We spend our lives building digital fortresses, which have never been more secure. Between encrypted password managers, biometric locks, and the new world of passkeys, our personal data is generally only available if we are present and consenting. So how do we make sure our family can access it if we die?
Security measures are designed to keep people out. Out of our documents, our photos, our financials, our secrets. And they’ll do that after we’re gone, potentially blocking loved ones from important or sentimental data. Unless, that is, we plan properly.
Passwords and passkeys
If you’re practising good digital hygiene and storing all your passwords and passkeys in a secure manager, you might already have a decent digital legacy tool at your fingertips, as many include emergency access features.
Bitwarden has the most robust of these, though it’s only available to paying customers. You nominate a trusted contact, who can apply to take control of your account. If you’re alive and well, you can approve or deny their request. Otherwise, they will gain access after a preset amount of time following their request (for example seven days after).
1Password’s solution is a bit more analogue. Its Emergency Kit feature gives you a PDF containing your login details and a secret keycode, which will let a person take over your account and access all your credentials. The idea is that you can print this out and put it in a safe, or with other important documents.
Dashlane relies on something called a Dash file for its emergency access. The file is like a back-up of all your credentials, and is protected by a password you nominate. So again, the idea is that you place the file somewhere secure (on your home computer, or a USB stick in a safe), and make sure a trusted person knows the password.
If you’re using a different manager, it’s a good idea to investigate what emergency features they include.
Devices, and the big three
For most of us, Apple, Google and Microsoft are the vanguards of our digital lives. So your smartphone PIN or computer password is among the most vital assets you need to leave behind for a family member to use. If you don’t want to tell them directly, write it down to be kept securely with your important documents. Obviously, don’t keep it somewhere that requires the PIN to get at it! With access to your device, they’ll be able to reset the biometrics and access a lot of your data and services directly.
Apple also offers a feature called legacy contact. You nominate one in your Apple account, which generates a keycode. If your contact supplies this code and proof of your death to Apple, the company will send them a copy of your data including photos, files, messages, notes and backups. This will not give your contact access to your passwords, passkeys or purchased content; they’ll still need your PIN for that.
Google has something called inactive account manager, in which up to 10 nominated contacts get sent a link to a copy of your data automatically if your account is inactive for a set amount of time. The default is three months. This is something that anybody with a Google account should do, since it’s set and forget, and doesn’t even notify your contacts when you add them.
Microsoft is falling behind in this area, with no real account-wide emergency recovery system. However, it does provide a digital legacy feature in its OneDrive cloud storage product. You nominate a contact, who is given a secret keycode. They can provide this to Microsoft and request access to your files, with a 72-hour delay in case you’re alive and decide to block the request.
How you might organise a digital will
In addition to all the regular will stuff, it’s a good idea to set aside some instructions for handling your digital life, and this shouldn’t really take you more than half an hour. You could even designate a digital executor, somebody you know that’s relatively tech-savvy, and who you trust to help transfer your accounts and data to a next of kin.
If you have somewhere lockable to store it, the simplest solution is a physical folder with all the requisite details in it. If you’d like to stay digital it could go in a password-protected part of your computer or the secure notes section of a password manager. But you would need to make sure your executor knew how to access it. Also ensure it is not left on your devices or carelessly synced to the cloud. Here’s what would need to be in your folder:
- Clear instructions on how to access your password manager or vault. What service do you use, what email address or username, what’s the master password and what additional security is needed. Double check by logging out and using your instructions to log in.
- Two-factor authentication details. Do any of your important accounts send messages to your phone or email address for logging in? Do you have a hardware key? (Where is it? Are there spares?)
- Major account details. Even if they’re already in the password manager, your family might need immediate access to email, bank, cloud storage and social media. Write those passwords down.
- The PIN for your phone and computer.
Again, this folder is as or more important as a copy of your house and car keys with all your credit cards attached. It shouldn’t be left in the desk drawer with your will, or on your computer desktop.
Risks to keep in mind
Any move to let someone else into your credentials is a security risk, especially if you’re trying to set up access now for a potential future scenario where you’re not around. You’re essentially creating a backdoor; a way for someone else to get access that you usually have to prove your identity for.
For example, let’s say you send someone instructions on how to access your accounts, but they’re either not careful enough with them or a security failure somewhere lets a crook into their account. Now that crook has a how-to document to access your things.
Or, in another example, you might give someone you trust a secret keycode to access your password manager, but then 10 years in the future you’re not on the best terms with them and you forget to reset their access.
Many risks like these can be mitigated by using the proper tools described above.
Finally, there might be certain things you don’t want included when a loved one takes over your digital belongings. The only advice there is to make sure these things are totally separate, on a different service that isn’t accessed through your usual password manager. For example, if you usually use Google services, keep your private stuff on a OneDrive account, and memorise the login.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.
