Put Your Usernames and Passwords In Your Will, Advises Japan's Government (theregister.com) 40
The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:
- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.
The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.
- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.
The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.
and for these using biometrics (Score:2)
Re: (Score:2)
Biometrics are almost universally backed by some kind of a password or similar second way of identification, because biometrics can in fact change. Fingerprints are notorious for slowly migrating and wearing out changing the pattern for example
So how much do you want them to know (Score:1)
Also from Japan, completely on point:
https://www.youtube.com/watch?... [youtube.com]
Interesting question: how much of your data would you like your descendants to know about, and how much would you prefer to keep private or even destroy after your death?
Re: So how much do you want them to know (Score:1)
Personal items can be put into veracrypt, and remain personal.
Re: (Score:1)
The main vault password for the password manager is in our safe.
The master combination to your safe may be an impersonated police officer phone call away, depending on manufacturer.
Just a thought.
How much do you want a world knowing. (Score:4, Insightful)
How much do you want a hacker to be able to sell after the will and trust database gets targeted and compromised?
Fucking kills me we can’t think of the most obvious problem with this before suggesting it.
Re:How much do you want a world knowing. (Score:5, Interesting)
The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.
As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.
Re: (Score:2)
The Japanese government advice is to put it in a document, not specifically a database.
The title implies the Japanese government is suggesting you put them in a will.
Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.
Anything stored digitally, can be stolen digitally. Make that document and database even more valuable with passwords, and you’re painting a fresh target.
Re: (Score:2)
The title was written for Slashdot, and not by the Japanese government. Also, titles are necessarily brief. It would have been clearer to say something like "Address online accounts in your will", but please RTFS if you're not going to RTFA.
Re: (Score:2)
I've never heard of anyone asking for a digital version of a will. In fact, where I live in Canada, the only valid form of a will is an original document with an original signature witnessed by two witnesses.
That said, I have my passwords printed in a document that I store securely. The location and means of accessing said document is left in a note accompanying my will.
Re: (Score:2)
> Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.
What company would be asking for a copy of your will? Let alone "often."
The only people who should have access to that document are an estate lawyer and *maybe* choice family members.
=Smidge=
Will our resident cyber-Karens weigh in on this? (Score:2)
Is this even legal? In the U.S.? In Japan where they are recommending this?
It is complicated enough acting on behalf of a frail-elderly parent. So you have power-of-attorney, and you wave copies of this document at financial institutions and such, but for the longest while there was this fad for seniors to set up trusts, I guess as an estate-tax avoidance procedure that I never fully understood. Trusts have their, is the word "bespoke" way of being "activated" based on language in the trust document,
Re: (Score:2)
Is this even legal? In the U.S.? In Japan where they are recommending this?
What specifically is "this" in your first question? If you mean using someone's username and password as their POA, normally yes. I would be surprised if any competently written POA document doesn't implicitly allow it. The one I actively hold for the relative I mentioned earlier, and the contingent one I have for in-laws, allow the POA to act on behalf of the principal in pretty much any non-healthcare context. (There is a separate healthcare POA.) I expect the same is true of a personal representativ
Re: (Score:2)
The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.
As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.
Anyone who's done DR as part of their job knows this. Passwords and other important info in a physical file kept at the primary and recovery site in a fireproof safe.
Re: (Score:2)
It's worth having a plan for your demise, and not too difficult to put in place. As well as some notes on important stuff that isn't immediately apparent from things like bank statements, check if any services you have support a dead man's switch function.
Google does, for example. You can set it so that if you don't log in or access any logged in device for 3 months, it deletes your account.
Digital Corruption. (Score:2)
I’d imagine half a century ago when people died they also had plenty of subscriptions to cancel. Magazines and newspapers existed then too, just in print firm only. Have the protections granted to Greed N. Corruption gotten so bad that we dying citizens can no longer cancel these subscriptions with ease, with nothing more than a death certificate? The fuck is that document for again, and why did everyone need a copy? Twice?
”Digital format”, does not mean you should be granted license
Re: (Score:1)
Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."
Re: (Score:2)
Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."
Thats what canceling credit cards and changing bank accounts is for. They can bill all they want to a dead person. After they’ve been properly notified via death certificate, that’s their billing problem to correct.
And Telestra may want to be careful playing that profit game. Might get interesting for them on legal financial statements if the dead-customer-profit bucket starts to become excessive enough to warrant the citizen tax office wanting to investigate where their cut is. The irony of
Re: (Score:2)
This is the solution everybody should adopt, and not just for the deceased - digital subscriptions can be cancelled by cancelling the form of payment (to include telling the credit card company not to let them charge your card any more, or cancelling the whole card) - and then
Re: (Score:3)
Firstly, magazines and newspapers were sent to a named person at a known address, so a death certificate would contain the information necessary to match the deceased person with the subscriber. If I have a digital subscription to product Foo which outsources the credit card billing to e.g. Square then Foo doesn't necessarily know my legal name, so they can't match a death certificate to the subscription to cancel it.
Secondly, my reading of the summary is that the point is to have a list of subscriptions th
Re: (Score:2)
When my mom died, I did have access to her digital life (which wasn't all that expansive), however, I still got a lot of bills and collection attempts in the mail. I would respond to each one by sending back a copy of the death certificate with no other information. It seemed to work to stop all that.
Re: (Score:2)
Most subscriptions were shared - just because someone died doesn't mean the
Passwords change.... (Score:2)
Re: (Score:3)
Re: (Score:2)
This - people with points give some more.
Trained my parents on this. Passwords go into a keepass db. Only password that has to be passed on is the one to get into that.
once your time on Earth ends (Score:1)
to have access to your smartphone and other accounts once your time on Earth ends.
I reckon most of us will stay here even after we die.
If you're rich enough you might be able to get your remains sent to Mars, or sent out on an endless trajectory like the Voyager probes.
On Earth, not in it (Score:2)
Unless your remains are interred in an above-ground vault?
Collecting from a cemetary (Score:2)
powerless to stop their credit cards being charged for services the departed cannot consume.
How do you collect from a dead person? It's not like you leave a bank account open in their name for auto payments. I had a friend who kept getting (and paying!) his late dad's internet bill while he tried to stop the service. The company needed to talk to the account holder to cancel, which was kinda hard for a dead person. I told him just stop paying and they'll figure it out; or just call in claiming to be yo
Re: (Score:2)
Be careful with simply stopping payments. They could try to claim from the deceased's estate.
If it's stuff like electricity and gas and they can see there was usage (such as heating on a timer/thermostat) they are legitimately entitled to get paid for that in many jurisdictions. The executor of the will is liable for getting that stuff turned off or transferred to someone else.
Of course if you made a reasonable effort and they were just being asshats about it, you might win in court... But it's a hassle.
does it have to be one document? (Score:1)
What if we require all digital services to have a "will" form?
I can write in my gmail "will" the full name and SSN of a person who inherits my access to my google account - and Google is obligated to provide reset access to that person
Banks should be handling this (Score:2)
Re: (Score:2)
You obviously have never had to deal with someones estate. I assure you, nothing about it is simple or easy and made much harder if you're also grieving while dealing with it.
Re: (Score:2)
Anal Secure Storage (Score:2)
Let's say you follow this stupid guidance and put your passwords down on a piece of paper. What is there to stop someone from stealing your password while you're still alive? We don't live in a perfect world. Someone may have unauthorised access to your will. Either through personal connections or through a compromised solicitor who copies over your passwords while working on the document, or another member of their staff who "notices" your password while the document passes through all the formal stages of
Misleading Headline (Score:2)
The headline is misleading: The Japanese government does *not* suggest to put the credentials into the will, but into a separate document that is in the same place as the will.
There are a few problems with that:
* Who still uses passwords? (OK, old people who don't want to switch to passkeys, so that's the target audience.)
* Passwords change over time, so the document must be updated every time. Bad thing, your will is in a bank safe or at a lawyers office.
* You don't want other people to be able to access t
Re: (Score:2)
Who still uses passwords? Everyone
Even systems that allow passkeys still allow passwords as a fallback in most cases. Hell, those same systems probably also allow e-mail account recovery. Hence, you are only ever as secure as your e-mail system.
So, just write down your e-mail password, put it in a safe place and note it in your will.
I'm dealing with this (Score:1)
Reviving a long-dormant Slashdot account to post my cautionary tale. My parents both passed away in a car accident in May, on an extended trip out-of-state. Since then, I've struggled to get past passwords and 2FA to access online accounts for a variety of reasons from paying bills to accessing backed-up family photos.
Fortunately my dad had a reasonably recent backup of both my parents' laptops on an external drive with no password, which gave me access to a lot of documents like his journal and photos.
He
Re: (Score:2)
But how does one balance the competing objectives of keeping a master password secure, while permitting your next of kin to find it? Simply putting it on a piece of paper in a file drawer next to your will seems like inviting a burglar to make a total mess of your life. Maybe put it in a safe deposit box that your next of kin can access when they present a death certificate to the bank?
Services exist (Score:2)
I know Lastpass offers emergency access, but there maybe others. You designate another LP user as one who can request this access. There is a delay of a period of days for the account holder to cancel the request (if they weren't really dead/incapacitated), but after that the designee gets all of that info.
Re: (Score:2)
LastPass offers hacker access too!