How does that make sense? Then you'd have to update your will every time you changed a password. Wouldn't it be better to keep the list somewhere safe and accessible that is easier to update, then mention that in the will?
Use a password manager, and put the master password in your will. Better yet, use keyfiles as a secondary option (I believe this is supported by all implementations of KeePass), and store a secure copy of the key file along with your will.
My current approach is having 2 copies of my Bitwarden recovery codes, each one in different physical locations. I told family members about the locations, so in the event I am unreachable (and most likely so will my 2FA device), they can still access my passwords.
Is there some flaw in this approach (besides requiring trust in the family members)?
Consider making sure to have multiple 2FA options.
I learnt the hard way this week that my recovery code for 2fa with github does not work. The second factor turned out to be the only available way for me to sign in and it looks like I've lost the account. Passwords be damned I guess.
In this case it's mildly annoying but it has forced me to reconsider that backups and instructions to access passwords are no longer sufficient.
Many password managers allow you to set up emergency access (as it's named in Bitwarden) that'll let a contact access your vault by request after a certain wait time during which you can either manually accept or decline the request.
Just in general, or only after you've died? If the latter, how does the system confirm someone has died in a way that can't be exploited by a bad actor?
This may currently be a bit beyond foolproof advice for Aunt Tilly [0] to do on her own, but:
1. Get them to use a password manager for their stuff. This can easily be a good idea all on its own, simply so that they don't reuse the same credentials everywhere.
2. The password store can be decrypted with either of two methods: A day-to-day password they memorize, or a longer key which can be stored along with the will. [1]
3. Set up the cloud services to automatically backup and share their encrypted at rest password store from their computer to various relatives and friends.
4. Take the alternate encryption key from step #1, print it on archival paper, seal it inside an opaque tamper-resistant envelope, and store the envelope along with the will--or in such a way that it reaches the right people when the person passes away.
This way they can easily keep things up-to-date with new accounts or password changes, without constantly sending new stuff to a lawyer or safe-deposit box or whatever.
_______
[0] An archetypal relative who is "not good with computers."
[1] This isn't algorithmically impossible by any means, but it's a use-case not all password managers will support. An alternative is to tell them "never change your master password ever", and then just duplicate it in the sealed envelope.
> 2. The password store can be decrypted with either of two methods: A day-to-day password they memorize, or a longer key which can be stored along with the will.
The longer key is kind of pointless given the shorter password, unless that shorter password only works with a hardware key.
Various family members have their accounts & passwords in a binder, in a known location. Not ideal, but there's no technology involved so it is "elder proof".
Could it be left with their attorney? Not really - the attorneys don't want the paper and don't want the additional responsibility for keeping it secure. Plus having to make it available at their office for recording occasional password changes.
There's an additional threat to consider: What happens when it burns up in a fire, soaks to illegibility in a flood, etc?
More than half the reason I implore my parents to digitize their ink-scrawled Sheet Of Login Stuff involves having an off-site backup. Leveraging it to help with end-of-life planning is just a bonus.
P.S.: Another bonus to this is that the sealed envelope along isn't enough for the holder to empty all of Aunt Tillie's bank accounts and flee the country. Whoever has custody of it would at least need to conspire-with or trick one of the family members into sharing them a copy of the encrypted store.
Also, for bonus disaster-preparedness: When setting up the cloud service to backup+share the encrypted file, also include the original installer for the password-safe software. It avoids the problem of trying to find code from a discontinued software project or which successor-project may or may not compatibly open the file.
How does that make sense? Then you'd have to update your will every time you changed a password. Wouldn't it be better to keep the list somewhere safe and accessible that is easier to update, then mention that in the will?
Use a password manager, and put the master password in your will. Better yet, use keyfiles as a secondary option (I believe this is supported by all implementations of KeePass), and store a secure copy of the key file along with your will.
My current approach is having 2 copies of my Bitwarden recovery codes, each one in different physical locations. I told family members about the locations, so in the event I am unreachable (and most likely so will my 2FA device), they can still access my passwords.
Is there some flaw in this approach (besides requiring trust in the family members)?
Consider making sure to have multiple 2FA options.
I learnt the hard way this week that my recovery code for 2fa with github does not work. The second factor turned out to be the only available way for me to sign in and it looks like I've lost the account. Passwords be damned I guess.
In this case it's mildly annoying but it has forced me to reconsider that backups and instructions to access passwords are no longer sufficient.
Many password managers allow you to set up emergency access (as it's named in Bitwarden) that'll let a contact access your vault by request after a certain wait time during which you can either manually accept or decline the request.
This is really a problem with crapping identity and authorization modeling.
My next of kin should be able to sign in using their own credentials (even if just ID card), and not have to impersonate their dead relative.
Just in general, or only after you've died? If the latter, how does the system confirm someone has died in a way that can't be exploited by a bad actor?
A better auth model would have protocols for establishing death.
Most places have death indexes, and death documentation.
This may currently be a bit beyond foolproof advice for Aunt Tilly [0] to do on her own, but:
1. Get them to use a password manager for their stuff. This can easily be a good idea all on its own, simply so that they don't reuse the same credentials everywhere.
2. The password store can be decrypted with either of two methods: A day-to-day password they memorize, or a longer key which can be stored along with the will. [1]
3. Set up the cloud services to automatically backup and share their encrypted at rest password store from their computer to various relatives and friends.
4. Take the alternate encryption key from step #1, print it on archival paper, seal it inside an opaque tamper-resistant envelope, and store the envelope along with the will--or in such a way that it reaches the right people when the person passes away.
This way they can easily keep things up-to-date with new accounts or password changes, without constantly sending new stuff to a lawyer or safe-deposit box or whatever.
_______
[0] An archetypal relative who is "not good with computers."
[1] This isn't algorithmically impossible by any means, but it's a use-case not all password managers will support. An alternative is to tell them "never change your master password ever", and then just duplicate it in the sealed envelope.
> 2. The password store can be decrypted with either of two methods: A day-to-day password they memorize, or a longer key which can be stored along with the will.
The longer key is kind of pointless given the shorter password, unless that shorter password only works with a hardware key.
Various family members have their accounts & passwords in a binder, in a known location. Not ideal, but there's no technology involved so it is "elder proof".
Could it be left with their attorney? Not really - the attorneys don't want the paper and don't want the additional responsibility for keeping it secure. Plus having to make it available at their office for recording occasional password changes.
There's an additional threat to consider: What happens when it burns up in a fire, soaks to illegibility in a flood, etc?
More than half the reason I implore my parents to digitize their ink-scrawled Sheet Of Login Stuff involves having an off-site backup. Leveraging it to help with end-of-life planning is just a bonus.
P.S.: Another bonus to this is that the sealed envelope along isn't enough for the holder to empty all of Aunt Tillie's bank accounts and flee the country. Whoever has custody of it would at least need to conspire-with or trick one of the family members into sharing them a copy of the encrypted store.
Also, for bonus disaster-preparedness: When setting up the cloud service to backup+share the encrypted file, also include the original installer for the password-safe software. It avoids the problem of trying to find code from a discontinued software project or which successor-project may or may not compatibly open the file.
But... a will is not secret. May as well publish it in the newspaper.