Put Your Usernames and Passwords In Your Will, Advises Japan's Government (theregister.com) 82
The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:
- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.
The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.
- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.
The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.
and for these using biometrics (Score:2)
Re: (Score:2)
Biometrics are almost universally backed by some kind of a password or similar second way of identification, because biometrics can in fact change. Fingerprints are notorious for slowly migrating and wearing out changing the pattern for example
Re: (Score:2)
Re: (Score:1)
One thing you can do about it is find a finger that isn't nearly as worn. Pinky usually sees much less wear than other three other fingers on that side of the palm if you're looking at abrasive wear and tear. If your problem is chemical wear and tear, you may find some success with scanning sides of fingers.
So how much do you want them to know (Score:1)
Also from Japan, completely on point:
https://www.youtube.com/watch?... [youtube.com]
Interesting question: how much of your data would you like your descendants to know about, and how much would you prefer to keep private or even destroy after your death?
Re: So how much do you want them to know (Score:1)
Personal items can be put into veracrypt, and remain personal.
Re: (Score:1)
The main vault password for the password manager is in our safe.
The master combination to your safe may be an impersonated police officer phone call away, depending on manufacturer.
Just a thought.
Re: (Score:2)
Reminds me of the Radiolab story where the Minnesota locksmith was called in to crack Prince's walk in safe, top of the line model.
How much do you want a world knowing. (Score:3, Insightful)
How much do you want a hacker to be able to sell after the will and trust database gets targeted and compromised?
Fucking kills me we can’t think of the most obvious problem with this before suggesting it.
Re:How much do you want a world knowing. (Score:5, Informative)
The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.
As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.
Re: (Score:1)
The Japanese government advice is to put it in a document, not specifically a database.
The title implies the Japanese government is suggesting you put them in a will.
Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.
Anything stored digitally, can be stolen digitally. Make that document and database even more valuable with passwords, and you’re painting a fresh target.
Re: (Score:3)
The title was written for Slashdot, and not by the Japanese government. Also, titles are necessarily brief. It would have been clearer to say something like "Address online accounts in your will", but please RTFS if you're not going to RTFA.
Re: (Score:3)
I've never heard of anyone asking for a digital version of a will. In fact, where I live in Canada, the only valid form of a will is an original document with an original signature witnessed by two witnesses.
That said, I have my passwords printed in a document that I store securely. The location and means of accessing said document is left in a note accompanying my will.
Re: (Score:2)
So, there is no form of "notarised document copy" service in Canada?
I bet there is.
"codicil" in English law, which probably had some influence on Canadian practice.
In an ideal world, a codicil would be signed by the will-writer, in the presence of two (or more) witnesses who then give their names, contact info, and the date as part of their signa
Re: (Score:2)
> Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.
What company would be asking for a copy of your will? Let alone "often."
The only people who should have access to that document are an estate lawyer and *maybe* choice family members.
=Smidge=
Re: (Score:2)
Indeed. Having just been "executing" Mum's will, it's the death certificate plus a notarised copy of Mum's letter to the lawyers appointing me as executor was what was asked for.
Also, expect the bank you go to to just take the documents, copy them (with their internal "chain of custody" administrivia) and immediately return them, while sending your letters etc to "Head Office" for action. You won't ever see the people who check and acc
Will our resident cyber-Karens weigh in on this? (Score:2)
Is this even legal? In the U.S.? In Japan where they are recommending this?
It is complicated enough acting on behalf of a frail-elderly parent. So you have power-of-attorney, and you wave copies of this document at financial institutions and such, but for the longest while there was this fad for seniors to set up trusts, I guess as an estate-tax avoidance procedure that I never fully understood. Trusts have their, is the word "bespoke" way of being "activated" based on language in the trust document,
Re: (Score:3)
Is this even legal? In the U.S.? In Japan where they are recommending this?
What specifically is "this" in your first question? If you mean using someone's username and password as their POA, normally yes. I would be surprised if any competently written POA document doesn't implicitly allow it. The one I actively hold for the relative I mentioned earlier, and the contingent one I have for in-laws, allow the POA to act on behalf of the principal in pretty much any non-healthcare context. (There is a separate healthcare POA.) I expect the same is true of a personal representativ
Re: (Score:2)
When I redid trust and power of attorney documents, the lawyers made sure to include electronic and online assets, because it had increasingly become a question about what to do about them. Even if a document seems to imply an "everything else not so specified" clause, it's still a good idea to get it specified just to avoid delays.
Re: (Score:2)
There is "this" of a frail elderly family member and then there is the "that" after your family member has passed on.
In the "that" situation, you no longer have power-of-attorney, rather, you should sit down with a clerk of your county Probate Court, show the will and it wouldn't hurt to have the power-of-attorney document, and the clerk will designate you as Personal Representative.
Should even a Personal Representative be logging into accounts of a once-living person? The drill is that you snail-mail
Re: (Score:2)
The Personal Representative in a will can be different from someone with DPOA or HPOA. My point still stands: be prepared, and don't assume that you'll have time to straighten affairs out after you're 80 or 70 or even 60. If you have a stroke or dementia, you probably won't realize how far you have gone.
Re: (Score:2)
A trust is just a minor part of a lot of things. The trust says you can control things, but without accounts, or even knowing if accounts exist, it's hard to get access to them.
So, cancel all cards, ASAP. Don't pay, and dispute any purchases made after death. Please hope that they don't have an online-only credit card, or paypal, or anything weird like that, because it will be very hard to get in, and you won't even know it exists. Scammers like to use those, so that money gets added and removed without
Re: (Score:2)
The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.
As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.
Anyone who's done DR as part of their job knows this. Passwords and other important info in a physical file kept at the primary and recovery site in a fireproof safe.
Re: (Score:2)
It's worth having a plan for your demise, and not too difficult to put in place. As well as some notes on important stuff that isn't immediately apparent from things like bank statements, check if any services you have support a dead man's switch function.
Google does, for example. You can set it so that if you don't log in or access any logged in device for 3 months, it deletes your account.
Re: (Score:2)
How much do you want a hacker to be able to sell after the will and trust database gets targeted and compromised?
Fucking kills me we can’t think of the most obvious problem with this before suggesting it.
You don't literally put your actual passwords in your will. You put them on a USB stick or printed document. You put that artifact in a safe deposit box, and you will the contents of that box to whomever you want. The executor of your will gets entrusted with a copy of the key to the box so that your beneficiary can receive it.
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
Find out where the key is if there's a fire safe or the like. That's where some trust documents were for my parents, and when I did get around to checking the safe deposit box there wasn't much exciting inside (two house deeds, one superceding the other, a list of items in the house because there had been a theft in the past and the list was out dated, some misc stuff, and a couple of $2 bills (I don't know why).
Re: (Score:3)
They don't necessarily need to be in a will, just a note about where they are and that they exist (safe deposit box). Of course, if your'e required to change passwords every month, that list will be out of date :-)
I've got a gazillion listed down on a thumb drive, and I really need to go through and cancel all those weird forums I signed up for in the past that required an account, most of them are utterly irrelevant if lost or stolen as I don't re-use password, but still it'll be simpler for others after
Digital Corruption. (Score:2)
I’d imagine half a century ago when people died they also had plenty of subscriptions to cancel. Magazines and newspapers existed then too, just in print firm only. Have the protections granted to Greed N. Corruption gotten so bad that we dying citizens can no longer cancel these subscriptions with ease, with nothing more than a death certificate? The fuck is that document for again, and why did everyone need a copy? Twice?
”Digital format”, does not mean you should be granted license
Re: (Score:1)
Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."
Re: (Score:2)
Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."
Thats what canceling credit cards and changing bank accounts is for. They can bill all they want to a dead person. After they’ve been properly notified via death certificate, that’s their billing problem to correct.
And Telestra may want to be careful playing that profit game. Might get interesting for them on legal financial statements if the dead-customer-profit bucket starts to become excessive enough to warrant the citizen tax office wanting to investigate where their cut is. The irony of
Re: (Score:2)
This is the solution everybody should adopt, and not just for the deceased - digital subscriptions can be cancelled by cancelling the form of payment (to include telling the credit card company not to let them charge your card any more, or cancelling the whole card) - and then
Re: (Score:2)
This only works if you close the account, which is the case of a relative death makes sense.
I would not use this advice if you just get a NEW card number but it's the same account. Many of the credit card companies will automatically shift your subscriptions to this new card, without saying anything. There was a Slashdot article about this within the last year or so.
But yes, entirely closing the account is at least a good way to stop companies from continuing to charge for service.
Re: (Score:3)
Firstly, magazines and newspapers were sent to a named person at a known address, so a death certificate would contain the information necessary to match the deceased person with the subscriber. If I have a digital subscription to product Foo which outsources the credit card billing to e.g. Square then Foo doesn't necessarily know my legal name, so they can't match a death certificate to the subscription to cancel it.
Secondly, my reading of the summary is that the point is to have a list of subscriptions th
Re: (Score:2)
When my mom died, I did have access to her digital life (which wasn't all that expansive), however, I still got a lot of bills and collection attempts in the mail. I would respond to each one by sending back a copy of the death certificate with no other information. It seemed to work to stop all that.
Re: (Score:2)
Most subscriptions were shared - just because someone died doesn't mean the
Re: (Score:2)
Half a century ago you subscribed to a magazine by mailing in a check once a year. You cancelled just by not renewing. No new check, no more magazines. End of business relationship.
Now everyone has your CC number and auto-renews. If the dead person was the only name of the card, fine just cancel the card, and no more charges. However if you have a joint card, you might be dependent on that card working after your spouse dies. You can change the number, but CC companies often helpfully inform merchants
Passwords change.... (Score:2)
Re:Passwords change.... (Score:4, Informative)
Keeping this separate from the will also enables it to be acted on a lot more quickly as there are generally limitations on what and when you can do to act on the contents of a will. This is more to enable the executors to get the necessary control of the estate and access to my contacts and the like ASAP, so the will itself can be then executed properly.
Re: (Score:2)
This - people with points give some more.
Trained my parents on this. Passwords go into a keepass db. Only password that has to be passed on is the one to get into that.
Re: (Score:2)
once your time on Earth ends (Score:1)
to have access to your smartphone and other accounts once your time on Earth ends.
I reckon most of us will stay here even after we die.
If you're rich enough you might be able to get your remains sent to Mars, or sent out on an endless trajectory like the Voyager probes.
On Earth, not in it (Score:2)
Unless your remains are interred in an above-ground vault?
Collecting from a cemetary (Score:2)
powerless to stop their credit cards being charged for services the departed cannot consume.
How do you collect from a dead person? It's not like you leave a bank account open in their name for auto payments. I had a friend who kept getting (and paying!) his late dad's internet bill while he tried to stop the service. The company needed to talk to the account holder to cancel, which was kinda hard for a dead person. I told him just stop paying and they'll figure it out; or just call in claiming to be yo
Re: (Score:2)
Be careful with simply stopping payments. They could try to claim from the deceased's estate.
If it's stuff like electricity and gas and they can see there was usage (such as heating on a timer/thermostat) they are legitimately entitled to get paid for that in many jurisdictions. The executor of the will is liable for getting that stuff turned off or transferred to someone else.
Of course if you made a reasonable effort and they were just being asshats about it, you might win in court... But it's a hassle.
Re: (Score:2)
Be careful with simply stopping payments. They could try to claim from the deceased's estate.
Yea, it's always best to just get them to cancel. In my case, I was contacted over a year after the estate was probated and when I called up they said, "Oh, OK,." It was a very small amount and I guess the cost of trying to recover, at such a late date, wasn't worth it.
If it's stuff like electricity and gas and they can see there was usage (such as heating on a timer/thermostat) they are legitimately entitled to get paid for that in many jurisdictions. The executor of the will is liable for getting that stuff turned off or transferred to someone else.
Certainly. I did that for the house until it was sold. Easier than changing the name, etc.
Of course if you made a reasonable effort and they were just being asshats about it, you might win in court... But it's a hassle.
Yea, in my friends case it was simply a cable company call center person following a script. My guess is they never bother to pursue small amounts a
Re: (Score:2)
I've found WhatsApp, of all things, to be good for cancelling. They can't hang up on you, they can't claim you didn't tell them to cancel because you have a record.
Re: (Score:2)
I've found WhatsApp, of all things, to be good for cancelling. They can't hang up on you, they can't claim you didn't tell them to cancel because you have a record.
DOesn't that require them to have WhatsApp number? They can't hang up?
Re: (Score:2)
I mean use the text chat. And yes they do need to support it, but most in the UK seem to these days.
Re: (Score:2)
I mean use the text chat. And yes they do need to support it, but most in the UK seem to these days.
Makes sense. It does seem to be a European thing, I use it there and a with folks I work with there; but the US doesn't seem to have much adoption commercially.
Re: (Score:2)
Online services, especially if they came from a startup, may not understand the concept that a customer has died, or even that a customer might some day want to cancel. Inconceivable! But yet that's how they act. Normally you just send them a copy of the death cerficate. But then you find out they don't even had a physical address to mail anything to, and no instructions on their site for this case, and no phone number to contact them (they seemingly exist online only).
The good news is that many elderly
does it have to be one document? (Score:1)
What if we require all digital services to have a "will" form?
I can write in my gmail "will" the full name and SSN of a person who inherits my access to my google account - and Google is obligated to provide reset access to that person
Banks should be handling this (Score:2)
Re: (Score:2)
You obviously have never had to deal with someones estate. I assure you, nothing about it is simple or easy and made much harder if you're also grieving while dealing with it.
Re: (Score:2)
Re: (Score:2)
A bank doesn’t know which frequent payees are recurring, let alone know how to contact them.
Re: (Score:2)
Re: (Score:2)
They actually do know which payees are recurring, usually in case of disputes, fraud, etc. Trust me, the bank knows who the payees are and how to contact them.
And with the slightest bit of effort they could find the recurring ones; it would take about 10 seconds and most of that time would be spent typing the query.
Re: (Score:2)
Some do. A lot of big banks don't, but smaller banks often will help out. I once created a new account with my mother but kept the old one active for a few months (with online access disabled), then they asked me what were the regular payments and I knew some of the them from bank statements. They also knew most of the recurring payments as I recall. Then I'd get a few calls asking if a certain misc payment was legitimate or not and I'd verify or deny it.
Anal Secure Storage (Score:2)
Let's say you follow this stupid guidance and put your passwords down on a piece of paper. What is there to stop someone from stealing your password while you're still alive? We don't live in a perfect world. Someone may have unauthorised access to your will. Either through personal connections or through a compromised solicitor who copies over your passwords while working on the document, or another member of their staff who "notices" your password while the document passes through all the formal stages of
Misleading Headline (Score:2)
The headline is misleading: The Japanese government does *not* suggest to put the credentials into the will, but into a separate document that is in the same place as the will.
There are a few problems with that:
* Who still uses passwords? (OK, old people who don't want to switch to passkeys, so that's the target audience.)
* Passwords change over time, so the document must be updated every time. Bad thing, your will is in a bank safe or at a lawyers office.
* You don't want other people to be able to access t
Re: (Score:2)
Who still uses passwords? Everyone
Even systems that allow passkeys still allow passwords as a fallback in most cases. Hell, those same systems probably also allow e-mail account recovery. Hence, you are only ever as secure as your e-mail system.
So, just write down your e-mail password, put it in a safe place and note it in your will.
I'm dealing with this (Score:5, Informative)
Reviving a long-dormant Slashdot account to post my cautionary tale. My parents both passed away in a car accident in May, on an extended trip out-of-state. Since then, I've struggled to get past passwords and 2FA to access online accounts for a variety of reasons from paying bills to accessing backed-up family photos.
Fortunately my dad had a reasonably recent backup of both my parents' laptops on an external drive with no password, which gave me access to a lot of documents like his journal and photos.
He also kept a list of passwords in an Excel spreadsheet which got me into several accounts and halfway into others that required 2FA. Even if that hadn't been on his backup SDD, he emailed a copy of it to me and one of my sisters before leaving on the trip they never returned from.
I guessed the pattern lock on my mom's phone which unlocked access to more photos, and my dad wrote down his phone/computer PIN on a scrap of paper somewhere in his belongings.
Long story short: make it easy on your executor/trustee(s). Put your master password in a letter in your files, preferably close to your will. Include your phone PIN/pattern/password, as well as backup 2FA codes to your main accounts in case the phone is lost (we were lucky their phones were functional after the accident--not everyone may be so fortunate).
Re:I'm dealing with this (Score:5, Insightful)
But how does one balance the competing objectives of keeping a master password secure, while permitting your next of kin to find it? Simply putting it on a piece of paper in a file drawer next to your will seems like inviting a burglar to make a total mess of your life. Maybe put it in a safe deposit box that your next of kin can access when they present a death certificate to the bank?
Re: I'm dealing with this (Score:2)
Re: (Score:2)
Hah. My mother got a new phone, not because she needed one really, but it was acting funny and the local AT&T reseller loves to upsell everything, but they forgot to transfer her old number! Then a few weeks later she returned it as she didn't like it and went back to her old phone, which now had a NEW number! This completely screwed up all 2FA. Trying to get accounts reset usually meant a long and tortuous phone call. Ugh.
Before then, she'd dutifully write down her passwords in a notepad file. Bu
Re: (Score:2)
Another dormant person here...
I've created a digital testament which contains:
* My ssh key passwords
* Some of the most important accounts specifically mentioned, including my own cloud instances (incl Amazon S3 deep clacier archives of all our photos since dawn of time)
* Password manager access keys
* Home NAS
etc.
I've split that "Testament" into 3 encrypted pieces with Shamir's secret sharing https://en.wikipedia.org/wiki/... [wikipedia.org]. One of the items I've sent to my sister, one to my wife and one to my best friend.
Services exist (Score:2)
I know Lastpass offers emergency access, but there maybe others. You designate another LP user as one who can request this access. There is a delay of a period of days for the account holder to cancel the request (if they weren't really dead/incapacitated), but after that the designee gets all of that info.
Re: (Score:2)
LastPass offers hacker access too!
Digital Dead Man Switch (Score:2)
Your heirs or others with power of attorney notify the dead man switch service one time, and all the subscriptions or other services will see the change of status. This
Keepass (Score:2)
I keep my passwords up to date in a Keepass file.
The password to that file is kept on paper in a secure location that my wife and family can access.
Nice thing about Keepass is that the file is accessible from multiple OSs.
Hell no (Score:2)
> Ensuring family members can unlock your smartphone or computer in case of emergency
And find my porn collection? No thanks.
Re: (Score:2)
Fool, I keep my pr0n in the safe deposit box, so only the bank knows the weird stuff I'm into.
More importantly... (Score:2)
Yes yes, they're already in there along with logins to everything, especially my email accounts.
If your designee can use your email account(s), they can recover almost all your passwords and whatnot. For external devices that need a key, put those passwords in your will too.
And for fuck's sake, make multiple copies and store them in safe, *known* places. For example, you have a will, it's notarized and everything, and it's in your desk drawer of nightstand or whatever so your spouse can find it easily. Grea
Re: (Score:2)
Give a copy to the kids. It's easy. You can even give the kids your passwords! While you're at it, but stuff into a trust, get a springing power of attorney (or durable one if you feel you might need that). Then write three letters (sorry, that's only for CEOs).
An inexpensive fire safe is handy. if the fire isn't all consuming, they'll often keep docs safe enough to read, and keep out all the water from the fire company. You might need a hacksaw or crowbar, a locksmith can help.
Wills become public records in probate court (Score:2)