I believe there is a factual answer, but mods are free to move this if they think there’s a better place for it.
I live alone in Montana, over 1,600 miles away from my only daughter in Oklahoma. While I don’t expect to die anytime soon, I want to have everything ready in case something happens to me. My daughter is my sole heir, and she will be responsible for all my funeral arrangements and settling my financial affairs. I have a friend locally whom I will connect her with so that my dog will be taken care of until she can get up here.
Since I’m not getting any younger, I would like to send my daughter financial information, passwords, and various security codes that I don’t want anyone to intercept. I’m very nervous about providing her with this information in an unencrypted manner for all the reasons you can imagine. Although I speak with her on the phone regularly, I don’t plan on seeing her in person anytime soon.
I’d rather not purchase an encryption system solely for this purpose. Is there any other safe and secure way to transmit information where I can guarantee it won’t be intercepted? Free would be great, but I am willing to pay something for this service. Has anybody solved this problem before?
Do you want in-transit encryption (prevent anyone from ‘grabbing’ and reading the plaintext email being sent) or end user encryption (sending an attachment that your daughter has to manually decrypt with a separate password or passkey so even if someone gains access to her Inbox they can’t read the information)?
What operating system and email provider do you use?
Do you include the phone as a possibly untrustworthy method?
This can’t be more than a dozen sheets of paper, surely? Can you send a benign (?) printed version of all your info to her - names of banks and other details that are safe to share, but nothing critical like ID or passwords - and once she receives it, settle in for a long phone call or Whatsapp session where you give her all the secret stuff and, perhaps, watch her access each account to make sure the info has been correctly captured?
Personally a registered letter would seem to be fine. Again, for performance, you could sort your info into a table with safe info / ID / password columns, print and tear them into strips of each column and send these separately, so any intercepted has no idea what your password relates to. Hide one in a book or stuffed toy present if you really think its an issue.
I think over-complication and secretiveness is more likely to lead to the info being lost, never updated and forgotten at the critical moment, so keep it simple. Plain-English instructions and info from my parents are difficult enough to follow.
And finally, surely you can ask a trustworthy legal firm to hold a sealed document for a small fee, accessible only to you and specific identified people?
You don’t necessarily need to give her passwords for her to be able to get to your accounts. You can give her just the websites and account names and she can get them after you die. If she is your executor, she can get access to the accounts from the the Letters Of Administration she’ll get from the probate court. She could walk into your bank with your account number and the documents and they’ll give her access to the account. In addition to getting access to your financial accounts, the executor will typically also be able to get access to your other accounts like email, social media, etc. Check with those companies to see how they handle access after death. By just giving her your account names, she’ll can get access to the accounts without you having to worry about passwords and keeping her updated with any changed passwords. Plus, there’s always the chance that the password document would fall into the wrong hands after it was on her laptop (e.g. from hackers).
You can make things really easy for her by declaring her the beneficiary for all of your bank and financial accounts. If she’s the beneficiary, then all she needs to do is give them your death certificate and they’ll release they funds to her. Distributing the funds to beneficiaries happens outside of probate. This will allow her to get to them quicker and with less hassle. This doesn’t give her access to the account itself. Rather, the financial institution will transfer the funds in the account to her.
If you have property, you can do a similar kind of transfer with a Transfer on Death Deed. A ToDD is a document you file with the county clerk that specifies who should be put on the deed when you die. Like the beneficiaries described above, this happens outside of probate. She would give a death certificate to the county clerk and they’ll put the property in the name of whoever is on the ToDD.
By setting up beneficiaries and the ToDD, almost all of your assets will be transferred to her without having to go through probate. Your estate will be whatever is leftover, like household goods, the car, etc. It will be much simpler for her to deal with just those odds and ends in probate rather than all the financial and property assets.
(I guess this isn’t really a FQ answer for the OP about encrypting documents. But for this situation, it may be better to look for a different solution and not to create such a document in the first place.)
One solution my family uses for sharing passwords and other important info is with LastPass. Besides having our master passwords written down on paper in the house (not in plain sight, of course), we also have shared folders so our kids can get the credentials for anything they need anytime via their own LastPass accounts. Besides being very handy for things like Netflix, it also serves as a shared, secure place for sensitive information that may change from time to time. Whenever my LP saves an updated password or detail in a shared folder, it’s accessible to them as well.
AIUI, when a home is inherited, the initial value to the recipient is the current stepped-up value of the home, not the lower original purchase price - which saves a lot of tax money if/when they later sell it.
Is that also the case with a ToDD? If not, it could be a very expensive mistake.
She’s not my executor, my brother is, but he isn’t going to handle the details surrounding my body, my house, my money, and my dog. That’s what my daughter has signed up to do.
[Moderating]
“What works and is secure” is a factual question. “What’s easy and practical to use” is not. Since this thread is looking for both, I think it’ll fit better in IMHO.
I’m not a lawyer, but I don’t believe she’s technically allowed to access your financial accounts in that case even if she has the login/pw. That might need a financial Power of Attorney document or something granting access to act on your financial accounts after your death. Otherwise, from a legal standpoint, it’s supposed to be your executor. It may not matter, but if there are any legal issues with your estate, her accessing your account without the proper legal authorization could complicate matters. I seem to remember someone saying that the bank may automatically lock the account if they get notice of the death. I’m not sure how that all works, but it could be that your daughter wouldn’t be able to login to the account anyway after your death.
Setting her as a beneficiary for your bank account could be useful here. She could walk in with a death certificate and walk out with a check from whatever was in your account. That would give her the immediate funds to deal with the short term needs before your brother is able to go through probate.
A simple way to do it is put all of the files in a directory, and then use 7-zip, or similar to create a compressed and password locked file. Send the file to your daughter, and then through a different means (text, phone, etc.) communicate the password to unlock the file.
Use a 20 character random string or 10 random words as the password. These zip based encryption methods can be vulnerable to brute force attacks if you have a weak password. You don’t need to remember the password, just save and transmit it, so don’t worry about it being memorable.
The “real” way would be to use GPG, but that is tedious. You would each have to create key pairs, then exchange the public parts of your key, and then encrypt a file to her public key, and then only she will be able to open it.
From personal experience, make sure you setup so that she can access your email and text messages. Email should be easy, because you can set Google to grant access to someone if your account goes inactive. Text messages may be more difficult, and will probably involve someone physically shipping the phone. Make sure she has the appropriate passwords to unlock it.
If she has your email and text messages, she should be able to gain access to any accounts by using the “forgot password” feature.
That is all for convenience though, and none of it gives her the legal right to your stuff. Make sure she is setup as a beneficiary on all of your accounts. Those accounts should then skip probate and go directly to her.
Another very useful option is to add her name to bank accounts. Then she can have her own access with her own password. This assumes you can trust her with such access. My brother and I are on both of our parents’ accounts.
One more thing, also from personal experience. Make sure the password files she has, however she gets them, are up to date. Even if you do something like shared LastPass or Bitwarden accounts, make sure you are using those to store your actual passwords. If you have a spreadsheet with your passwords, send her the new version when you make changes.
I was provided with access to a Bitwarden account, two typed out lists of passwords with hand written notes, and I extracted the passwords stored in three different browsers. After all of that, to access most accounts I still had to go through password recovery at most places.
Don’t make things harder for her by trying to make things easy for her and doing it poorly. The best answer is to use the password sharing feature of LastPass, Bitwarden, or similar, and actually keep all of your active passwords in there.
So, GMail is end-to-end encrypted (if the recipient is also using GMail or another service that uses Transport Layer Security), so if that is the case you could in theory just put information in plaintext in your email. But I wouldn’t ever recommend relying upon that alone for security of things like banking information. There are a number of ways to send email encrypted peer-to-peer that are seemless like using S/MIME but you have to set that up and obtain a certificate which provides public keys that you can send to the other user (and vice versa) but if this is just a one-off and your daughter doesn’t mind using a password to unlock the file I would just use 7-Zip and ‘compress’ the file using encryption with a password. (Assuming it is just simple text or a Word document you won’t get much compression but the point is really to apply the encryption.) You could also use a file sharing site such as Dropbox where you limit access to the folder holding your information to just your daughter but I’m always somewhat skeptical of putting anything into ‘the cloud’ without independent encryption because of how often supposedly ‘secure’ records are hacked.
Since, based on the OP, the encryption is only needed in one direction, only she has to set up keys. OP will need a program to encrypt, but that’s it. OP and daughter both download the program, daughter sets up a pair of keys and emails OP the public key. OP encrypts with the public key and daughter decrypts with her private key. The only unencrypted part is the public key that she sends him, but it doesn’t matter who gets their hands on it since it can only be used to encrypt.
And there’s plenty of free/open source programs that can be used. This won’t cost anything but the time to set it up.
But, if they need encrypted info to go in both directions, then yes, OP would need to set up a pair of keys. But that’s no more difficult than hitting a ‘generate keys’ button.
Another option is what I did (but never kept up with). I told someone I trusted my Windows password and directions (and another password) to find a list of every account, along with log in credentials, they’d need to ‘get my affairs in order’ in case something happens to me.
As I’m thinking about it now, I should probably just write down my Bitwarden password and tell a trusted person where to find it.
FYI, LastPass has a poor reputation with security breaches and less robust encryption than 1Password or Bitwarden. Pretty sure it’s been mentioned on the board here.
In addition to giving her the passwords, give her the names of all the financial organizations, etc., you do business with, along with their physical addresses, other important contact info, and your account numbers.
I’d print that on paper, and probably send it certified mail.
Sigh.