"In the digital age, your estate plan isn't complete without a password manager. Otherwise, your heirs might spend eternity guessing your favorite childhood stuffed animal."
When my dad passed away, my mom and I went through the problem of accessing emails and other online accounts. Because of his progressing dementia, he had started writing down every username and password to websites anyway. The problem is that many of these passwords were out-of-date. As his dementia got into more advanced stages, he likely just forgot to write down the periodic password updates that were required back then. (Fortunately, modern NIST guidelines no longer recommend periodic password resets.) As such, there were many passwords we had to reset, and we often had to answer security questions to start the process. Fortunately, my mom’s memory is good so she could remember his first car, where they met, and other specific details required to do most of these resets. We got through it.
It also wasn’t common at the time for ordinary consumers like my parents to use password managers. The good news is, that today, password managers are pretty common, and both Marsha and I use iCloud Keychain. Marsha and I know each others’ device passwords, and we have biometric authentication (Face ID and Touch ID) on each others’ devices, too. So, if only one of us passes away and we still have our devices, we should be able to access each other’s iCloud Keychains and file shares. We also have a pretty good understanding between us of where things are or at least how to find them.
Still, there are situations such as car accidents, plane crashes, natural disasters, and sometimes even communicable diseases can lead to situations where both partners in a couple die at roughly the same time. While the chances of these situations happening are statistically quite low, Marsha and I also recognized a need to formalize ways of getting our kids access to our iCloud Keychains and file shares in the event they can’t rely on one of us to navigate through all our digital assets.
At the time of my dad’s passing, it wasn’t that common for people to have digital estate plans. Nowadays, it’s pretty common to have a digital estate plan, and there are good guides to help plan for this (example from US Bank, complete with a sample digital asset list template.) This example of a digital asset list template calls for writing down passwords, but in our case, Marsha and I are leaving the passwords out with the assumption that we will be able to arrange for our beneficiaries to gain access to our password manager, iCloud Keychain.
Apple Legacy Contacts not for passwords
Apple’s Legacy Contacts feature works well for portions of the digital estate (or “Digital Legacy”), including photos, messages, notes, files, contacts, calendars, downloaded apps, and device backups after one’s death. However, it doesn’t allow heirs to access the iCloud Keychain. This is an important missing piece to access our other online accounts.
It is also important for beneficiaries not to present the death certificate to start the process of retrieving the Digital Legacy from Apple before retrieving the iCloud Keychain. Apple iCloud Terms of Service retain the right to delete the information not covered by Digital Legacy upon receiving the death certificate. In Section IV “Your Use of the Service”, the following appears:
D. No Right of Survivorship
Except as allowed under Digital Legacy and unless otherwise required by law, you agree that your Account is non-transferable and that any rights to your Apple Account or content within your Account terminate upon your death. Upon receipt of a copy of a death certificate your Account may be terminated and all content within your Account deleted. Contact iCloud Support at https://support.apple.com/icloud for further assistance.
So, the message here is just to be careful when using the Apple Legacy Contacts feature.
Our strategy
In this post, I’ll cover my current strategy to handle the unlikely scenario of having to pass on our digital estate and secure access to our iCloud Keychain through device passcodes, iPhone recovery key, iCloud username / password, as well as mobile phone service username, passwords, and PINs should our kids need to reinstate a trusted phone number on another device. This information will be shared securely with our adult children utilizing a Microsoft 365 file share containing an encrypted PDF file and a free version of a service called DGLegacy to deliver the password to that encrypted PDF file when we die. A diagram follows.
I’ll cover the specifics, including screenshots of DGLegacy on the other side of this “paywall.”
The rest of this post is behind a “paywall”. (“Paywall” is in quotation marks because I value engagement more than the subscription fees!) I will “comp” you one month of “paid” subscription if you message me or refer friends to subscribe to this Substack using the links below.
Or, if you don’t want to bother, feel free to try a paid subscription free for 30 days. If you go on to pay, you’ll be treating me to beer or coffee!
Keep reading with a 7-day free trial
Subscribe to Retired Techie to keep reading this post and get 7 days of free access to the full post archives.