After 20 years working for technology companies, I recognize I sound like a Luddite when I warn people that using password keepers, and encrypted data solutions is not the best option for securing your data and sharing it with a loved one. There is a risk of a breach, and the security put into place can prevent a loved one from stepping in to help you when you need it. But the news stories just seem to make this issue more confusing.
I didn’t believe Apple when they said they couldn’t break into their own security system. I believe the threat of exposing that capability would only make most adults recognize the inherent risk in using cloud storage or relying on their iPhone to keep their secrets. Recently, the New York Times reported that U.S. Says It Unlocked the iPhone Without Apple.
I spent a year working for a company that provided digital security solutions for the U.S. government. It required more than just encrypted data, and as we have all learned, most security breaches happen because of human error. According to Equifax, the leading source of identity theft is a lost wallet. After that, its typically cited as “phishing,” where criminals send out compelling emails to gather your personal information (some of which they may get from corporate data breaches), and unfortunately enough individuals readily respond making this a lucrative criminal tactic. We also hear about the bigger breaches including the recent breach at the Department of Justice getting access to the profiles of 9,000 employees of the Department of Homeland Security.
So, is your digital data secure? I believe it really comes down to your comfort with the risk. Personally, I would never store my usernames, passcodes, or personal information connected to my finances in the cloud. I keep a list on a flash drive that I print out regularly so my family could easily access the information that surrounds our shared lives, and that they would need to manage if I were unable to do so. But I recognize many others enjoy the benefits of using password keepers.
Recently, there have been a host of virus attacks at hospitals making your digital health care records unavailable when you might need them. Because power goes out, web-sites fail and Wi-Fi isn’t always available, digital storage shouldn’t be your only source of record-keeping.
I drink my own kool-aid. When a client asked me to create a digital tool to collect and organize her information based on print version of the MemoryBanc Register, I did. In the past year, it’s been almost half of MemoryBanc product sales. The Flash Drive Edition prompts users through the key information in an editable, printable PDF document.
Because of the laws surrounding digital data, the only way to truly share it with others is to give it to them, doing that is against most of the rules of the providers but in this case, I’m a rule-breaker. For those of us still looking at a friend who passed-away on Facebook, or that get email from a criminal who hi-jacked their still open account, please consider how you would share this information because there is no other way for those around you to deal with this unless you do. Pleaded.
If you are in the metro-DC area, you can attend Taming the Internet at McLean Community Center on April 7, 2016 to learn more and have an in-depth discussion on this topic.
After having to step in and use a Durable Power of Attorney (DPOA) to assist my parents, I quickly found so many gaps in its functionality, I devised many work arounds with my Dad so I could help them.
Not only were we surprised to find that a number of financial institutions declined to accept the DPOA, but there are many facets of our digital lives that it doesn’t cover.
For those of us who use online services, email accounts and enjoy the online bill-pay services provided by our banks, what we don’t know can hurt us. If you haven’t stopped to read the “terms and conditions” you accepted, they typically state you can’t share the account and the provider basically dictates the rules. If you are incapacitated, the only way a loved one can get access is if you share your username and passcode.
The Uniform Law Commission helps standardize state laws and recently endorsed a plan that would give loved ones access to — but not control of — the deceased’s digital accounts, unless specified otherwise in a will. Given that at the age of 65, 7 out of 10 American’s will need 3 or more years of long-term care, we must recognize that most people will need someone to have access to these accounts while we are alive.
If you don’t have a list that documents this information for your own benefit and that can provide loved ones with needed information, click here to download a free chapter called “Taming the Internet” from the Amazon best-seller MemoryBanc: Your Workbook for Organizing Life that includes worksheets and details on how you can provide loved ones with the information they may need to help you.
NBC News just reported that a Russian crime ring stole over a billion passcodes. Our lives just got one notch more complicated.
Most adults average 28 online accounts. My last count was 87. That is A LOT of usernames, passcodes, PINs and information to remember. I manage several accounts for my Mom, some for my children (school, dance, soccer and track registrations), most of our household accounts and then all of the accounts for MemoryBanc.
We fail to recognize how many accounts we keep track of in our heads, on our mobile phones and even under our keyboards, I quickly realized how much information surrounds a household when I stepped in to help my parents. I started by documenting medical information (prescriptions, doses, doctors, history, follow-ups) so I could be a good health care advocate. Then I needed to pay bills and manage their finances, then came household services and ultimately online accounts. The binder I created to keep track of all of their information launched MemoryBanc. I quickly moved our own household to the print, then the digital edition of the MemoryBanc Register. Given I have more than 87 online accounts — I have made sure to document them all.
The NBC News story provides users with many options on how to create unique but varying passcodes as well as suggestions for online password storage sites. Most passcode managers have encrypted data and 2-factor authentication to prevent hacking — but nothing is 100% secure (just look at the issues the US has had with data breaches) and those protections also leave your loved ones without access should they need to act on your behalf. Make sure to have a solution that allows you to print out a copy of your passcodes. Should the company that owns your password manager have a critical failure … you should have a plan B.
If you don’t have have a list, I hope you will take this opportunity to document your accounts, I have included a simple excel spreadsheet that contains all the information you should be documenting. You can download it and document your usernames, passcodes, PINs and security codes (don’t save it on your computer please).
If you are worried about sharing this information, consider how helpful it would be to a loved one should you ever be unable to act on your own behalf. Pleaded.
Last night I met up with colleagues from a job I had at the Software Publishers Association (now called the Software & Information Industry Association). Most of us worked technology jobs in our careers and one of my colleagues wanted to know what I thought about the “security experts” telling us to never put all of our pass codes in one place. I recently posted a blog on why it’s important and teach classes encouraging people to put this information in one place.
It’s easy for the IT guy or the security expert to tell us to not have them in one place. However, I’m not sure this is practical in the realm that I focus. In your home and your personal life, the likelihood that someone would break in and steal your usernames and pass codes is very, very, very low. The biggest risk you have is that a family member would use them to steal or snoop on you. If you have that possibility, then you might want to keep the list locked up or hide them and tell only those individuals you would trust to step in and use the information if you ever needed their help.
In your personal life, there is no IT support that can access your email and give access to someone else if something should happen to you. The Terms and Conditions of the user agreements you accepted preclude the ability of others, even with a “Digital Durable Power of Attorney” from accessing those accounts. Google launched an “inactive account manager” that lets you set up notification and access for others if your account hasn’t been used in three months, however, that is a long time to wait for access if you need to reset a bill pay pass code.
I stand by my recommendation. Having walked in the shoes of the person that stepped in to help when a loved one was unable to manage their own affairs, I hope you will consider documenting your usernames and pass codes — and ask everyone in your household to do the same. Convinced.
This is a topic that is near and dear to me. Related stories include: