Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Privacy Japan Security

Put Your Usernames and Passwords In Your Will, Advises Japan's Government (theregister.com) 56

The Register's Simon Sharwood reports: Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

- Ensuring family members can unlock your smartphone or computer in case of emergency;
- Maintain a list of your subscriptions, user IDs and passwords;
- Consider putting those details in a document intended to be made available when your life ends;
- Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

Put Your Usernames and Passwords In Your Will, Advises Japan's Government

Comments Filter:
  • You have to donate your face, or eyes, or appropriate digits for preservation.
    • by Luckyo ( 1726890 )

      Biometrics are almost universally backed by some kind of a password or similar second way of identification, because biometrics can in fact change. Fingerprints are notorious for slowly migrating and wearing out changing the pattern for example

      • Very true. I'm 75 and recently bought a new laptop. I tried to set up fingerprint recognition to see how it worked, but it failed. My fingerprints have gotten so worn down that they don't register properly any more. Not only that, they've gotten so shallow that I'm having trouble turning pages and have to check to make sure that I'm only turning one page at a time. It's a good thing that I found out when I did, before I set things up rather than later.
  • Also from Japan, completely on point:

    https://www.youtube.com/watch?... [youtube.com]

    Interesting question: how much of your data would you like your descendants to know about, and how much would you prefer to keep private or even destroy after your death?

    • The main vault password for the password manager is in our safe.

      Personal items can be put into veracrypt, and remain personal.
      • by Anonymous Coward

        The main vault password for the password manager is in our safe.

        The master combination to your safe may be an impersonated police officer phone call away, depending on manufacturer.

        Just a thought.

    • by geekmux ( 1040042 ) on Friday November 22, 2024 @05:47AM (#64964347)

      How much do you want a hacker to be able to sell after the will and trust database gets targeted and compromised?

      Fucking kills me we can’t think of the most obvious problem with this before suggesting it.

      • by Entrope ( 68843 ) on Friday November 22, 2024 @06:19AM (#64964391) Homepage

        The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.

        As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.

        • The Japanese government advice is to put it in a document, not specifically a database.

          The title implies the Japanese government is suggesting you put them in a will.

          Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.

          Anything stored digitally, can be stolen digitally. Make that document and database even more valuable with passwords, and you’re painting a fresh target.

          • by Entrope ( 68843 )

            The title was written for Slashdot, and not by the Japanese government. Also, titles are necessarily brief. It would have been clearer to say something like "Address online accounts in your will", but please RTFS if you're not going to RTFA.

          • by dskoll ( 99328 )

            I've never heard of anyone asking for a digital version of a will. In fact, where I live in Canada, the only valid form of a will is an original document with an original signature witnessed by two witnesses.

            That said, I have my passwords printed in a document that I store securely. The location and means of accessing said document is left in a note accompanying my will.

          • > Otherwise known as that legal document often requested by many companies to be transmitted and stored digitally.

            What company would be asking for a copy of your will? Let alone "often."

            The only people who should have access to that document are an estate lawyer and *maybe* choice family members.
            =Smidge=

        • Is this even legal? In the U.S.? In Japan where they are recommending this?

          It is complicated enough acting on behalf of a frail-elderly parent. So you have power-of-attorney, and you wave copies of this document at financial institutions and such, but for the longest while there was this fad for seniors to set up trusts, I guess as an estate-tax avoidance procedure that I never fully understood. Trusts have their, is the word "bespoke" way of being "activated" based on language in the trust document,

          • by Entrope ( 68843 )

            Is this even legal? In the U.S.? In Japan where they are recommending this?

            What specifically is "this" in your first question? If you mean using someone's username and password as their POA, normally yes. I would be surprised if any competently written POA document doesn't implicitly allow it. The one I actively hold for the relative I mentioned earlier, and the contingent one I have for in-laws, allow the POA to act on behalf of the principal in pretty much any non-healthcare context. (There is a separate healthcare POA.) I expect the same is true of a personal representativ

        • by mjwx ( 966435 )

          The Japanese government advice is to put it in a document, not specifically a database. I use a ring-bound notebook near my desk. If you worry about fire, theft or the like, you can use a safe or safe deposit box or other protective measures. Or you use a password keeping program that and keep a copy of the master password somewhere safe. There are a *ton* of simple, robust ways to secure this kind of list against whatever reasonable threat you are worried about.

          As someone who has durable power of attorney for a widowed relative with severe memory impairment, it behooves one to plan ahead and not to assume one's spouse will be a reliable backstop. An annoying number of services don't provide any listed telephone number or mailing address to say "you need to cancel this subscription" -- you or your agent must log into their web site to cancel.

          Anyone who's done DR as part of their job knows this. Passwords and other important info in a physical file kept at the primary and recovery site in a fireproof safe.

        • by AmiMoJo ( 196126 )

          It's worth having a plan for your demise, and not too difficult to put in place. As well as some notes on important stuff that isn't immediately apparent from things like bank statements, check if any services you have support a dead man's switch function.

          Google does, for example. You can set it so that if you don't log in or access any logged in device for 3 months, it deletes your account.

      • by flink ( 18449 )

        How much do you want a hacker to be able to sell after the will and trust database gets targeted and compromised?

        Fucking kills me we can’t think of the most obvious problem with this before suggesting it.

        You don't literally put your actual passwords in your will. You put them on a USB stick or printed document. You put that artifact in a safe deposit box, and you will the contents of that box to whomever you want. The executor of your will gets entrusted with a copy of the key to the box so that your beneficiary can receive it.

  • I’d imagine half a century ago when people died they also had plenty of subscriptions to cancel. Magazines and newspapers existed then too, just in print firm only. Have the protections granted to Greed N. Corruption gotten so bad that we dying citizens can no longer cancel these subscriptions with ease, with nothing more than a death certificate? The fuck is that document for again, and why did everyone need a copy? Twice?

    ”Digital format”, does not mean you should be granted license

    • by Anonymous Coward

      "Digital format", does not mean you should be granted license to hide behind your own IT systems and claim "password" is the reason you get to bill a fucking dead person or their estate for an extra business quarter or three.

      Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."

      • "Digital format", does not mean you should be granted license to hide behind your own IT systems and claim "password" is the reason you get to bill a fucking dead person or their estate for an extra business quarter or three.

        Seems to work just fine for Telstra in Australia. It's not at all uncommon for accounts to drag on 12 or 18 months after their owners have been dead and buried... even after Telstra has promised the families that, "yes, roolly trooly this time, we've actually closed the account."

        Thats what canceling credit cards and changing bank accounts is for. They can bill all they want to a dead person. After they’ve been properly notified via death certificate, that’s their billing problem to correct.

        And Telestra may want to be careful playing that profit game. Might get interesting for them on legal financial statements if the dead-customer-profit bucket starts to become excessive enough to warrant the citizen tax office wanting to investigate where their cut is. The irony of

        • Thats what canceling credit cards and changing bank accounts is for. They can bill all they want to a dead person. After theyâ(TM)ve been properly notified via death certificate, thatâ(TM)s their billing problem to correct.

          This is the solution everybody should adopt, and not just for the deceased - digital subscriptions can be cancelled by cancelling the form of payment (to include telling the credit card company not to let them charge your card any more, or cancelling the whole card) - and then

    • by pjt33 ( 739471 )

      Firstly, magazines and newspapers were sent to a named person at a known address, so a death certificate would contain the information necessary to match the deceased person with the subscriber. If I have a digital subscription to product Foo which outsources the credit card billing to e.g. Square then Foo doesn't necessarily know my legal name, so they can't match a death certificate to the subscription to cancel it.

      Secondly, my reading of the summary is that the point is to have a list of subscriptions th

    • When my mom died, I did have access to her digital life (which wasn't all that expansive), however, I still got a lot of bills and collection attempts in the mail. I would respond to each one by sending back a copy of the death certificate with no other information. It seemed to work to stop all that.

    • by tlhIngan ( 30335 )

      Iâ(TM)d imagine half a century ago when people died they also had plenty of subscriptions to cancel. Magazines and newspapers existed then too, just in print firm only. Have the protections granted to Greed N. Corruption gotten so bad that we dying citizens can no longer cancel these subscriptions with ease, with nothing more than a death certificate? The fuck is that document for again, and why did everyone need a copy? Twice?

      Most subscriptions were shared - just because someone died doesn't mean the

    • by flink ( 18449 )

      Half a century ago you subscribed to a magazine by mailing in a check once a year. You cancelled just by not renewing. No new check, no more magazines. End of business relationship.

      Now everyone has your CC number and auto-renews. If the dead person was the only name of the card, fine just cancel the card, and no more charges. However if you have a joint card, you might be dependent on that card working after your spouse dies. You can change the number, but CC companies often helpfully inform merchants

    • by Zocalo ( 252965 )
      If you do this right, the only password that matters is the one needed to unlock the password manager that stores the rest. Make sure that DB also contains details of banks accounts, direct debits and other subscriptions, any critical contact info, and (hopefully!) everything else related to your digital life that might be needed by the executors of your will and you're set. My solicitor has a sealed envelope with a single sheet of A4 paper in it that contains the password and instructions to access the pa
      • This - people with points give some more.
        Trained my parents on this. Passwords go into a keepass db. Only password that has to be passed on is the one to get into that.

  • to have access to your smartphone and other accounts once your time on Earth ends.

    I reckon most of us will stay here even after we die.

    If you're rich enough you might be able to get your remains sent to Mars, or sent out on an endless trajectory like the Voyager probes.

  • powerless to stop their credit cards being charged for services the departed cannot consume.

    How do you collect from a dead person? It's not like you leave a bank account open in their name for auto payments. I had a friend who kept getting (and paying!) his late dad's internet bill while he tried to stop the service. The company needed to talk to the account holder to cancel, which was kinda hard for a dead person. I told him just stop paying and they'll figure it out; or just call in claiming to be yo

    • by AmiMoJo ( 196126 )

      Be careful with simply stopping payments. They could try to claim from the deceased's estate.

      If it's stuff like electricity and gas and they can see there was usage (such as heating on a timer/thermostat) they are legitimately entitled to get paid for that in many jurisdictions. The executor of the will is liable for getting that stuff turned off or transferred to someone else.

      Of course if you made a reasonable effort and they were just being asshats about it, you might win in court... But it's a hassle.

      • Be careful with simply stopping payments. They could try to claim from the deceased's estate.

        Yea, it's always best to just get them to cancel. In my case, I was contacted over a year after the estate was probated and when I called up they said, "Oh, OK,." It was a very small amount and I guess the cost of trying to recover, at such a late date, wasn't worth it.

        If it's stuff like electricity and gas and they can see there was usage (such as heating on a timer/thermostat) they are legitimately entitled to get paid for that in many jurisdictions. The executor of the will is liable for getting that stuff turned off or transferred to someone else.

        Certainly. I did that for the house until it was sold. Easier than changing the name, etc.

        Of course if you made a reasonable effort and they were just being asshats about it, you might win in court... But it's a hassle.

        Yea, in my friends case it was simply a cable company call center person following a script. My guess is they never bother to pursue small amounts a

        • by AmiMoJo ( 196126 )

          I've found WhatsApp, of all things, to be good for cancelling. They can't hang up on you, they can't claim you didn't tell them to cancel because you have a record.

          • I've found WhatsApp, of all things, to be good for cancelling. They can't hang up on you, they can't claim you didn't tell them to cancel because you have a record.

            DOesn't that require them to have WhatsApp number? They can't hang up?

            • by AmiMoJo ( 196126 )

              I mean use the text chat. And yes they do need to support it, but most in the UK seem to these days.

              • I mean use the text chat. And yes they do need to support it, but most in the UK seem to these days.

                Makes sense. It does seem to be a European thing, I use it there and a with folks I work with there; but the US doesn't seem to have much adoption commercially.

  • What if we require all digital services to have a "will" form?

    I can write in my gmail "will" the full name and SSN of a person who inherits my access to my google account - and Google is obligated to provide reset access to that person

  • Why is it the responsibility of surviving relatives to contact every company that the deceased may or may not have an ongoing financial relationship with to sort this out? It should be automatic that when a bank is notified that a customer is deceased, the bank then notifies all recurring payees that this is the case. Relatives just present the IDs & death certificate to the bank. It's that simple: "[name] is now deceased. Forthwith, any & all financial agreements with [name] are defunct." Any instr
    • by TXG1112 ( 456055 )

      You obviously have never had to deal with someones estate. I assure you, nothing about it is simple or easy and made much harder if you're also grieving while dealing with it.

    • A bank doesn’t know which frequent payees are recurring, let alone know how to contact them.

      • Yes, they do, and they do. It's a legal requirement in most developed countries. How do you think they regulate banks & prevent fraud & money laundering?
  • Let's say you follow this stupid guidance and put your passwords down on a piece of paper. What is there to stop someone from stealing your password while you're still alive? We don't live in a perfect world. Someone may have unauthorised access to your will. Either through personal connections or through a compromised solicitor who copies over your passwords while working on the document, or another member of their staff who "notices" your password while the document passes through all the formal stages of

  • The headline is misleading: The Japanese government does *not* suggest to put the credentials into the will, but into a separate document that is in the same place as the will.

    There are a few problems with that:
    * Who still uses passwords? (OK, old people who don't want to switch to passkeys, so that's the target audience.)
    * Passwords change over time, so the document must be updated every time. Bad thing, your will is in a bank safe or at a lawyers office.
    * You don't want other people to be able to access t

    • Who still uses passwords? Everyone

      Even systems that allow passkeys still allow passwords as a fallback in most cases. Hell, those same systems probably also allow e-mail account recovery. Hence, you are only ever as secure as your e-mail system.

      So, just write down your e-mail password, put it in a safe place and note it in your will.

  • Reviving a long-dormant Slashdot account to post my cautionary tale. My parents both passed away in a car accident in May, on an extended trip out-of-state. Since then, I've struggled to get past passwords and 2FA to access online accounts for a variety of reasons from paying bills to accessing backed-up family photos.

    Fortunately my dad had a reasonably recent backup of both my parents' laptops on an external drive with no password, which gave me access to a lot of documents like his journal and photos.

    He

    • But how does one balance the competing objectives of keeping a master password secure, while permitting your next of kin to find it? Simply putting it on a piece of paper in a file drawer next to your will seems like inviting a burglar to make a total mess of your life. Maybe put it in a safe deposit box that your next of kin can access when they present a death certificate to the bank?

  • I know Lastpass offers emergency access, but there maybe others. You designate another LP user as one who can request this access. There is a delay of a period of days for the account holder to cancel the request (if they weren't really dead/incapacitated), but after that the designee gets all of that info.

  • A modest proposal: A service, or services, that follow a standard for identifying a user as dead, or even infirm/incompetent. When you sign up you give the ID of your dead man switch service just as you give them the billing info. It must also be refreshed/confirmed periodically, just as your CC number might need a new expiration date.

    Your heirs or others with power of attorney notify the dead man switch service one time, and all the subscriptions or other services will see the change of status. This
  • I keep my passwords up to date in a Keepass file.
    The password to that file is kept on paper in a secure location that my wife and family can access.
    Nice thing about Keepass is that the file is accessible from multiple OSs.

  • > Ensuring family members can unlock your smartphone or computer in case of emergency

    And find my porn collection? No thanks.

Whoever dies with the most toys wins.

Working...