We spend our lives building digital fortresses, which have never been more secure. Between encrypted password managers, biometric locks, and the new world of passkeys, our personal data is generally only available if we are present and consenting. So how do we make sure our family can access it if we die?
Security measures are designed to keep people out. Out of our documents, our photos, our financials, our secrets. And theyโll do that after weโre gone, potentially blocking loved ones from important or sentimental data. Unless, that is, we plan properly.
Passwords and passkeys
If youโre practising good digital hygiene and storing all your passwords and passkeys in a secure manager, you might already have a decent digital legacy tool at your fingertips, as many include emergency access features.
Bitwarden has the most robust of these, though itโs only available to paying customers. You nominate a trusted contact, who can apply to take control of your account. If youโre alive and well, you can approve or deny their request. Otherwise, they will gain access after a preset amount of time following their request (for example seven days after).
1Passwordโs solution is a bit more analogue. Its Emergency Kit feature gives you a PDF containing your login details and a secret keycode, which will let a person take over your account and access all your credentials. The idea is that you can print this out and put it in a safe, or with other important documents.
Dashlane relies on something called a Dash file for its emergency access. The file is like a back-up of all your credentials, and is protected by a password you nominate. So again, the idea is that you place the file somewhere secure (on your home computer, or a USB stick in a safe), and make sure a trusted person knows the password.
If youโre using a different manager, itโs a good idea to investigate what emergency features they include.
Devices, and the big three
For most of us, Apple, Google and Microsoft are the vanguards of our digital lives. So your smartphone PIN or computer password is among the most vital assets you need to leave behind for a family member to use. If you donโt want to tell them directly, write it down to be kept securely with your important documents. Obviously, donโt keep it somewhere that requires the PIN to get at it! With access to your device, theyโll be able to reset the biometrics and access a lot of your data and services directly.
Apple also offers a feature called legacy contact. You nominate one in your Apple account, which generates a keycode. If your contact supplies this code and proof of your death to Apple, the company will send them a copy of your data including photos, files, messages, notes and backups. This will not give your contact access to your passwords, passkeys or purchased content; theyโll still need your PIN for that.
Google has something called inactive account manager, in which up to 10 nominated contacts get sent a link to a copy of your data automatically if your account is inactive for a set amount of time. The default is three months. This is something that anybody with a Google account should do, since itโs set and forget, and doesnโt even notify your contacts when you add them.
Microsoft is falling behind in this area, with no real account-wide emergency recovery system. However, it does provide a digital legacy feature in its OneDrive cloud storage product. You nominate a contact, who is given a secret keycode. They can provide this to Microsoft and request access to your files, with a 72-hour delay in case youโre alive and decide to block the request.
How you might organise a digital will
In addition to all the regular will stuff, itโs a good idea to set aside some instructions for handling your digital life, and this shouldnโt really take you more than half an hour. You could even designate a digital executor, somebody you know thatโs relatively tech-savvy, and who you trust to help transfer your accounts and data to a next of kin.
If you have somewhere lockable to store it, the simplest solution is a physical folder with all the requisite details in it. If youโd like to stay digital it could go in a password-protected part of your computer or the secure notes section of a password manager. But you would need to make sure your executor knew how to access it. Also ensure it is not left on your devices or carelessly synced to the cloud. Hereโs what would need to be in your folder:
- Clear instructions on how to access your password manager or vault. What service do you use, what email address or username, whatโs the master password and what additional security is needed. Double check by logging out and using your instructions to log in.
- Two-factor authentication details. Do any of your important accounts send messages to your phone or email address for logging in? Do you have a hardware key? (Where is it? Are there spares?)
- Major account details. Even if theyโre already in the password manager, your family might need immediate access to email, bank, cloud storage and social media. Write those passwords down.
- The PIN for your phone and computer.
Again, this folder is as or more important as a copy of your house and car keys with all your credit cards attached. It shouldnโt be left in the desk drawer with your will, or on your computer desktop.
Risks to keep in mind
Any move to let someone else into your credentials is a security risk, especially if youโre trying to set up access now for a potential future scenario where youโre not around. Youโre essentially creating a backdoor; a way for someone else to get access that you usually have to prove your identity for.
For example, letโs say you send someone instructions on how to access your accounts, but theyโre either not careful enough with them or a security failure somewhere lets a crook into their account. Now that crook has a how-to document to access your things.
Or, in another example, you might give someone you trust a secret keycode to access your password manager, but then 10 years in the future youโre not on the best terms with them and you forget to reset their access.
Many risks like these can be mitigated by using the proper tools described above.
Finally, there might be certain things you donโt want included when a loved one takes over your digital belongings. The only advice there is to make sure these things are totally separate, on a different service that isnโt accessed through your usual password manager. For example, if you usually use Google services, keep your private stuff on a OneDrive account, and memorise the login.
Get news and reviews on technology, gadgets and gaming in our Technology newsletter every Friday. Sign up here.