Don’t Take Your Passwords to the Grave

Perhaps there are secrets we should take to the grave, but computer passwords are not among them. An increasing amount of critical personal and work-related information is stored on computers instead of in file cabinets. Many people are revising their estate plans to include complete lists of online accounts and passwords.

As Liz Pulliam Weston writing for MSN Money points out that “[there’s no question that online banking, electronic bill payment and personal-finance software make our lives easier.

But could we be creating a digital mess for our heirs when we die?”

Check out Liza Weiman Hanks’ blog post, Preserving your Online Life (and All Those Annoying Passwords) where she tells about Legacy Locker.

Online financial accounts are not the only items to consider. The family could also lose access to photographs, music collections, calendars, address books, e-mail accounts, security and networking software, and membership organizations. Personal security must be balanced with the needs of your survivors.

Who can access your online info is not only important in the event of death. it is also important in the event of illness or incapacity. If you are injured in an accident or have a stroke and, even if you have a power of attorney appointing an agent to act on your behalf, if the information is not accessible, there could be serious repercussions. Unpaid bills could bring down your credit scores, insurance policies could lapse for non-payment of premiums checks could be bounced, and investment accounts could be neglected.

Eventually, your agent or executor should be able to get information about accounts, at least those they know about. But it could be very difficult and time-consuming, not to mention expensive. Even if the deceased once allowed another person to log into a computer account, that person doesn’t necessarily have permission forever. According to Keith Novick of Garder Wynne and Sewell, disregarding the legal rights of the deceased and their estates could even result in a criminal prosecution under the federal Computer Fraud and Abuse Act. Executors can take legal action if they find anyone else has entered secured accounts and made changes.

Don’t let this be a problem for your family. Make your addresses and passwords known to your executor or anyone who will need the information after your death. Make a list of user names, passwords, and accounts, and seal it in an envelope and marked “To Be Opened Upon My Death.” You can keep it in your safe deposit box with your other estate planning documents. The list must be updated on a regular basis because passwords and user names change, and new services or accounts are opened. If a file contains sensitive information you wish to keep confidential, make arrangements to have your executor delete it after your death. You can avoid creating bitter memories for your family by making sure any embarrassing digital photos, secret accounts or other items are deleted after your death.

There are other approaches. A software product called Deathswitch is an automated system that regularly prompts users for a password. If the user fails to respond timely, the system assumes that he or she is dead or critically disabled and e-mails pre-scripted messages. Each person can pick the frequency of the prompts and the maximum time to respond. These time-frames can range from one day to one year.

There is a growing industry in “cracking” passwords. Doug Bedell, writing for The Dallas Morning News, reports that there is sophisticated software available that can decipher passwords for all sorts of files. One program, for example, scans a hard drive for all data and creates a “dictionary” of every word typed by the user. By examining the most often used words or combinations of letters and numbers, forensic experts usually can deduce favorite passwords of the deceased. Patterns can also be gleaned from the record of websites visited, experts say, because people often create passwords out of quirky words used in their favorite avocations.