Passwords and Mortality

When you ultimately expire, will your passwords die with you?  It would likely be beneficial if some of the important passwords (banking, insurance, wi-fi, email, etc.) could be shared with your trusted survivor(s).  The question then is, "How can you still protect the integrity of your passwords while you're alive if you don't want to share them until after your final logoff?"

Matt Yoder's "Death Envelope" presentation from Defcon 16 presents a simple option.  You give a tamper-evident physical envelope (or USB key) containing your passwords to someone you trust with instructions to open it only after you pass.  Ideally, this could contain only your master password to whatever scheme you use for organizing your passwords.  I use LastPass, but there are other good alternatives like 1Password, KeePass and others.

An idea i like is to use Shamir's Secret Sharing.  If you recognize the name, it's because he's the "S" in "RSA".  In this scheme you distribute pieces of the key among friends, family, attorney etc.  Then, a pre-defined number of key pieces (but not all) are required to re-construct the master key/password.  The upside here is that a number of your trusted key holders would have to conspire to access your info pre-dirt-nap.  The downside, there's some math involved in reconstructing the key from just a few pieces.  But, that's a one time exercise that surely they could get through.

A third option is the Dead Man's Switch.  You periodically receive an email from a service.  When you stop responding (presumably because you've gone to the great crypto farm in the sky) the service can send instructions and passwords via email to your designee(s).  There are paid services that can set this up for you or you could configure something on your own.

In life, it's important to remember to use different passwords for everything.  That way if one of your passwords is compromised, the damage is limited to just the site it was stolen from.  Make sure your passwords are complex enough to not be easily guessed and follow standard password best practices.  Of course, making your passwords hard to guess can also make them hard to remember.  That's why I use LastPass.  But, a system like this means that your master key is the "key to the kingdom".  Breaking this one key then gives an adversary access to ALL your other passwords.  Accordingly, this master password (better yet a pass phrase) should be complex and secure to the point of paranoia.  Pretty much every password management program comes with generator that can generate unique, strong passwords.