Hacker Newsnew | past | comments | ask | show | jobs | submitlogin
Ask HN: What happens to your passwords when you die?
8 points by chrisfrantz on July 21, 2020 | hide | past | favorite | 11 comments
I’ve been looking into setting up a will and a way to pass down accounts and passwords, but I’m not sure what the best way to handle that is.

Has anyone set up anything like this before?



LastPass has a very nice solution.. You invite your next of kins with a emergency access token email. Then when something bad happens to you they can request to gain access to your passwords. You then have something like 7 days to respond and deny the requests in an event where you need to block it, if the period lapses LastPass will share the password vault with your assigned next of kin. Been using LastPass for years now and its great!


That does sound good. The only risk I guess is if you go on an off-the-grid vacation or end up in a coma or get kidnapped, now an attacker (who might also be the hypothetical kidnapper) just needs to get their hands on an emergency token from one of the relatives you sent it to.

It might be a good case for requiring consensus among multiple trusted people.


That's just too complicated to do. If they want passwords, it's probably easier for them to just torture you or threaten to kill your kids or something. I'm sure they will think of these tactics before thinking about 1password tokens.


1Password emergency kits are a way of achieving this.

They allow you to provide a third party with all the details they need to access your passwords. It's therefore highly recommended to keep these kits at a safe location only trusted parties can access in case of an emergency.

You can also opt to keep your master password in a separate location or with a separate party, which precludes a single party from gaining access outright.

One could even envision combining it with something like Google's Inactive Account Manager (https://support.google.com/accounts/answer/3036546?hl=en ) to implement a dead man's switch by having an email sent on your behalf after a set period of inactivity.

I wouldn't want to trust them with my master password in plain text, though, which would defeat the purpose.


Google has a google specific "Inactive Account Manager":

https://support.google.com/accounts/answer/3036546?hl=en

It allows you to setup access to your account if you've been in active for a while, presumably that could eventually happens ... sometime after you die.

I started setting it up but when faced with writing an email that probably only gets sent when I'm dead to my wife / kids ... I kinda didn't want to keep going.

There is also a delete option.


A former colleague of mind is building a solution to this:

https://onceivegone.com/


This line of thinking is exactly what got me down the path of building out Passbox fwiw.

https://passbox.co


IANAL. What kind of accounts? If you're talking about accounts that contain any assets (e.g. bank, brokerage, e-commerce, ...), there shouldn't be a need to have a password for your estate to access them. Other than that, did you mean accounts that contain non-public information, or did you want to pass down the control of -say- your social media accounts to your folks?


Sure, so here are some examples: - Password to laptop + encrypted drive - Email passwords - Domain registry + live sites care instructions - Recurring charitable donations I would like to continue - iCloud account and phone passcode

There’s plenty more, but as I dig deeper there’s a lot that I’d like to make sure my wife has access to.


Keepass vault on computer and copy on usb which wife is aware of. Master password with lawyer with instructions on where to find key file and how to use.

No third party to deal with.


I Keep a last will and testament, and all legacy credentials on an Arcanus 55 keypad encrypted USB device. My Family and lawyer have the PIN.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: