If you die tomorrow will your kids still be able to watch Netflix? A conversation about your Digital Legacy.
Everyone knows you need a Will, a medical directive and life insurance to help your loved ones at the end, but what about your digital world? Will your family be locked out of critical files and services until they can guess your passwords or reset your accounts?
We have covered many ideas regarding your children and their online security. Today I want to go past that subject and discuss a topic related to their online future. One thing very few people are addressing or even thinking about is a longterm digital plan, planning for your children’s digital future after you are gone. What can we do to address that end, and plan for our children’s digital future? How are we preparing for our digital end? We have spent many words going over how to make our today better online and in the current digital landscape, but what are we doing to protect ourselves and our family later on? Have you thought about what should happen to your accounts and your data when you pass? Have you written down anything regarding your current digital life? Have you talked to anyone about it? Many people accept the fact that we need a medical directive in order to handle our end of life according to our wishes, and therefore help our children deal with our future in the case of our inability, but no one is talking about what our online directives are, how to access our accounts or how we wish to end our digital life on social media.
When I started this blog, I had several ideas for tips and tricks I would cover, insights I had from my experiences in consumer IT and parenting. I made a list of things I would write about that somehow mattered to me and I wanted to pass along. I never imagined that this soon into it I would encounter a situation that moved me to write about something this dark, and while I am sorry that I am being a buzzkill here, I know now that this is very important thing to discuss. In the last few weeks I have been working with a friend helping them work thru this exact senario, but in real life and after the fact. There is so much about this that I have never thought of, so much I had never heard or seen covered online or anywhere else before. This is an inevitability of life that we all need to give at least the cursory nod to. The smallest bit of planning here can help our loved ones so much. I don’t have all the answers, heck I really don’t fully understand all the questions yet, but I can tell you that in the case of my friend who lost someone close to them, someone critical to their organization, if anyone had even thought about any of this for even a moment before hand, the last few weeks would have been much easier for everyone left behind. Following are a few questions to ask yourself, a few thoughts to start us down our rabbit hole of digital estate planning. We will discuss some ideas and try to find answers as we go. First, lets start with a worst case scenario, I don’t mean to be dark or morbid, but really, think about this possibility.
If tomorrow, your spouse were gone, what would happen to your digital world? Lets start at the basics here, would you be able to log into all the devices in your home? What about the TV? Online accounts? Netflix? What about the banks you do business with? Would you be able to log in and add money to the kids lunch accounts at your school? There are so many things that are directly tied to an online account that we never even think of. Are you retired? Have a pension or VA benefits? Paychecks that are direct deposited? When was the last time you accessed the account? Do you even know how too? Now reverse the situation, what if it were you that were gone, what would your family do? Would your spouse know how to log in, or even where to start looking to find the households accounts? Nine times out of ten, they will need to log in to any of these accounts or services online to access them at all, let alone make significant changes to them. Today’s online security is usually done in such a way that someone other than you can NOT get access (and if not, then you should worry for a different reason but we can look at that in a future article) You can see why this can quickly become vastly more than a simple issue of passwords and how so many accounts can be so easily overlooked and how this can turn into a real nightmare situation later for the ones left behind. If you are savvy enough to find this blog and read about it, you have certainly heard about the account hacks of Yahoo, Target and many others. Imagine if your accounts were hacked for something critical, something tied directly to your social security number, and your partner had no idea how to find the credentials. How would they login and re-secure it if they didn’t know it even existed? What could happen to your financial estate if it never was re-secured. This may seem a bit alarmist, but if you take into account that many people had Yahoo accounts and never used them for anything except fantasy football back in college, it could be very easy for you to forget that account was there for yourself, let alone thinking of the accounts of dead relatives, and while the damage that a hacker could do with your fantasy football account is laughable to most, the damage they could to do you other accounts that use the same password could be vast, but we never use the same password for multiple sites?!?!’ Right.. Ok, so now you can see some of the pitfalls and the reasons this could be important, let me walk you through what I found when I examined my own household and what steps I took to make it better.
In my own house, we have a PC that we use for all our household tasks. It has the quicken for our checkbook, it has the link to the kids school lunch account. It logs us into our Netflix and to our credit cards, our insurance accounts, our bank accounts and our household utility accounts. All these accounts have a different passwords (because that is the best way to mitigate the damage of a cyber attack), and when the accounts were made those unique passwords were written down in the journal, which is a small leather-bound notebook that is embossed with the words ESTATE PLAN (used this because it was handy, but in retrospect, it was probably the very best choice. I am sure that in the case of my tragic demise, anyone stepping in to handle my stuff will NOT throw out a book called ‘estate plan’). The only thing in it is a list of all our accounts and their respective passwords (I never keep passwords on a device…). Now while all these steps are a good start, time has passed, those passwords change and sometimes the book isn’t updated. We never considered that an issue because all the passwords are remembered by the PC. Since we are complacent and rely on physical security instead of best practices on some things (not recommending this, just telling you how we did it) they are saved at the first login, then we can be lax and write them down later (or not at all), and after all, we can always remember tomorrow that we changed them and write them down then… or the next time we have the book out…(which translates to NEVER) This was the same type of situation my friend had. The problem came to light when the person who owned and used the PC was involved in a tragic accident and passed away. At the very start, no one even knew how to log into windows, no one knew their password. With out being able to log into the PC, no one had access to all those instant passwords, and as they changed the passwords over time, those changes weren’t recorded because they didn’t think they needed to, the PC remembered them for them. Well, luckily, they knew someone who could get them past a simple windows login, so I did, but what if they had enabled encryption? (Which is something I strongly recommend…) If they had used something like Bitlocker, which is a factory option on all professional PC’s, getting past the windows login and into all their accounts would have been much more difficult, and frankly, there are vastly more secure options on the market for encryption than just Bitlocker. So, we lucked out on this one, but it could have been much worse. Think about that and make sure your windows login is something that others can get access to somehow. What did I do for my own house? I opened the Estate Plan, made a list of all the devices in my household, listed them by name and physical description (remember, just because you refer to a device in a certain way, that may not be obvious to the people left behind. Don’t just call it ‘Old Dell’ especially if you have more than one Dell… you get my point.) Next, beside their name and description, I wrote the date, in pencil, and the windows password. Now when I change that password, I can also change it in the book and change the date also so that I can look back from time to time and judge on sight if my list is even remotely accurate.
As soon as you have this done, you are all set right?, everything is wide open and we were able to get to all the critical data in all the account, right? NO. Simply put, we don’t have any idea of even what we are looking for, so how could we know where to look for it all? The PC remembering the password doesn’t help you get into an account you don’t know you need. For example, PC remembered the password for the Netflix account, we needed to know beforehand that there WAS a Netflix account to go looking for long before it asks for the password and the PC remembers it. Now Netflix may be a bad example, but hey, you get the idea. In the case of my friend and the mess they were working through, we didn’t know everywhere they banked, we didn’t know if they had an iTunes account, or if that account was making auto debit payments until one came across the checkbook. We knew they had an Intuit account but we had no idea what software they used it for and we didn’t know they even had the email account they used to set the Intuit account up. We knew there was money being withdrawn to pay the iTunes, but we didn’t know from were and we had no idea what other bills would auto debit. We needed to know which banks to contact, which accounts to suspend and which the estate would need to transfer and maintain. We had noticed that there was Quicken on the PC so we figured it was a solid financial start and opened it. The PC didn’t remember app passwords, so we couldn’t get into it even though we did have access to the PC. Now my friend was on the support line with the Quicken people and we had to tell them what email account it was registered too, but we didn’t know. No one had a list of all the email accounts that the loved one made and which they used for what. No one had thought of that. Several days later after jumping through all the hoops for the support folks at Quicken (and they were awesome to work with! Very high class), we had access to the account again, only to find that it hadn’t been used for almost a year. Much digging and a few hours later, we realized that the departed had been using Mint for almost a year. (Also, if you haven’t heard of it, Mint is excellent financial software, I am looking very seriously at it for my own home now) This is where we got a lucky break. They had listed EVERYTHING in Mint, and wow were we surprised at all the different accounts they had. Had they not listed them all in one place like that we may never have found them all. This is also where we found listings for the account of the tiny local charity that they volunteered as the treasurer for. We were able to contact them and help with a smooth transition after the loss. It was much better for the organization and the family to deal with all this on their own schedule and terms instead of having to be drug back into it months later after some meeting or at some high stress tax time. In the end, we spent more time than was convenient, but got all of the online accounts sorted out and the family back on an even keel and able to start trying to normalize again after the loss. I will also note here that while we considered this a win for the family and we were able to ease the blow of it all, we never approached the social media accounts that the departed used and we also have no guarantee that there are not some accounts out there, still open, and vulnerable to some online security threat that could misuse their private information later. While this is behind them, I feel it is probably far from over.
Now back to my own house again. I had my dated list of the devices and login credentials, now I started going through everything possible and writing the name of the account or business involved, the date, and the login credentials for that account. I made a complete list of all my email addresses and helped my wife make one also. I then added to those accounts any credentials, security questions, and errata that I could think of. I went through my browsing history and looked for any accounts I had missed. I opened a note file on my cloud and entered into it just the names of any account I thought of or used when I was away from my book (not any credentials, never never put online credentials online….) then made a point to sit down every night with that list and my book. After about four night, I was able to relegate it back to once a week, which is where I am now, but I am finding VERY few accounts now that are not in the list. It really didn’t take that long to get most of them entered, just a matter of days. Now if something happens to me or my wife, the ones left behind know where to look to find what they need, they know how to access it once they get there and they have a handy list of credentials and authentications to use when they get there.
Lastly, I looked at all my social sites that I interact with and asked myself one question. Will I want this stream to continue after I am gone or do I want it to end? To answer this, I went out on the web and asked that question in several different browsers. Here are two of the responses that I found the most valuable: First of all, I found a site called Digital Legacy Association. They had a ton of info, including some compelling data regarding how our social media sites can help others grieve after we are gone. They also have a great bunch of resources like a digital will template and some checklists that were very handy. I feel that they are about the best resource on the web for considering your digital demise and starting the conversations that will turn into your end of digital life plan. You can find them here: http://digitallegacyassociation.org . After you check out Digital Legacy Association and check out their forms, you may feel compelled to take some action to implement your plan. If that implementation includes social media, then you may be surprised to know Facebook now has a feature to help with this in which you can designate a person to manage your account after you pass. They are called your ‘Legacy Contact’ and can be setup in your security settings. Facebook published a help center page discussing it. Check it out here: https://www.facebook.com/help/1568013990080948 It is rumored to be in effect for your entire facebook portfolio, including Instagram, but I personally cannot confirm that.
Many other social sites are also taking steps in the right direction, Twitter is rumored to be starting something like a legacy contact, however at the last time I checked, anyone could contact them regarding a deceased user after the fact, but there were no provisions to plan ahead for it. Google has a feature called Inactive Account Management, which you can set to delete your google content after an amount of inactivity, but again, that is very limited and with the research showing the benefits of leaving your pages up for the grieving people to remember you, I am not sure that just deleting all your google content after a period of inactivity is the best route. Still, these are things you can think about, check into and take action on. Also, if we all were to contact these social media companies and explain to them how we want this handled, they may be more likely to implement some policy to help us… just saying…
So what was my take away from this experience? The moral of the story if you will? Simply think about the inevitability of your own demise. Address your digital life with the same responsibility that you would your physical life and help your loved ones by making a list, leaving good documentation and thoughtful notes regarding your activities and accounts and when ever possible, take the steps you can ahead of time so that things are easier for them after you are gone. Have conversations with your loved ones regarding what your wishes are, what your digital assets are and how you protect them so that if something does happen they at least know how what and where. I do not advocate using the same password for all your accounts, but many people do. I do recommend using unique single use passwords for each account you have no matter how insignificant the account may seem. If you have a system of password creation, a template for passwords, a master list like I do, or a password app like 1password, share it with one close trusted friend or relative along with your wishes and concerns so that everyone can have a starting place if something happens to you. Also, make an inventory of all your devices, what their login info is, and what you use them for so that if you do pass away the people left behind have an idea of where to find critical data without having to dig thru several devices to find it. Lastly, after you make these decisions and take these steps in your own digital life, which is a huge favor you are doing for the people ultimately responsible for your estate, do yourself the same huge favor and have these conversations, make these choices and take these steps with your parents, loved ones or anyone YOUwill ultimately end up responsible for in this digital world. Then like your life insurance, pray you never need any of it.