Tips From Security Experts on Choosing and Storing Passwords

more+
less-

One of the most frequently asked questions I hear when I talk about estate planning for digital property is, “How should I choose and store secure passwords for my accounts?” There’s a great July 10, 2013, article by Dan Goodin on Ars Technica asking this question to five computer security experts, including security technologist, cryptographer, and author Bruce Schneier (his blog and his books are excellent). The article has some helpful password tips, and it’s interesting to see the differences in how the security experts store their passwords!

I’ve written about choosing and storing secure passwords before. As I’ve mentioned, Microsoft generally recommends using a different strong password for each account, and choose strong passwords that are at least fourteen characters long, using a mix of uppercase letters, lowercase letters, numbers, and symbols.

When it comes to storing your passwords and keeping them up-to-date, my general recommendation is to choose a system that you’ll actually use. A written list may work well for you because it’s easy to create. A written list is much better than doing nothing, but a written list may be insecure and less convenient to update and to keep with you all the time. An electronic list can be much more secure (encrypted) than a written list, and a wide variety of easy-to-use tools are available to help you create and manage your electronic password list. Look for electronic password list software or an electronic password list Website that is easy-to-update, convenient, and secure (encrypted).

Some of the popular software tools that you can install on your computer or smartphone include Dashlane, LastPass, 1Password, KeePass, RoboForm, and Keeper. Several of these software tools are mentioned and used by the five security experts interviewed in the Ars Technica article above. Make sure that you write down instructions for your fiduciaries so they can find and access your electronic password list if you are incapacitated or deceased (store the written instructions in a secure location like a safe deposit box, home safe, etc.).

Some of the popular Web-based electronic password list services (accessed through a Web browser) offer a mechanism for authorized fiduciaries or family members to access your electronic password list if you are incapacitated or deceased. You tell the company in advance which key people can unlock this information at the appropriate time, and, after being contacted by that fiduciary or family member, the company will grant access after a verification procedure. Some of these services also can store scans of your important legal documents, including financial powers of attorney, health care directives, wills, trusts, deeds, and insurance policies. Some of the popular Web-based electronic password list services include AfterSteps, AssetLock, Assets In Order, Deathswitch, EstateMap, Estate++, E-Z-Safe, LegacyLocker, SecureSafe, and World Without Me. Check out their Web sites for more information on the services and features that they offer.