This is an interesting point. When my wife’s parents died within a few months of each other, we spent ages sorting through old statements for details of their various savings accounts and we carefully checked under the mattress and carpets etc for hidden cash (we found quite a lot).
If my daughter had to do the same thing for my wife and me, she would have a harder time. I am not especially security minded but nearly all my financial transactions are online and protected by a variety of passwords and account numbers - most of which are stored in my head.
The OP makes the point about an encrypted hard drive, but most of us, I suspect, don’t go that far, but we do have a lot of hard to get at stuff stored on our hard drives and up in a cloud somewhere.
Actually, Arkon has a point. When my father died, his will stated that I got all of his tools, my sister and I got shared ownership of all of his intellectual property, and my sister, my mother, and I all three got shared ownership of everything else. So the heir to his physical computers themselves was either me, or all three of us (depending on whether the computers counted as “tools”), but the heir to the data on the computer were my sister and I (certainly a different set of heirs from the hardware).
As it happened, none of us particularly cared about Dad’s intellectual property, so it wasn’t an issue. But it could have been.
(oh, and to answer other questions, Dad told me all of his passwords a couple of years before he died, and while he did have financial records on the computer, they were organized in a way incomprehensible to anyone but him, and were of no use to anyone)
OK, fair enough. As others have said, bypassing a simple Windows login prompt is trivial. Bypassing some kinds of file and application encryption is doable. Cracking a password for a good full disk encryption solution may well be impossible.
Nava mentioned that her password manager can email her a master password. This is poor practice. It means people at the company have access to your password, which really diminishes the value of the password and also calls into question the company’s security practices.
If it is a windows system than usually cracking it is trivially easy if you have physical possession of the system, Microsoft actually provides the software to do so, and I wouldn’t imagine an heir would have any legal problem cracking it since they are the legal owner of the system. The same if you inherited a safe but they didn’t give you the combination.
If however the system has Bit locker enabled and you don’t have the pin you’re out of luck, the NSA would have a difficult time cracking it.
Laptops have better security due to the higher risk of theft.
The top laptop makers have hardware password chips builtin. (Although quite a few people fail to use them since they don’t like to enter passwords over and over.)
To log into such a laptop without the password requires contacting the manufacturer, providing proof of ownership, etc.
Some of these chips used to be bypassable by taking out the old one and soldering in a fake one. (Available online at the usual place.) But I’m not sure if this is still doable.
Full disk encryption, as noted, is a whole 'nother thing. Sans password, you are likely unable to get in.
Standard desktop PCs without disk encryption, as noted, are usually quite easy to get into.
I have been to estate sales of young deceased people. The families just seem to want to get rid of the computers with no interest in recovering anything, wiping disks, etc.
Unless there were important business/estate records or the deceased did significant creative work (e.g., a novelist) on a computer, it’s probably best to wipe the disk (if the estate wants to sell the computer) or just trash the HD and give the rest to a thrift store.
As part of your estate planning you should give the attorney not only a copy of your will but a sheet with details to all your financial accounts and computer passwords, if you update them regularly then you can give him shared access to your password manager.
Financial accounts can be accessed by the executor without the passwords. You have to go through the more traditional route of contacting the financial institution with the appropriate paperwork to get access to the account. That’s how you had to do it before the computer age. So just the list of accounts will be sufficient to eventually get access to the assets. Other types of accounts like email, social media, photos, etc. may or may not be accessible depending on that particular company’s policy of how it handles access after death.
I was co-signatory of my mother’s account, we passed that responsibility to my brother with the financial background last year. Co-signatories are limited in what they can do, but they have access in case of inhabilitation and they can freeze the account on their own recognizance in case of death (they’ve got a few days to bring in the CoD, but they can freeze the account beforehand). Also, this way my brother accessing Mom’s account online is legal. Your bank may offer something similar, ask them.
If the password manager can send someone / anyone your actual master password, that means the master password is stored someplace in their systems. Which means it can be hacked / stolen / etc. by a third party or disgruntled employee. Which also means you’ve chosen an inherently insecure password manager.
Whether the convenience of the post-mortem notification is worth the additional ante-mortem risk is a personal choice for you. But do understand that *is *the choice you’re making.
That depends on what you mean by “their systems”. It could all be done locally. Which still means there’s a plaintext copy of the password stored locally, but that isn’t as big a deal.
EDIT: You could also encrypt the e-mail to be sent using the intended recipient’s public key. That would fix the security problem, no matter where it’s stored.
Yes, you should give your attorney (or someone you trust) a list of where you have your financial accounts, no you should not give anyone any passwords.
Assuming they are not a joint owner of the account or an authorized user, no one should be impersonating you after your death and logging into your financial accounts. The executor or representative should contact the financial institution, provide proper documentation authorizing access, and secure access to the accounts through the financial institution.
I agree with what filmore said.
I keep a backup copy of my encrypted passwords on a flash drive in my safe deposit box, which my wife has access to. On that drive is a document with a rebus that shows how to unlock the password manager.
Too insecure. Doing that means typing the passwords “in the clear” in a word processor, which means they are in memory and also potentially written to the disk, all unencrypted.
I could manually write them all down, but I have hundreds of them.
And - no reason to. My method is simple and secure.