Post-Mortem Password Access

As you may know, some of us at GMV manage to fit in a quick run during our lunch break. The other day, Antonio and I were talking about HomeKit and Homebridge, our household automation devices for carrying out certain activities like turning on the lights, triggering alarms, or turning on the boiler (my personal blog has a post dealing with all these things), and it occurred to us that if one of us were to drop dead (not an unlikely possibility at that time of full-out effort), anyone else would be hard put to gain access to all these automated household devices. So, we concluded that arrangements had to be made for giving access to my passwords in the event of my death.

¿Cómo gestionar nuestras contraseñas digitales?

No one really likes talking about death. Personally, I’ve got all my passwords in a password manager that only I have access to, with a fiendishly difficult password and two-factor authentication. Even if my wife, brother, or other trusted friend should learn the password, they would not be able to access the service to recover others like my bank password, my Apple ID for running HomeKit and automatic devices, or the Endesa password to change the name on the electricity bill.

Of course, my death would be bad enough for my family without the added hassle of not being able to change the boiler-triggering temperature or selling off the 0,000001 Bitcoins I keep in my personal wallet. And that's without even mentioning the problem of closing down my Strava account to stifle the impression I've gone totally inactive, instead of dropping out at the summit… but these are bagatelles that would be dealt with little by little.

Thank God (or the inventor responsible) there is now a solution for this, though we all too often don’t see the need until too late.

I now use LastPass as my personal password manager, and I use Sesamo for corporate passwords (though also including a few personal ones).

LastPass has an ‘Emergency Access’ feature that can be set up for this purpose, with the assignee’s consent, of course. Your emergency contact cannot access your passwords unless something happens to you; it’s not a matter of just giving this person outright access to your passwords. Should this person request access to your passwords, LastPass would contact you by all enabled means: email and cell phone notifications, text messages, and calls. If LastPass doesn’t manage to contact you within a set time (which I’ve set as 21 days) it will understand that this is because you are not able to reply (RIP), whereupon LastPass will then give the designated emergency-contact person access to your account.

It goes without saying that the Emergency Access can hardly be set lightly, otherwise it might be triggered while I'm on holiday in the Bahamas with no cell-phone access and I'd come home to find my PayPal account is plundered, the password of which I keep on LastPass.

Nor is it a good idea to choose your spouse as designated contact. After all (God forbid), you might both suffer a mishap together… in which case you, your emergency contact, and your passwords all go up in smoke without any possible access for anyone. Banks, of course, make allowance for this possibility, and if your heirs have a notary-attested, judge-authorized death certificate, they can then gain access to your bank account, but this will not be a walk in the park… and of course forget all about the €19 left in Bitcoin after the recent plummet.

In my case, I have designated two friends, one from Valencia and the other a work colleague (no, not Antonio, so don’t bother trying to coerce him into making off with my Bitcoins after my untimely demise). Both of them are sufficiently tech-savvy for all the necessary paperwork, and I trust them both implicitly for accessing my passwords and making all this easier for my wife, who will have enough on her plate without all this additional crap.

Sesamo access is much more complex. You’d have to convince Mariano J. Benito that you need access to my passwords… making all the notary-attested formalities mentioned before seem like child’s play by comparison!

What about you? Have you given any thought to this possibility and ensuring your spouse would have easy access to your passwords? Or are you one of those who think they’re going to live forever?

Author: Carlos Sahuquillo

Add new comment


Source URL: http://www.gmv.com/media/blog/cybersecurity/post-mortem-password-access