this post was submitted on 22 Nov 2024
226 points (98.3% liked)

Technology

60051 readers
3233 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 2 years ago
MODERATORS
 

Japan's National Consumer Affairs Center on Wednesday suggested citizens start "digital end of life planning" and offered tips on how to do it. The Center's somewhat maudlin advice is motivated by recent incidents in which citizens struggled to cancel subscriptions their loved ones signed up for before their demise, because they didn't know their usernames or passwords. The resulting "digital legacy" can be unpleasant to resolve, the agency warns, so suggested four steps to simplify ensure our digital legacies aren't complicated:

  • Ensuring family members can unlock your smartphone or computer in case of emergency;
  • Maintain a list of your subscriptions, user IDs and passwords;
  • Consider putting those details in a document intended to be made available when your life ends;
  • Use a service that allows you to designate someone to have access to your smartphone and other accounts once your time on Earth ends.

The Center suggests now is the time for it to make this suggestion because it is aware of struggles to discover and resolve ongoing expenses after death. With smartphones ubiquitous, the org fears more people will find themselves unable to resolve their loved ones' digital affairs -- and powerless to stop their credit cards being charged for services the departed cannot consume.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 111 points 1 month ago (2 children)

Password manager with a delegated access structure is the way to go. If my sister (who I have delegated to) requests access, provides a death certificate,and waits some cool-off period, she gets access to the portions of my password vault I designate. I will grant her access to my financials upon death, but not social media and private stuff.

Versus writing it down and giving it to a lawyer who probably has the same opsec as their 1920s counterpart.

[–] [email protected] 23 points 1 month ago (1 children)

Also are you going to update if every three months when you change your passwords? Writing it down gives only a false sense of legacy access that will likely never end up working

[–] [email protected] 4 points 4 weeks ago* (last edited 4 weeks ago) (3 children)

Let’s be realistic here. People ain’t changing their passwords every month, 3 months, even yearly.

[–] [email protected] 2 points 4 weeks ago

Or ever. As recommended by NIST.

[–] [email protected] 2 points 4 weeks ago

A lot of employers require this and people sync up their other passwords or if you're like me, you average a change for many of your passwords every 6months or so simply because you are forced to change since you can't remember the damn thing.

[–] [email protected] 2 points 4 weeks ago

It's not recommened to do anyway. So why bother if it's random generated?

[–] [email protected] 21 points 1 month ago (3 children)

Can you please let us know what password manager does what you said?

[–] FierySpectre 27 points 1 month ago (3 children)

Bitwarden has this, you can set your next-of-kin and they'll be able to get access. (They have to wait like 2 weeks or so and I imagine all sorts of alarm bells will go off if they try this while you're alive). Might be a premium only feature though idk.

[–] MajinBlayze 14 points 1 month ago

It is premium only to configure, but doesn't require premium to execute once configured.

[–] [email protected] 13 points 1 month ago

The BitWarden Emergency Access feature is premium-only to setup. And it doesn't have the death certificate/identity verification piece to it, which I prefer not having anyway.

[–] Redex68 3 points 4 weeks ago (1 children)

Wait how does that work? I thought Bitwarden couldn't access your passwords, how could they grant a third party access to your passwords without your master password?

[–] [email protected] 8 points 4 weeks ago (1 children)

my understanding is:

  1. the emergency contact sends their public key to the owner of the vault
  2. the owner encrypts the key for the vault using said public key and stores the result on bitwarden's servers
  3. the emergency contact can now request the decryption key from bitwarden, which they will receive either if the vault owner manually approves the request or if the request is not rejected within a certain amount of time
  4. the emergency contact can then decrypt the stored vault key using their private key, and use that to access the vault

source

[–] Redex68 2 points 4 weeks ago

Ok I didn't realise the emergency contact had to have a Bitwarden account, that makes sense. Thanks.

[–] [email protected] 10 points 1 month ago

So it's not actually one I would recommend. It's provided as an employee benefit through my company, and I don't particularly like my company having any relation to it at all.l and I don't like the death certificate portion.

I'm moving back to BitWarden, which has a similar feature. It's Emergency Access, in which your delegated person requests emergency access, there is a wait period where you would be getting emails or whatever notifying you of the access request, and if you don't respond within the defined time period, access is granted.

So it removes the identification / death certificate portion, which I greatly prefer. My BW vault ties to an email address that I use only for the password manager, not my legal name or Social Security number, so I'm compartmentalizing pieces of identifying information.

[–] [email protected] 1 points 1 month ago (1 children)

You can self host Vaultwarden, which is essentially self managed Bitwarden.

And the feature can be setup fairly easily.

[–] [email protected] 8 points 4 weeks ago (1 children)

Okay, but if you’re self hosting it, then die, and the hosting has an issue during that time? You’re SOL.

Don’t try to self host things like a dead man switch.

[–] [email protected] 0 points 4 weeks ago (1 children)

The likelihood that I die, and my loved ones decide to just turn off the server while knowing it's where the Vaultwarden software lives, before they get access to said Vaultwarden, is very very slim.

Self host whatever you want. Even Deadman switches.

The key is informing your loved ones the requirements for the switch. Just like if they don't know to request access in other Deadman switches.

[–] [email protected] 3 points 4 weeks ago (1 children)

And if the hard drive goes out?

Cmon, you can’t tell me you’re comfortable with a 2 week “anything could happen” period where all that information could just disappear forever.

[–] [email protected] 1 points 4 weeks ago

I can definitely tell you I'm comfortable with that.

If family doesn't know I'm dead in 3 days, they ain't family.