: How to declutter your home and life

Swedish death cleaning: How to declutter your home and life

There has been a trend in recent years, both in literature and in life, for Scandinavian concepts that are encapsulated in a single word. Hygge, for example – which is Danish for cosiness, contentment or well-being – dominated the publishing industry in 2016.

Now, the new buzzword on the block is “dostadning” – a hybrid of the Swedish words “death” and “cleaning”. How much these fad words are actually a part of Scandinavian culture is debatable, but dostadning is the new phenomenon outlined in Margareta Magnusson’s The Gentle Art of Swedish Death Cleaning. In Europe, the book has already occupied a good deal of reviewing space and according to Time magazine, dostadning will be the hot new trend stateside in 2018.

Magnusson’s book chimes with the current anxiety about clutter in the 21st century. Dostadning advocates the proactive and mindful clearing out of possessions before death. The idea is that it saves relatives the onerous task of making decisions about what to keep and what to throw or give away. The book reflects the simple fact that we are all living longer lives. This results, of course, in more stuff.

Digital death

But it also means we have more time to get rid of things. We can start planning for our death by slimming down what we leave behind – shedding unnecessary objects in favour of what we actually need. It is the antithesis, perhaps, of the ancient Egyptian tradition of being buried with things that might accompany us into the afterlife.

Magnusson’s top tips for dostadning focus mostly on material possessions – though she suggests keeping a book of passwords for family so they can access online data more easily. But this is no straightforward task, given that more and more of our data – photos, letters, memories – as well as actual things – music and books – exist in digital rather than analogue form. And as more of our lives are logged and lodged virtually, chances are our relatives might not be able to access it.

“Don’t mind me, just writing down all my passwords for when I die”.
Shutterstock

A documentary about this precise issue aired recently on BBC Radio 4. My Digital Legacy was part of the We Need to Talk about Death series and featured terminally ill patients with an extensive digital footprint who rely on the internet – especially on social media – to connect to the world around them. The programme also heard from bereaved relatives who experienced difficulties in accessing data, including Facebook profiles, of loved ones after their death.

The death manager

My recent short story How To Curate a Life, published by Storgy Books in the anthology Exit Earth, deals with precisely this issue. Set in the not too distant future, the parents of a young woman killed suddenly in an accident try to commission Jesse – a “digital death manager” – not to curate her life but to erase it: to gain access to her files then destroy them.

In this fictional world where everyone is required to dictate the terms of their digital estate, it is illegal for Jesse to tamper with the girl’s online content. And yet, the financial reward would mean freedom from his desk bound job forever.

The concept of decluttering before you die is apparently part of Swedish culture.
Shutterstock

The story grew from an idea I found online about careers that will be ubiquitous in the future. Digital death management, it seems, is definitely set to become “A Thing”. And just as we now commission solicitors or will writers to oversee our material estate – there will come a time when people will also hire someone to clean up their digital footprint

In our already busy lives, does tending to our online existence give us one more thing to do? Perhaps so. But it’s about taking responsibility for our own stuff. If we don’t make the decisions about what to keep or discard – whether actual or online – then ultimately others will need to. And if we don’t leave clear directions about where to find our digital content, it makes things tougher for everyone.

As Magnusson writes, death cleaning is “a permanent form of organisation that makes everyday life run smoothly”. What better legacy to leave behind than to ease the bereavement process for the ones we love?

This article was originally published on The Conversation. Read the original article.