"In the digital age, your estate plan isn't complete without a password manager. Otherwise, your heirs might spend eternity guessing your favorite childhood stuffed animal."
When my dad passed away, my mom and I went through the problem of accessing emails and other online accounts. Because of his progressing dementia, he had started writing down every username and password to websites anyway. The problem is that many of these passwords were out-of-date. As his dementia got into more advanced stages, he likely just forgot to write down the periodic password updates that were required back then. (Fortunately, modern NIST guidelines no longer recommend periodic password resets.) As such, there were many passwords we had to reset, and we often had to answer security questions to start the process. Fortunately, my mom’s memory is good so she could remember his first car, where they met, and other specific details required to do most of these resets. We got through it.
It also wasn’t common at the time for ordinary consumers like my parents to use password managers. The good news is, that today, password managers are pretty common, and both Marsha and I use iCloud Keychain. Marsha and I know each others’ device passwords, and we have biometric authentication (Face ID and Touch ID) on each others’ devices, too. So, if only one of us passes away and we still have our devices, we should be able to access each other’s iCloud Keychains and file shares. We also have a pretty good understanding between us of where things are or at least how to find them.
Still, there are situations such as car accidents, plane crashes, natural disasters, and sometimes even communicable diseases can lead to situations where both partners in a couple die at roughly the same time. While the chances of these situations happening are statistically quite low, Marsha and I also recognized a need to formalize ways of getting our kids access to our iCloud Keychains and file shares in the event they can’t rely on one of us to navigate through all our digital assets.
At the time of my dad’s passing, it wasn’t that common for people to have digital estate plans. Nowadays, it’s pretty common to have a digital estate plan, and there are good guides to help plan for this (example from US Bank, complete with a sample digital asset list template.) This example of a digital asset list template calls for writing down passwords, but in our case, Marsha and I are leaving the passwords out with the assumption that we will be able to arrange for our beneficiaries to gain access to our password manager, iCloud Keychain.
Apple Legacy Contacts not for passwords
Apple’s Legacy Contacts feature works well for portions of the digital estate (or “Digital Legacy”), including photos, messages, notes, files, contacts, calendars, downloaded apps, and device backups after one’s death. However, it doesn’t allow heirs to access the iCloud Keychain. This is an important missing piece to access our other online accounts.
It is also important for beneficiaries not to present the death certificate to start the process of retrieving the Digital Legacy from Apple before retrieving the iCloud Keychain. Apple iCloud Terms of Service retain the right to delete the information not covered by Digital Legacy upon receiving the death certificate. In Section IV “Your Use of the Service”, the following appears:
D. No Right of Survivorship
Except as allowed under Digital Legacy and unless otherwise required by law, you agree that your Account is non-transferable and that any rights to your Apple Account or content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all content within your Account deleted. Contact iCloud Support at https://support.apple.com/icloud for further assistance.
So, the message here is just to be careful when using the Apple Legacy Contacts feature.
Our strategy
In this post, I’ll cover my current strategy to handle the unlikely scenario of having to pass on our digital estate and secure access to our iCloud Keychain through device passcodes, iPhone recovery key, iCloud username / password, as well as mobile phone service username, passwords, and PINs should our kids need to reinstate a trusted phone number on another device. This information will be shared securely with our adult children utilizing a Microsoft 365 file share containing an encrypted PDF file and a free version of a service called DGLegacy to deliver the password to that encrypted PDF file when we die. A diagram follows.
I’ll cover the specifics, including screenshots of DGLegacy on the other side of this “paywall.”
UPDATE: Paywall removed for Christmas 2024!
The rest of this post is behind a “paywall”. (“Paywall” is in quotation marks because I value engagement more than the subscription fees!) I will “comp” you one month of “paid” subscription if you message me or refer friends to subscribe to this Substack using the links below.
Or, if you don’t want to bother, feel free to try a paid subscription free for 30 days. If you go on to pay, you’ll be treating me to beer or coffee!
Shared files
We already have a Microsoft 365 instance for our whole family. We use it for our personal emails, distribution lists for receiving verification emails for streaming services that we share, and a shared OneDrive for Business. Because we live in an urban condo, we’ve chosen not to have a paper file cabinet anymore, so all of our tax returns, medical records, and other documents to keep are stored there.
By default, the “Home File Cabinet” is shared between me and Marsha.
We give our kids selective access to their own respective folders.
In truth, probably the biggest usage of it today by our daughters is the shared recipe directory.
Limitations on Shared Files
File sharing is vulnerable to human error. Every time a file is shared with another person, it can be inadvertently shared with others. Likewise, device hacks on individuals through phishing or other attacks can reveal data that individuals have access to, including those in shared file systems.
While less likely, any hack on the shared file service itself might also result in inadvertent data leakage.
As such, the one thing we do NOT include in the “Home File Cabinet” are unencrypted versions of the critical files used for security, like the backup codes for 2-factor authentication, our iPhone recovery keys, or any files containing passwords. Today, these critical files are all PDF-encrypted (256-bit AES encryption) using a strong encryption password.
I need to update these files with the current “state of the world,” as I haven’t updated these in a while! While today, the encryption password is one that Marsha and I just know, our intention is to use a stronger encryption password that we can’t memorize and to keep a printed copy in a fireproof safe.
Preventing premature disclosure
Another “nice to have” of a digital estate plan is the ability to restrict access to the underlying assets on the Digital Asset List until after death. Many solve this problem by keeping encrypted thumb drives or passwords with an estate attorney to release upon death.
We chose not to do this, largely because of history. Our first estate attorney passed away a few years ago. Our second attorney changed law firms, and we had records transferred to her new law firm. We are currently working with a third firm, with this one based in Portland, Oregon.
I was also researching whether it’d be possible to provide this password disclosure via a service, and there’s now one called DGLegacy. I signed up for the free version.
With this free version, I was able to store my encryption password with their service. The service is set up with a “Heartbeat Protocol.” It monitors my activity on X (formerly Twitter). When it doesn’t see my X activity, it will send an email after 45 days of inactivity. If I do not act on that email, my beneficiary is notified. Here is the flowchart the service presented to me. (I did not purchase the upgrade involving phone calls).
DGLegacy Screens
While the high level website for DGLegacy did a decent job explaining the functionality of the product, I always like to see how the screens look. As such, I’ve taken a few screen shots to show how this is all laid out in the software. This is the screen showing the user interface for Heartbeat Protocol settings.
The concept here is that I am having DGLegacy protect an “asset”, in this case my document password. I have also stored the URL to the encrypted docs directory, which isn’t secured by a single password but rather granted to our family members via their Microsoft 365 accounts but might be hard to find given all the files up there right now.
The beneficiary to be contacted by a failure in the Heartbeat Protocol is our older daughter, Christina (denoted by the “CP” icon). The free plan lets me set up one beneficiary. Paying the service allows for additional beneficiaries.
To keep our younger daughter “in the loop,” I got around the paywall by adding her as a “trustee.” The actual password isn’t shared with her, but she will be notified when the time comes.
As mentioned, this service is free to me. I have not entered a credit card number.
In addition, the service is protected by two-factor authentication.
We haven’t actually “failed” a Heartbeat Protocol yet to run a test, so we don’t know if it works. That will be a future action item. In the meantime, I am doing the work to update our digital asset list to update it with the latest “map” of how we get to our digital assets.
Summary
This strategy represents where my head is at right now for protecting our digital assets and providing more secure access into the iCloud Keychain upon death.
I believe this strategy has several attributes:
Does not provide the beneficiaries access to usable data before they need it, reducing exposure to breaches or accidental sharing
Notifies beneficiaries automatically when passwords become available
Requires authentication from Microsoft 365 to access the files to decrypt
Does not leave sensitive files unencrypted in public file sharing services like Microsoft OneDrive for Business
Does not provide a less reputable third party (DGLegacy in this case) from having access to any data. The service is storing just the password to files that they can’t otherwise access
Free
Do you have a strategy for these scenarios?
Dear Stephen,
Happy to hear that DGLegacy® helps you protect your digital estate and loved ones, and that the service we've built with so much love and dedication resonates with you. Try out the other awesome features we've built for you, like https://www.dglegacy.com/features/quick-share/.
Ana
CEO of DGLegacy