Study their behaviors. Observe their territorial boundaries. Leave their habitat as you found it. Report any signs of intelligence.

Loading Table of Contents...

Saturday, April 17, 2021

My Dead Man's Switch

If my wife and I both die at the same time, we need our estate's trustees to be able to take over our financial and electronic accounts. (Our trustees are a select few chosen from among our siblings, friends, and adult children.) But as trusted as our trustees are, we don't trust them to have access to all our accounts while we're both still alive. We don't want to store our account credentials in on-site storage that could be taken by an intruder or destroyed by a disaster.  And we don't want to store our account credentials in an off-site service that is inconvenient to update and that itself has to be trusted not to use our stored credentials. What to do?

Our solution is to encrypt our account credentials with a special password known to our trustees, and then arrange that our trustees only get the encrypted credentials if we're incapacitated. For this we use Dead Man's Switch. It allows us to schedule an email to our trustees, that will only be sent if I fail to visit that web site for N consecutive days. The free default is 2, but I bought a $50 life membership that lets me set it to any value. I chose 10. That's long enough to let me be distracted by a vacation or health problem, but short enough to get our trustees going quickly if we actually die.

My dead man's email says:

Subject: Is Brian incapacitated?

This email is automatically sent if Brian goes 10 days without visiting The encrypted information below gives you access to Brian's financial and online accounts. When decrypted it is a list of Brian's passwords. Decrypt it using the following steps. ....

The email then includes instructions how to use An InfoEncrypt ciphertext is encrypted using standard AES-128, and if InfoEncrypt ceases to exist then the ciphertext can still be decrypted on other web sites.

So my passwords are never stored anywhere, except in encrypted form. And the trustee password is never written down anywhere. It's a special password I've told only to my trustees. (I occasionally check that they still remember it. So far, so good.)

An extra level of security would be to divide the password among multiple trustees, so that no single one of them could immediately take our accounts if the Dead Man's email somehow was sent prematurely. But even if that happened, we'd still want to change our most sensitive passwords, in case our trustees colluded. (I had to do this once, because I turned on the gmail feature of inbox "categories", and didn't see my Dead Man reminder emails in the gmail Updates folder. My trustees were shocked to get the scary email announcing my possible incapacitation!)

Dead Man's Switch is a nifty service. It should be combined with an encryption service like InfoEncrypt to make the above setup simpler and more secure. Even so, the existence of this setup means that certain movie script scenarios are now off the table for characters who can be expected to understand this straightforward technology. It's kind of like how so many old movie plots would no longer make sense in a world of cell phones and GPS and mobile internet and satellite emergency location beacons.

P.S. My backup to all this is Google Inactive Account Manager. If I don't access my Google account for 3 months, then my trustees get control of it -- including the file they need to decrypt to see my other passwords. Unfortunately, 3 months is the minimum timeout Google allows.

No comments: