Digital estate planning

An article was written within Choice (1 October 2020) titled “A guide to digital estate planning”. What I would like to know does anyone have an example of the type of information that should be included within the e-register and all the fields that are required. A template would be of really good help, if anyone has one to share or can point me to an approximate web page, it would be appreciated. I currently have password protection software and using it on my devices. I have all the usual, web based emails accounts, photos and documents on online storage and backups in different places plus digital subscription services.

Welcome to the community @smithwj

For reference and others:

It answered all my questions.

Thank you for your reply. Yes, that is the article that I was referring to.
What I’m looking for is a template or sample of an e-register that I could use to record my digital estate and was hoping that someone maybe able to help me.

Make a list of accounts and put them into a spreadsheet (ie column A) along with the passwords (ie column B) and anything else necessary for an heir/executor to access them. Anything else necessary to identify the ‘whats and wherefores’ of each site and acccount can be in columns C and beyond.

That way they can easily be alphabetised for ease of access via sorting to make it easier, or they can be grouped and sorted as finance, social media, services, etc.

… being cautious to ensure that this is not itself a massive security exposure. At a minimum, the spreadsheet should be password protected and that password made available via some other means. However this isn’t really much different from using a password manager.

A very generic piece of advice could be: simplify, reduce, declutter.

Ask yourself whether you really need “all the usual”. If you are thoughtful enough to have decided that you

a) care about your digital estate, and
b) want to make life easier for your executor

then reducing the size of the problem before you die could also be part of the solution.

I would like to endorse the following comment from the linked Choice article.

Over time, your files and folders might have become a disorganised mess. For you, this might not be a problem because you know where everything is. You also know the specific times and places photos were taken because you were there when it happened.

I “inherited” a bunch of physical photos when an elderly relative died. The photos are essentially useless because there is no information associated with them as to when and where the photo was taken, who is depicted etc. etc.

(I acknowledge that for digital photos the “when” and optionally the “where” may be taken care of automatically.)

So, again as generic advice, if your digital estate falls into that category (“disorganised mess”) then your plan could be either to fix that or that those digital resources should die with you.

Thank you for the good advice. This idea all started as we are planning to update our wills (last done 6 years ago) and I thought about all those assets that are stored on my PC and online and what would happen to all those assets when I was no long here to make those decisions.
I’m the family genealogist and volunteer at the local senior computer club and thought it could make a good subject to discuss there.
I did inherit all my mother’s photos, and it has been a long process sorting them. The question is who should inherit them when I’m not here?
Normally once a year (sometimes twice) I have “a cleanup” of my files on PC but take your point it should be more often.
I had made a general list of types of assets that I hold. Also list of possible column headings below.

1. type of asset
2. name or description of asset
3. asset location (including web address, if applicable)
4. is password stored in password manager? Yes/No
5. password if not stored in password manager
6. two factor login? (Yes/No)
7. Detail description of asset
8. Is it a subscription site? Does it renew automatically?
9. Do you own it?
10. What should happen to it?
    Any suggestions for the columns?

I think you have pretty much nailed it.

re #6 (2FA) include what device is required.

One other generic suggestion re 2FA … be careful about the order in which your executor “tears everything down” . For example, if you let your CC provider or your mobile service provider know that you have died and if therefore those services stop working, a lot of what is implied by your column headings could stop working.

And another suggestion to the list of assets … you need a process to keep it up to date. Over long periods of time, things change. For example, if you include a web address but the company gets taken over, the web address might eventually change. etc. etc. etc.

Thank you both for your advice.
I have started on the spreadsheet but have already seen that this may take some time just to setup the template with several different sheets. The columns will also be different between sheets and with depend on the assets that I wish to identify.
I’m not just preparing this in the case of my demise but in case I have an accident and end up in hospital or even nursing home. I normally pay all the accounts within the household and look after the general finances.
This list below, I have typed up over the last few days. I may be able to combine a few together as I go, but certainly work in progress.

1. electronically stored videos and photographs (backups online and offsite)
2. family history records stored on various web sites
3. online subscriptions (some renew automatically)
4. email accounts
5. e-bills and direct debits
6. financial information such as share trading, superannuation, real estate
7. online bank accounts
8. blogs
9. photos and videos stored on social media sites such as Facebook, Google
10. domain names and websites
11. purchased content from providers such as ebooks
12. transaction and personal details held on shopping sites which are holding my details
13. financial online payment systems such as PayPal
14. content on government department systems such as mygov
15. pin numbers for apps on mobile devices

If you do go the spreadsheet path, make sure that it is kept up-to-date with any changes. Remembering this very important as soon as it is out of date, its value diminishes.

Another option is to just use a password manager which allows notes to be included. Most password managers auto-update if open and say you change a password. If you use them regularly, then it is likely you will also keep it up to date. Having one system to update is better than two.

In the notes column, you can add things like answers to authentication questions (e.g. your mother’s maiden name) as well as any pertinent but private information about the site (stored copies of financial records or how payments are made).

The password manager doesn’t necessarily need to be limited to online accounts and passwords, it can also keep encryption keys if you use these for files encrypted and stored somewhere (such as on a cloud), other details such as how to access computers, phones, password protected software/files or other electronic devices. It can also include names and contacts of professionals you use and have records (doctors, lawyers, accountants, financial planners etc). We use ours for such purpose.

For a will, you will need to give information on how to access the password manager. It is important the process is robust enough to make sure it isn’t accessed in an unauthorised way before the will’s execution. The username and password manager software used can be placed in or attached to the will. For keys/password manager passcode, these must be kept separately. This can be done by placing the key/password in a secure but recoverable location - such as in a file within a paper filing cabinet within your home…or stored in the location you say store documents such as both certificates, passports etc… It would be a single sheet with the current key/passcode written - nothing else. This key/passcode needs to be updated when changed. If the password manager has 2FA, which many do, this also needs outlining and details stored separated.

It might sound hard, but once setup, it is easy to manage. The adage ‘keep it simple, stupid’ is critical. You also don’t need to store specifics of information stored online, as once an online account is accessed, it should become apparent very quickly what is stored there (e.g. photos stored in a cloud or movie licences bought on a video service). Storing more information also means more to be updated and greater likelihood of data not being updated.

Just an additional comment there … the deceased needs to identify to the executor

• the password to get in to the password manager, but also (first)
• the password(s) to get in to the computer that uses the password manager

unless the password manager is network-based i.e. allows access from any device that can produce the first-mentioned password. Personally I don’t trust network-based password managers, so for me it would be both.

Indeed. Weren’t computers supposed to make our lives easier?

I can see that your list is starting to reflect a complexity that I too would face were I to attempt to do the same thing (but fortunately I am not attempting it at the current time - left for another day).

Access to password manager is located with a paper copy of the current wills. will need a backup of this somewhere.

Of course[quote=“person, post:11, topic:29816, full:true”]

Just an additional comment there … the deceased needs to identify to the executor

• the password to get in to the password manager, but also (first)
• the password(s) to get in to the computer that uses the password manager

unless the password manager is network-based i.e. allows access from any device that can produce the first-mentioned password. Personally I don’t trust network-based password managers, so for me it would be both.

Indeed. Weren’t computers supposed to make our lives easier?

I can see that your list is starting to reflect a complexity that I too would face were I to attempt to do the same thing (but fortunately I am not attempting it at the current time - left for another day).
[/quote]

Access to password manager is located with a paper copy currently kept with my wills, birth certificate, passports and other important documents. I will need a backup of this somewhere else - maybe offsite. I’m using 1Password as my password manager.

This has all become very complex. I’m having visitors this weekend so I will give myself break for a few days.

Now you can see why I was asking if anyone had a template.
It is always difficult to start from scratch. Much easier to alter someone’s else file.

A generic analogy to managing complexity is to ask how best to eat an elephant? One piece at a time is a common response. Not at all might be a more modern response. Recognition eating elephants is inappropriate.

The second response suggests reassessing the problem such that it becomes something more manageable. Do I really need to eat an elephant? Can I get away with something smaller, IE making do with less?

The first response suggests breaking the task down into bite size pieces. One way might be to list the items or types of digital records/content in order of importance/criticality. Solve the problem or do the task for the top item/s on the list. Once that has been done work down the list one item or group at a time. The beauty of a spread sheet - effectively being used as a register is the ability to add new columns, headings etc even as data is added.

Thoughts:
Having been through the task with several estates, we reappraised what it is important to know. It’s less than we thought. We also asked our heirs about what they thought was important to pass on which was not a physical and valued asset. The response re most including our video library, digital photo collection and numerous other personal treasures might surprise some. I do wonder about the best procedure for closing down social media accounts and records EG FB accounts. That might make a topic all of its own.

FWIW A person who can and is willing to send FB specific documentary evidence they are authorised or close family, a copy of a death certificate and publication (notice, funeral, etc) can successfully shut down a ‘Meta’ account (FB, etc) or put it into ‘commemorative’ (locked) mode.

The location and file name on the PC as well.

There are reputable ones which Choice has reviewed in the past…

Good ones have extremely good encryption and 2FA. Any passwords stored digitally/locally should also have strong encryption and backed up somewhere. Password manager encryption is important for any device connected to the internet…and regular backing up is also important just in case of loss/corruption.

Only as complex as one wants to make it. That is why I suggested one system rather than trying to run two or more in parallel. It is important that

is followed.

Remember others need to work things out without possibly no knowledge of how it was setup or your own preferences…and you wont be therefore to help them.

I am currently going through this process for my brother in-law who has just passed away recently. Tracking down the extent of his digital footprint has been pretty tough as he had multiple email accounts, with multiple logins on the same sites.

It’s been nearly three weeks and we still haven’t got a death certificate, which means we can’t request formal access to anything. Having access to many of his account logins, passwords and 2FA devices has been critical to get intial access and start shutting things down and cancelling subscription services to avoid ongoing charges on his estate. It has also allowed us to change payment methods for critical services that we need to retain such as his mobile phone which is used for 2FA on most services (the bank immediately put a hold on his accounts when notified of his death which would have stopped his phone account).

He did write a lot of his logins and passwords down in a note book and kept most up to date, but there’s still quite a few that are missing. Also, with some services the account recovery / password reset can be impossible if they have an old phone or email address recorded and no longer have access to it.

The key information I’ve found essential to getting access to most things so you can reset passwords, find out user names, or even know what services they have been accessing and need to be closed/managed:

• Phone pin code - Most 2FA goes to the phone, whether it’s via SMS, an authenticator app, or authentication via the associated app (e.g. Google will open a prompt on the phone’s Google app to authorise a login)
• Apple ID/Google account password - If they have an iPhone you will need the Apple ID to do a lot of things such as start downloading any photos or other data from iCloud, cancel any Apple/iTunes subscriptions, and potentially even access their phone’s password manager, etc. Similarly if they have an Android based phone, their Google Account is essential, also if they’re using Chrome you will need it to get access to the password manager. A lot of people also use iCloud email or GMail as their primary email address, so they will be key to get access for 2FA. It also allows you to recover this infomation on another phone if your original phone happens to be destroyed.
• Microsoft Account - A lot of people use Outlook for email, and also services on their PCs.
• Computer login password and pin - Generally most people use biometric authentication to access their computers, but this is no longer available. Windows lets you set a pin, but certain actions can disable pin logins and you may need to resort to using their password. If they’re using a Chrome on their PC then it may have sychronised passwords and you can view their password manager list. The browser may also be remembered by a website and therefore allow you to bypass 2FA. There are ways to get into a PC without the password, but if they’re using drive encryption (e.g. bitlocker on a Windows PC) then you won’t be able to access it (which is the case for his main PC).
• Email Account login details - Essential as many services use 2FA via email. It will also let you see what regular subscriptions they may have so you can start cancelling them.
• Crypto currency seed phrases and passwords - Some crypto currencies allow wallets to be recovered provided you know the seed phrase. If you have a crypo wallet that’s stored on a device rather than in the cloud then ensure someone knows.
• Password manager password including valut key - He used Norton Password Manager and we can log into his Norton Account, but we don’t have the vault key/password so can’t actually access any of his passwords.
• Bitlocker recovery key - If you’ve encrypted your drive on a Windows PC then this helps gain access to the data on the drive if you can’t login.

Some services allow you to specify a legacy contact who can manage your accounts after your death. For example Facebook and Apple allow you to nominate legacy contacts, and it’s best to do that in advance. With Facebook you can also nominate whether your account is memorialised or deleted after your death so that it reflects your wishes. Note that legacy contacts won’t necessarily have full access to your information, such as your passwords and messages in the case of Apple.

Another thing people often don’t consider is services their kids may use. He has three young children and all of their online games and associated credits are linked through his email. Some of them we can’t get access to and change the email or mobile number so they are going to lose some of their games, credits and achievements. This is only adding to the distress of losing their father. I’d recommend creating separate Gmail/Outlook accounts for each child which you can transfer to them in the future at the appropriate age. That way all of their online footprint stays with them. A lot of them allow you to set-up parental controls as well.

If using a spreadsheet to record your passwords, make sure you select the option to encrypt the entire workbook with a password. If you just protect the individual sheet the information is still recorded unencrypted. Also make sure you keep copies in different locations (think of house buring down scenario and wiping out everything). The key information I’ve listed above should be in hardcopy with your will.

Finally if using an authenticator app for 2FA codes, make sure it is one that has a cloud backup so that you can transfer it across to a new phone if your old one is destroyed. A lot of services also let you generate 2FA backup codes incase you lose access to your devices. Do that and record them.

We were fortunate in that he knew what was coming and we had time to plan and prepare for his passing in advance, had his phone, and could ask him things. There were still things missed. It would be even more difficult and complex if he passed suddenly and his phone was destroyed.

An excellent, detailed summary of the substantial challenges that digital life imposes on top of the distress of someone’s dying - and hence of course the things that one can cover if attempting to plan for the handling of one’s digital estate prior to death.

However

Really? Do most people do that? I myself wouldn’t go anywhere near biometrics (for reasons unrelated to death).

Nevertheless it is a very timely reminder how bad it is to be using biometrics in the specific case that someone has died.

In other words, really, if you are in the process of “digital estate planning”, phase out biometrics if they are currently being used.

This probably should be added to the originally-linked @Choice article.

Maybe I should have rephased as many people. Most laptops now can use biometrics such fingerprint or facial recognition for access (the same as mobile phones), so many people do use it as their primary login method as it can be quite convenient. They often don’t remember their pin or password as they rarely need to use it.

Nevertheless it is a very timely reminder how bad it is to be using biometrics in the specific case that someone has died.

In other words, really, if you are in the process of “digital estate planning”, phase out biometrics if they are currently being used.

Provided there are alternative backup methods of verification, then biometrics aren’t an issue from that perspective. It would be a similar problem if someone’s face became disfigured or had a traumatic amputation of the registered finger, not just as a result of death. That’s probably the critical point - make sure there is a backup if biometrics fail, rather than phasing them out completely.

Not being familiar with iPhones it took me a while to realise how many times FaceID needed to fail before it would let you use a passcode.

One specific biometric issue I have encountered is his online crypto currency wallets. We’re trying to change the mobile number used for access and the services want a photo of the account holder holding up a government issued ID, together with a written note showing the date, mobile number, and asking the phone number to be changed. That isn’t going to happen.

I would be happy if @Choice waters it down to that. As long as there is some warning, some call to action.

The bottom line is that if you are bothering to do digital estate planning then you are certain that biometrics will fail for the scenario that you are planning for.