HN Reader

Put your usernames and passwords in your will, advises Japan's government

My current approach is having 2 copies of my Bitwarden recovery codes, each one in different physical locations. I told family members about the locations, so in the event I am unreachable (and most likely so will my 2FA device), they can still access my passwords.

Is there some flaw in this approach (besides requiring trust in the family members)?

1 year agoby jazzchipc

How does that make sense? Then you'd have to update your will every time you changed a password. Wouldn't it be better to keep the list somewhere safe and accessible that is easier to update, then mention that in the will?

1 year agoby JohnFen

Many password managers allow you to set up emergency access (as it's named in Bitwarden) that'll let a contact access your vault by request after a certain wait time during which you can either manually accept or decline the request.

1 year agoby lillesvin

This is really a problem with crapping identity and authorization modeling.

My next of kin should be able to sign in using their own credentials (even if just ID card), and not have to impersonate their dead relative.

1 year agoby pyuser583

This may currently be a bit beyond foolproof advice for Aunt Tilly [0] to do on her own, but:

1. Get them to use a password manager for their stuff. This can easily be a good idea all on its own, simply so that they don't reuse the same credentials everywhere.

2. The password store can be decrypted with either of two methods: A day-to-day password they memorize, or a longer key which can be stored along with the will. [1]

3. Set up the cloud services to automatically backup and share their encrypted at rest password store from their computer to various relatives and friends.

4. Take the alternate encryption key from step #1, print it on archival paper, seal it inside an opaque tamper-resistant envelope, and store the envelope along with the will--or in such a way that it reaches the right people when the person passes away.

This way they can easily keep things up-to-date with new accounts or password changes, without constantly sending new stuff to a lawyer or safe-deposit box or whatever.

_______

[0] An archetypal relative who is "not good with computers."

[1] This isn't algorithmically impossible by any means, but it's a use-case not all password managers will support. An alternative is to tell them "never change your master password ever", and then just duplicate it in the sealed envelope.

1 year agoby Terr_

But... a will is not secret. May as well publish it in the newspaper.

1 year agoby JoeAltmaier