Simson Garfinkel* says it’s important to consider what happens to your digital estate when you die, and whether you want your loved ones to have access to it.
What would happen to your digital estate if you died, suddenly, before finishing this paragraph?
Would your survivors be able to find what you left behind?
There is nothing hypothetical about this for many people: the problem emerges, wholly formed, when tragedy strikes.
What’s worse, many people don’t have a will, let alone one that’s up to date.
As a result, most survivors lack a road map to the deceased’s assets (physical and digital) or even, in some cases, the legal authority to proceed.
Fortunately, there are many things you can do now, without a lawyer, to make things easier for your survivors.
#1 Build a back door
Fifteen years ago, if you died and your next of kin got your laptop, that person was pretty much guaranteed access to your data.
Then, in 2003, Apple introduced full disk encryption, designed to protect your data from a thief, but also keeping it out of the reach of your survivors.
Cryptocurrencies pose a similar problem: if no one has access to your digital wallet, then any value there is lost — there’s no Bitcoin central control to complain to.
Today there’s a debate as to whether tech companies should put back doors in their crypto technology so law enforcement can get access to data on devices they seize during an investigation.
Short of that, it’s easy to back-door your encryption yourself: just write down your hard drive’s master password, put the paper in an envelope, and seal it.
Do the same with your Bitcoin wallet.
Make sure it’s well hidden, but in a location that’s known to your loved ones.
#2 Sign up for Inactive Account Manager
If you have a Gmail account, use Inactive Account Manager to specify an email address that will be automatically notified three months after your Google account goes inactive.
Google defines “activity” broadly: if you check Gmail, log in to a Google website, or perform a search with a Chrome browser that’s logged into your account, Google will assume you’re not dead.
But when your digital heartbeat stops, this approach ensures that someone you trust can access your Gmail account, Google Photos, and other data.
#3 Download your medical records
Your doctor is supposed to keep copies of your test results and other records, but it’s a good idea to keep your own.
Ask for copies and scan them.
My elderly father keeps a copy of his records on a USB stick that he carries with him at all times.
It comes in handy when he sees a specialist who might not have access to his primary care provider’s computer.
Yes, there’s a risk the stick could fall into the wrong hands, but he’s decided that the risk of medical professionals not having access to his records is greater.
#4 Use a password manager
It used to be straightforward to identify the deceased’s accounts by waiting for bank statements and tax bills to arrive by snail mail.
These days, many people do their banking online and many no longer receive paper statements.
This significantly increases the chance that your bank accounts or retirement accounts might be declared “abandoned” in the event that you die.
So, use a password manager like 1Password or LastPass.
Now make sure that your spouse, or lawyer, or children, or parents, or somebody has some way to get to your accounts (so they can, for example, save any cherished photos or easily delete your accounts after you’re gone).
One way that couples can simply access each other’s accounts is by sharing their passwords.
This is getting harder as websites implement two-factor authentication, but it’s still possible by registering multiple second factors (like a FIDO Universal 2nd Factor device) and giving one to each partner.
#5 Ponder the complexities of social media
If you are an avid user of Facebook or Twitter, take some time to read their data-after-death policies.
You might not like what you find.
When Facebook is notified that one of its users has become medically incapacitated or died, the company allows authorised individuals to request that the user’s account be either “memorialised” or removed.
Be aware: memorialised accounts can be managed by a legacy contact (who has to be specified in advance), but that person can’t log into the Facebook account, remove or change past posts, or read private messages.
In one famous case, parents of a 15-year-old German girl who died after being hit by a subway train were unsuccessful in trying to force Facebook to open the girl’s account so that they, the parents, could determine if she had experienced cyberbullying or depression, or if her death really was a tragic accident.
Twitter’s policy is similar: after you die, a family member can contact the company and ask that your account be deleted, according to a help page on its website.
Twitter will also, if requested, remove specific imagery or messages sent just before or after an individual’s death.
But Twitter will not give family members access to a deceased user’s private messages.
So, if you’re storing something on Facebook that you’d like people to have access to after you’re gone, you should download that data regularly and store it where your loved ones will have access — for example, in Google Drive.
#6 Be careful what you wish for
I gave much of this advice at a cybersecurity training seminar a few months ago, and almost everybody in the room thought I was crazy.
The people there — mostly men — said they’d never share their passwords with their spouses.
And maybe they’ve got a point.
Family members should be careful about taking extraordinary measures to crack open these encrypted digital crypts, warns Ibrahim Baggili, Associate Professor of Computer Science at the University of New Haven and an expert in digital forensics.
“This person I knew died, and his wife managed to finally break into his emails and iPad and found all sorts of things about him that she did not want to know,” says Baggili.
“She really loved him, and it changed her whole perspective on him.”
* Simson Garfinkel is a science writer and author.
This article first appeared at www.technologyreview.com.