Andrea McClelland, CFP®
What comes to mind when you think of estate planning? Chances are, you picture legal documents, forms, and signatures. But what about passwords, digital vaults, and two-factor authentication? In today’s world, so many of our transactions and interactions take place in the digital realm, creating both new freedoms and new complexities - including what happens to our digital assets if we pass away or are incapacitated.
The term "digital assets" includes Bitcoin and blogs, but also encompasses any online login or file that you control, such as bank, investment, and credit card account logins, email, social media, digitized medical records, local and cloud computer files, reward programs (such as airline miles) and digital photos.
In our last post, we looked at the basics of traditional estate planning. Now, let’s consider an oft-forgotten piece of the planning process – ensuring that your loved ones can securely access your online life when needed.
Most states have enacted some version of the Uniform Fiduciary Access to Digital Assets law, which allows an executor or agent to legally access your digital assets.1 However, if this person doesn't know what digital assets and accounts you hold or how to log in, it can cause frustration and extra stress during a difficult time.
In some cases, you may want to specify your wishes for digital assets in your will – this is particularly important if you live in a state that has not enacted legal protections around fiduciary access to digital assets. Or, you may wish to include with your estate documents a simple letter of instruction for your heirs, noting accounts that may need attention (an auto-pay feature which should be disabled, for example) or for which you have specific wishes.
Always ensure that you’ve directly addressed any income-producing digital assets (such as cryptocurrency, websites, blogs, copyrights or trademarks) in your estate documents.2
Security is Key
Let’s address the key question: how do you grant access to your digital accounts without giving up privacy or security?
Read on for two general approaches. Each provides a method to document and securely store information about how to log in to your digital accounts, along with a way for your loved ones, executor or agent to access this information when needed.
Option 1: Create a comprehensive list
Create and periodically update a list of usernames, passwords, and PINs for your online accounts. If you create the list on your computer, you can add password protection to the file, or save to a cloud storage service (Google Drive, iCloud, Dropbox). You may wish to add two-factor authentication to your cloud storage to protect your data. This PC mag article contains instructions to set up two-factor authentication for popular cloud storage services.
Choose a safe place to store a hard copy of your list, and ensure that the right person(s) know how to access it. You could keep this list in a safe, lockbox, file cabinet, or other location in your home. Discuss the list with your trusted contact and make sure they know its location, and where to find the appropriate key or code to retrieve it.
Option 2: Use a password manager
A password manager stores your online credentials in an encrypted database. You use one master password to open your data vault, and can add two-factor authentication to enhance security. These apps can also generate and store unique passwords for each login, making it easier to avoid re-using passwords. Most allow you to store secure notes as well, in which you could include information for a trusted contact.
The key is to make sure that the right person(s) can access your password vault – either by sharing your master password with this person in advance, using a shared or family vault, or setting up an emergency access feature in the password manager. Using an emergency access feature is the best option if you wish to preserve privacy until such access is necessary.
One advantage of a password manager is that it is updated organically each time you add or update login information. Just be sure to use a long, unique master password - a passphrase (a short, memorable sentence with some capitals and special characters) is a good choice.
Here are some top-rated options:
$35/yr individual/$75 year for a family plan. Includes web and mobile app, syncing to all devices, and live support. Includes an emergency access feature that allows you select up to five trusted contacts who are granted access to your account after a waiting period that you specify. A free version is also available, but does not include emergency access.
Both free and premium ($60/yr) include an emergency feature - you designate a trusted contact who can request emergency access to your data. Dashlane will notify you; if you don’t respond before the end of a specified period, access will be granted.
Premium ($36/yr) and Family ($48/yr) versions offer an emergency access feature which allows one or more persons to access your Vault after a specified delay. LastPass Free does not offer this emergency access feature.
$36/year for individuals/$60/year for 1password Family, which allows customizable sharing for up to five family members. The app allows you to create an emergency kit to share with someone you trust. You can print the pdf, or save to cloud storage and share the file with your trusted contact.
Social Media and Google: Social media platforms take varied approaches to closing or memorializing accounts - see this helpful guide from everplans. Since Google is so ubiquitous, it warrants a special mention: Google Inactive Account Manager offers customizable emergency account access - after a period of inactivity, your trusted contact(s) are notified and granted access to selected portions of your account. You can also specify whether the account should be deleted after this period.
A word about smartphones: If you have two-factor authentication text messages set up on any online accounts, you’ll need to ensure that the right person can unlock your phone to access codes if needed – make sure they either know your phone passcode, or how to access the code in case of emergency. Keep in mind that while you may be able to add biometric (fingerprint) or face recognition for a second user to your phone, if the device is restarted or is inactive for an extended period, the passcode may be needed to unlock it.
While it is crucial to ensure the security of online accounts, it is also important for one’s executor, agent and/or heirs be able to access them when needed. A little extra planning can ensure that your loved ones have access to all the digital bits and pieces of your life at the right moment.
This content is developed from sources believed to be providing accurate information as of the date of publication, and is intended for informational purposes only. Please consult your financial professionals for specific information regarding your individual situation. Past performance does not guarantee future results. All investing involves risk, including risk of loss.