11

In the context of online accounts and identities, what are some best practices to prepare for the one certainty we all face: not a one of us will get out alive.

matt wilkie
  • 501
  • 3
  • 12
  • 1
    earlier duplicate of [How to secure identity after someone dies?](http://security.stackexchange.com/questions/4421/how-to-secure-identity-after-someone-dies) -- newer one has more info. – Jeff Ferland Jun 07 '11 at 23:27
  • 5
    @jeff, it seems that this one is about someone preparing for their own death, while that one was about dealing with the death of someone who didn't prepare well.... – nealmcb Jun 08 '11 at 01:42
  • @matt, there are a range of "assets" that people would want to protect, and we might want different questions for different classes. Can you clarify the ones you most care about (financial accounts, proper treatment of social network accounts, protecting blogs from spam, preserving reputation, or whatever?) – nealmcb Jun 08 '11 at 01:45
  • @nealmcb - I think the two can still be combined to one, sensibly enough. – Iszi Jun 08 '11 at 01:46
  • 1
    @iszi - The other one is a forensics question, this is more of a backup or key sharing question (unclear as yet). What answer would cover both, without having 2 very different parts? – nealmcb Jun 08 '11 at 02:36
  • @nealmcb - They are different, but both related to a relatively narrow situation. Combine the two, and you can address all degrees of preparedness (or lack thereof) in one answer. Otherwise, the two questions have some overlap. – Iszi Jun 08 '11 at 04:21
  • @nealmcb I think we can bypass online financial accounts as there are already established protocols for dealing with that, or at least that's the case with the ones I'm familiar with (they're tied to a "physical" bank with a signature care on file etc.). – matt wilkie Jun 08 '11 at 16:33
  • I should add this series of questions was spawned here: http://meta.webapps.stackexchange.com/questions/817/questions-about-digital-life-after-death/ – matt wilkie Jun 08 '11 at 16:37

1 Answers1

4

The certainty of ultimate demise, be it biological or simply administrative (in a business context, employees retire or are fired, either of which being equivalent to dying from the employer's point of view), means that backups must be used, in particular for cryptographic keys which are used for encryption. For instance, if you receive encrypted emails, then those mails cannot be read without using the private key. Loss of access to the private key implies loss of access to the emails themselves, something which your successor may not like at all. In practice, if you use PGP for business reasons, then there should be a copy of your private key (the one for encryption, not the one for signatures) somewhere in a corporate safe.

As for your online estate (blogs, Facebook accountd, StackExchange reputation... are all some kinds of property to which you could attribute some value, and for which you have postmortem plans), the "normal" way of dealing with it is through a notary, who is a trained professional at such questions. Unfortunately, notaries are an institution from the Middle Ages, which is not structurally well prepared to cope with fast-changing data: you do not want to pay a visit to your notary each time you change a password. So I would suggest the following scheme:

  • You choose a master passphrase (a big fat passphrase of high entropy).
  • You maintain a "passwords file" containing your credentials for your various accounts, possibly with instructions on what to do with each of them should you happen to pass away.
  • You encrypt that file with GnuPG, using the master passphrase as key (with the command line version, use the -c flag).
  • You copy the file on two or three storage mediums (USB keys, harddisks...).
  • You write the master passphrase and some instructions as to where the storage mediums are into a sealed envelope, which you give to your notary, who will deal with it when the time comes (Use a laser printer ! Inkjet prints tend to fade over time).

You will probably modify the stored files regularly, which is a good thing, since storage mediums might not keep data unaltered for decades. GnuPG follows the OpenPGP standard, which is open and well supported, and thus there should still be implementations around in 40 years (or, at least, a working implementation would not be too hard to make).

Thomas Pornin
  • 320,799
  • 57
  • 780
  • 949
  • Seems like the practices of a "notary" must vary quite a bit across cultures. In the US I've never heard of someone giving something to a notary to keep like that. I only use notaries to notarize my signature for legal documents. I would think of giving such documents to a lawyer instead, or putting them in a safe deposit box if I did it hardcopy. Or, more likely, using secret-sharing with friends. – nealmcb Jun 08 '11 at 18:43
  • 1
    @nealmcb, you're correct, I've seen culture differences around notaries before. Also, I'm sure there are escrow services that would be fitting in this scenario? – AviD Jun 09 '11 at 20:50