Announcing: Slashdot Deals - Explore geek apps, games, gadgets and more. (what is this?)

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Ask Slashdot: How To Bequeath Sensitive Information?

timothy posted about 7 months ago | from the and-to-my-terrrible-son-william dept.

Encryption 208

New submitter UrsaMajor987 (3604759) writes I recently retired after a long career in IT. I am not ready to kick the bucket quite yet, but having seen the difficulty created by people dying without a will and documenting what they have and where it is, I am busy doing just that. At the end of it all, I will have documentation on financial accounts, passwords, etc., which I will want to share with a few people who are pretty far away. I can always print a copy and have it delivered to them, but is there any way to share this sort of information electronically? There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data. Does anyone have any suggestions? Is paper still the most secure way to go?

Sorry! There are no comments related to the filter you selected.

The Giver (5, Funny)

Anonymous Coward | about 7 months ago | (#47274653)

Find a young child to give all your memories to. Hopefully he doesn't run away after learning the horrible secrets of the IT world.

Re:The Giver (3, Insightful)

cjestel (788399) | about 7 months ago | (#47275041)

Find a young child to give all your memories to. Hopefully he doesn't run away after learning the horrible secrets of the IT world.

long time since I read that book.

I use keepass to keep my passwords for various things encrypted on my systems. It works with windows, max, linux, android, and probably iphones. Then you just have one password to share and all of your information is unlocked. Send it to them in a secure fashion or come up with some sort of shared storage they can access (dropbox) so that you can update passwords as they need to change and then you can put your password for keepass in your will so they don't have access to anything until you die.

Re:The Giver (0)

Anonymous Coward | about 7 months ago | (#47275159)

Yeah, same here... keepass2 with the database shared in Google Drive shared with different members of my family, the secret keyfiles distributed via scp to just the devices that use it, and the passphrases stored on paper in a big heavy firesafe.

Re:The Giver (0)

Anonymous Coward | about 7 months ago | (#47275445)

So the people who know your secrets are you, your family members, Google, the NSA, and anyone else who runs to Google with a subpoena. Nice.

Put it on a disc (1)

techno-vampire (666512) | about 7 months ago | (#47274683)

Put all of your files on a CD/DVD and mail it to them, with an explanation of what the files are. That way, the data's off-line until they need it and safe unless somebody breaks in who knows what to look for. And, if your friend's good at hiding things, it may still be safe. (As an example, put the disc in a DVD or Blu-ray case behind another one with a movie on it.)

Re:Put it on a disc (2)

ed1023 (861273) | about 7 months ago | (#47274737)

Yes but with the problems of archived CD/DVDs falling to pieces/ not being readable after 10 years this is not the best idea.

Re:Put it on a disc (1)

techno-vampire (666512) | about 7 months ago | (#47275015)

It doesn't have to. Enough of the data will need occasional updating that you'll probably be sending a new copy every two or three years.

Re:Put it on a disc (0)

Anonymous Coward | about 7 months ago | (#47275447)

Right. Until he goes senile and stops updating it. This is a very bad idea.

Re:Put it on a disc (4, Funny)

Loether (769074) | about 7 months ago | (#47275423)

(As an example, put the disc in a DVD or Blu-ray case behind another one with a movie on it.)

It's funny, I do the exact opposite, I hide selected movies behind CD's labeled "Finance Data."

Time-tested (1)

Anonymous Coward | about 7 months ago | (#47274689)

Write a parable, and share it orally.

Encryption (0)

Anonymous Coward | about 7 months ago | (#47274699)

There is this thing called encryption...

Paper stored somewhere safe (0)

Anonymous Coward | about 7 months ago | (#47274701)

Even encrypted info isn't totally safe. From what I've been told, sensitive financial data like access codes, etc. should be stored somewhere disaster proof where your relatives know where to find it. You would think a safe deposit box might be the best way to go, but I've been advised not to do this. Apparently when the estate process begins, your associated safe deposit box access is frozen until the contents can be audited, before it's turned over to the executor. I guess this is a way to prevent people from stuffing $5M in cash in a bank vault somewhere.

A will naming a *competent* executor is apparently very important. You need to pick someone who can make tough financial decisions and carry out exactly what the will says if the rest of your family starts fighting over your money.

Paper, and physical equivalents (1)

Overzeetop (214511) | about 7 months ago | (#47274711)

A paper record is good. So is a plaintext file well organized and placed on a USB flash drive. Both can be mailed and locked in a safety deposit box, which is about as secure as you can get. Both require physical access, which means any other encryption or security is more likely to confound your subjects than actually secure your data.

Re:Paper, and physical equivalents (1)

almitydave (2452422) | about 7 months ago | (#47275115)

A paper record is good. So is a plaintext file well organized and placed on a USB flash drive. Both can be mailed and locked in a safety deposit box, which is about as secure as you can get. Both require physical access, which means any other encryption or security is more likely to confound your subjects than actually secure your data.

In addition, you could encrypt the plaintext file with a well-known algorithm (you can even specify which one and the parameters) using a very strong password contained in your will, to prevent unwanted disclosure.

You could then apply Base64 encoding to the encrypted plaintext file, and print the result in a large font to enable scanning and OCR to recreate the digital file and decrypt it. This should be reliable enough - I don't think any of these technologies are going to go away any time soon.

Lawyer (3, Insightful)

Neruocomp (513658) | about 7 months ago | (#47274725)

Isn't that what lawyers are for?

Re:Lawyer (2)

ColdWetDog (752185) | about 7 months ago | (#47275485)

That's right. Use a professional for a professional job. Create a relationship with a decent lawyer (maybe the one who draws up your will), pay them some nominal fee. Use the system the way it was designed.

If the world goes to hell in a handbasket such that the rule of law has gone by the wayside, you probably don't need all of those logins...

Why complicate things? (0)

Anonymous Coward | about 7 months ago | (#47274735)

Hire a professional to write your will (and create a trust, if desired), and leave a copy with him and take a copy home. Leave a copy of the other information with your designated executor, as well as a copy at home (and maybe another copy in a bank safety deposit box, although it may be difficult for others to access after your death/incapacitation).

Re:Why complicate things? (4, Informative)

Em Adespoton (792954) | about 7 months ago | (#47274963)

This is the way to do it -- I've added one more step. My safety deposit box also includes a master password and a 1TB encrypted USB backup drive. Since the professional who wrote my will also advised leaving a copy in the box and registering that this is where the "official" notarized original is located, my executor will, by local laws, just have to provide proof of death and the copy of the will indicating they are the executor to access my box. Having the key (which they likely would) would help too.

No paper! (0)

Anonymous Coward | about 7 months ago | (#47274741)

You can do your part to keep things secure. However, it is the recipient's responsibility to ensure that it is safe on their end.

Perhaps the one thing you can do is let your recipients know how important this stuff is to you, and likely for them. If the message comes across, they'll do their best to keep things secure.

I happen to be great at these things, so if you'd like, I'd be happy to tell your recipients!!

Possible... (5, Insightful)

retech (1228598) | about 7 months ago | (#47274755)

You could send them an encrypted file (#1) now with all the info you wish to share with them. Along with a password for a file that will arrive when you die. Then set up a service like deathswitch.com and have another encrypted file sent to them (#2). The password they already possess unlocks #2 and that contains the password(s) for #1.

Re:Possible... (1)

Anonymous Coward | about 7 months ago | (#47275093)


Re:Possible... (1)

dotancohen (1015143) | about 7 months ago | (#47275111)

Your sig is apt for the context.

Re:Possible... (1)

ZeroPly (881915) | about 7 months ago | (#47275237)

You're reinventing the wheel. Public key cryptography allows a key to be split up, so that you need a minimum of X out of Y pieces to recover the key. Split the key into 5 pieces where 3 are enough to unlock it, and hand it out to lawyer, friends, co-workers, etc.

Safety Deposit Box (3, Insightful)

Anonymous Coward | about 7 months ago | (#47274759)

you can do what my grandfather did

wrote up the entire list on paper form and electronic on a flash drive. He laced them in a safety deposit box and shared the key with his executor who in turn had a copy of his will.

When he did pass away it was a pretty smooth process getting all of the information needed to close accounts, collect on policies, etc. The only thing that had a hiccup was property in a state with different probate laws but that too worked itself out.

Re:Safety Deposit Box (4, Informative)

azadrozny (576352) | about 7 months ago | (#47275321)

Safe deposit boxes can get funny depending on state law. First don't ever put the will in the box. The executor will need that access the box later. Furthermore, it could take several day or weeks to get the authority to open the box after the person has died, so don't put anything in there that is time critical.

Updated info periodically (1)

dbarron (286) | about 7 months ago | (#47274765)

And...how are you going to handle updating information as you are forced to change your password for whatever reasons?

I don't have a good solution...I wish I did. There's no reason you can't change your email password today and die before you can document it (which if you're like most people might be a week later).

Re:Updated info periodically (0)

Anonymous Coward | about 7 months ago | (#47274945)

There's no reason you can't change your email password today and die before you can document it (which if you're like most people might be a week later).

You could solve that by having the next password documented.
Then once you change the password, you'd need to update the document: next password becomes current password, generate new next password.

Re:Updated info periodically (1)

fermion (181285) | about 7 months ago | (#47275065)

Here is how this was kind of handled in an automatic case with me. I knew the password to the computer where all the credentials were stored, and access to the file cabinet where all the paper stuff was. All the passwords and information was stored in one of those two places.

For an individual person that may not work, as there may be sensitive sensitive information that you don't want anyone to see. In that case consider a separate account on your computer with the information that everyone will need in an eventuality, and a separate account on your computer. where you can do stuff you don't want people to see.

Here is my take on this. There is a lot of stuff that I don't care if no one every gets to close it. Most of my online forum acounts like /.. I expect everything on my computer to go with me. Creating data sets that are going to expire in a few months seems a bit over the top to me. The solution to this problem is to think about what people need, and assume they are going to have physical access to your stuff when you are no longer here.

stone tablets (2)

ThatsDrDangerToYou (3480047) | about 7 months ago | (#47274773)

.. worked for me.

Analog degrades gracefully (1)

Gothmolly (148874) | about 7 months ago | (#47274777)

Ink may fade, paper may yellow, but should still be readable. Put it on a CD or USB drive, flip 1 bit, and you lose everything.

Re:Analog degrades gracefully (1)

RabidReindeer (2625839) | about 7 months ago | (#47274977)

Ink may fade, paper may yellow, but should still be readable. Put it on a CD or USB drive, flip 1 bit, and you lose everything.

This is this concept known as Error Checking and Correcting code. The ECC encoding on disks can easily repair all single-bit errors and many multi-bit errors.

ECC will not guarantee that if you make regular replications of your data that nothing will get lost. But it will make it mathematically very difficult for the copy process to introduce undetected errors. And if you catch the errors early enough, you should be better able to pull out a spare copy and repair the data manually before it propagates and expands.

I'm for stone tablets myself. Problem is, paper or stone, it takes an awful lot of space to store a Terabyte's worth of data. And few of the ancients thought to add ECC to their writings.

Re:Analog degrades gracefully (1)

Kaenneth (82978) | about 7 months ago | (#47275083)

Each letter in an english word only stores one bit worth of data on average.

see: http://www.maximumcompression.... [maximumcompression.com]

And moist anjone can eaiily correc simxle errors automaxically while reeding in there heads.

I'm sure mistakes were made while carving stone tablets, and they just said 'Fuck it, it's fine.'

I was at a Pho shop the other day, with etched glass windows reading 'NODDLE SOUP' (in Comic Sans...)

Re:Analog degrades gracefully (1)

Jody Bruchon (3404363) | about 7 months ago | (#47275347)

"Moist anjone" accurately describes my emotions right now.

why doesn't blueray have better ECC (1)

Wycliffe (116160) | about 7 months ago | (#47275129)

I've never understood why blueray didn't fix this. Blueray has plenty of space now. Screw higher definition, I want
a disk that I can scratch 12 times with a razor blade and still get my data off. My guess is the only reason they
haven't done this is because they want the disk to only last a half dozen times before starting to degrade so you
have to buy the movie again.

Re:why doesn't blueray have better ECC (0)

Anonymous Coward | about 7 months ago | (#47275385)

You can implement this yourself, dipshit. Start reading.

Document escrow is not new. (3, Informative)

Anonymous Coward | about 7 months ago | (#47274793)

Put the passwords, etc on a piece of paper. Put that paper in a large envelope. Give that envelope to a firm that does document escrow (many law firms will do this) with instructions on who should be given a copy after your death. Let your friends and relatives know who has your escrowed docs. They provide proof of your death, and everyone gets a copy.

Why exactly are we reinventing the wheel here? This is old hat stuff. You don't need to trust anyone not to open their present early. Firms that do document escrow have better theft prevention techniques than anything you're likely to cobble together.

If you want to go super fancy, use USB keys encrypted with a pre-shared password instead of paper. Then you don't really have to trust the escrow folks.

Re:Document escrow is not new. (1)

mlts (1038732) | about 7 months ago | (#47275009)

I do a similar version of this. I have a few document escrow services and a couple friends that have pieces of my master keys. It is a system that requires "x out of y" pieces to re-assemble the keys, so if one person is out, the key can still be recovered.

I have a couple symmetric keys and a private key. That way, if RSA or ECC get broken, the core data is still protected until all the escrow places plop down their segment of the keys.

To be safe, the key part and the SSSS (Shamir's Secret Sharing Scheme) utility is not just stored on an archival grade DVD and a USB flash drive, but also UUencoded and printed out (with a QuickPAR recovery record just in case.)

Re:Document escrow is not new. (1)

sexconker (1179573) | about 7 months ago | (#47275045)

Why exactly are we reinventing the wheel here? This is old hat stuff.

Because self-important nerdulons think they're special or that things being done on computers or online somehow constitutes a separate reality.

Re:Document escrow is not new. (1)

bobbied (2522392) | about 7 months ago | (#47275193)

How about you just give the document escrow folks a one time use pad cypher and simply keep your "secure" documents encrypted using that pad. You can then "update" everybody electronically with an encrypted document that they cannot decrypt until they can obtain the one time pad from escrow.

While you are alive, you need to protect your copy of the pad, but its not hard to invent some classy way to do that given that the pad has absolutely no useful information in it...Like using a your favorite MP3 or something...

yes (1)

Charliemopps (1157495) | about 7 months ago | (#47274805)

Is paper still the most secure way to go?


Specifically, paper, in a safe deposit box, and the key with a lawyer.

Re:yes (0)

Anonymous Coward | about 7 months ago | (#47274973)

You mean like a will?

90 Days (0)

Anonymous Coward | about 7 months ago | (#47274807)

Won't all of your password information be obsolete after you change all of your passwords in 90 days?

Yes, Paper (0)

Anonymous Coward | about 7 months ago | (#47274819)

I have tried to get my wife to use my Keepass database; she won't do it. She wants it all on a piece of paper. Most other people will too.

Re:Yes, Paper (1)

TheCarp (96830) | about 7 months ago | (#47275277)

I tried to get my wife to use keepass too, she did do it.....changed all her passwords then.... forgot to save the file and her computer rebooted with windows updates. She called me at work rather upset and spent the rest of the day resetting her passwords.

5 years later I am just now getting her warmed up to trying again.

You can always read paper (0)

Anonymous Coward | about 7 months ago | (#47274821)

You can always read paper

Print account information, passwords, secret question/answers and seal in an envelope. Keep copy with will in fire safe. Send copy to relative

Skip technology (1)

netsavior (627338) | about 7 months ago | (#47274823)

Use Acid-free paper and just print it out. If you want to be more clandestine and secure, then print out the information about the accounts and the credentials in two separate places. Like for instance:
Fed-ex the unlabeled passwords
USPS the un-passworded accounts list

The truth is, if you put it on a thumb drive, it might fail. If you put it on a CD it might fail (or 3 years from now, your grandma's iBookPro won't be able to read a CD).

As humans, we read paper documents that were created 100 years ago. It is a reliable data mechanism that is predictable and will out-live you for sure.

Plus it doesn't require that your executor be a cryptography nerd in order to make sure your wishes are followed.

Paper, lock, and key (1)

ZahrGnosis (66741) | about 7 months ago | (#47274825)

Write down everything in paper, then lock it away in a fireproof box or a safety deposit box (or both).

I'm a fan of the phrase "we know how to secure a piece of paper". Not the sticky note taped to your desk that anyone can read and put back without your knowledge, but something really secure. You will know if your lock box has been stolen or broken in to; I would have no idea if someone broke into my e-mail or stole a file off of my computer or backup due to some weird exploit. If you want off-site safety, a deposit box is about as good as it gets with some assurance that no-one will go peeking. Let your close relatives and friends know where everything is so that when it is needed they can get to it, but they don't need access in the mean time if you have things you don't want them to know (or, you can give a copy of the key to someone if you want to... you have options, but you're still relatively safe in who accesses what).

Re:Paper, lock, and key (0)

Anonymous Coward | about 7 months ago | (#47274999)

You will know if your lock box has been stolen or broken in to;

Except by the Feds. And they'll forbid the bank from letting you know.

Do this (My solution) (3, Interesting)

cbelt3 (741637) | about 7 months ago | (#47274833)

I keep an encrypted online database of my passwords. Sort of. I use a 'modular' password. One word is different, the other is always the same. So in my will I have the same word (and it's l33t combinations) written down, along with the address of the database. So anyone dealing after my death will know ALL my codes. My wife of 30+ years also keeps a copy of it, and knows the super secret codes.

I started this after being in a coma, and my wife having to deal with my PDA bleeping about meetings to her until the battery died. Which made her cry even more.

Its *all* at risk (1)

nurb432 (527695) | about 7 months ago | (#47274835)

Once it hits the other side..

Ask a Lawyer (4, Insightful)

Rob the Bold (788862) | about 7 months ago | (#47274839)

Even though the "ask a lawyer, not Slashdot" answer gets trotted out all the time, I think it's appropriate here. Lawyers do this sort of thing for a living. Probably cheaper in the long run to ask one.

Re:Ask a Lawyer (1)

azadrozny (576352) | about 7 months ago | (#47275373)

Second this. There are a lot of state and federal laws to navigate here. It may not be necessary or appropriate for someone to use your passwords to access your financial information. You could land yourself in a heap of trouble if you access someones account after they die, even if you are entitled to the money.

Lastpass (1)

Allasard (565291) | about 7 months ago | (#47274841)

http://lastpass.com/ [lastpass.com]

Put it in secure notes. Give them all the login/password.

If they test it regularly, then have a locally cached copy if Lastpass goes belly up, which can be opened with Lastpass Pocket or whatever it's called now.

Safety Deposit Box (2)

richtopia (924742) | about 7 months ago | (#47274843)

You still control it, yet it is remote and will be properly searched when you die. You can put a usb key in or some paper documents with the relevant information.

Re:Safety Deposit Box (2)

selectspec (74651) | about 7 months ago | (#47275007)

This is by far the best approach out of all of the recommendations. Obviously, sending paper documents (or USB drives) via overnight delivery is relatively immune to intercept, but what if you relatives leave the documents out in an unsafe area? The best place is a safe deposit box, along with any portable valuables (nice watch, jewelry, etc). You can arrange in your will to have your estate trustee then disseminate the contents.

Re:Safety Deposit Box (0)

Anonymous Coward | about 7 months ago | (#47275389)

Just be sure that the will is not in the box. Without the will you cannot prove you are entitled to open the box.

How long? (1)

jchoyt (729301) | about 7 months ago | (#47274845)

How long do you expect this to last before it's needed? DVDs and USB drives are common, but I see DVDs heading out at this point. Paper has the advantage that in 40 years it'll still be readable. Of course if your passwords change you'll have to update this information anyway. Assuming you update passwords occasionally because of a) good practice or b) some company gets hacked, I'd send it electronically and encrypted, so the person needs to actually enter a password to get to the data. Unless the recipient gets a keylogger installed, you should be safe. A text file encrypted with pgp is good for the knowledgeable recipient. For someone less savvy, I'd send them an encrypted tiddlywiki [tiddlywiki.com] . Obviously give them the password over the phone, in person, or via snail mail.

I go old school (1)

the_skywise (189793) | about 7 months ago | (#47274853)

All of my financial info is with Quicken on my PC. Everything else related to teh intertube world is recorded on a textfile on my PC with the passwords being represented as a cypher. The cypher is a one or two word comment relating to the password phrase I use (which I, in turn, munge to be first letter of each word or some other pattern, yadda) I've got the username/password cypherlist stored on my smartphone as well (Because I can't keep up anymore) and the cypher key is kept only as a hardcopy along with a hard copy of the textfile stored in a fireproof lockbox in my home. (The textfile points out the key is in the lockbox too).

I should probably just put the cypher key list in a separate lockbox (without any other username/account info) and geocache it to make it more fun for my heirs...

Re:I go old school (1)

RabidReindeer (2625839) | about 7 months ago | (#47275047)

You're in trouble, then. Quicken's file format is proprietary and unpublished. Your financial data is only as retrievable as Intuit allows it to be.

Assuming Intuit is still around when your heirs need it and not gone the way of Ashton-Tate or other software institutions of yore.

But, hey, what are your heirs going to do with your financial data anyway? Use it to settle your estate?

Re:I go old school (1)

Rob the Bold (788862) | about 7 months ago | (#47275253)

But, hey, what are your heirs going to do with your financial data anyway? Use it to settle your estate?

A surviving spouse might still want to pay the bills and track the investments.

Re:I go old school (1)

Oligonicella (659917) | about 7 months ago | (#47275357)

If a surviving spouse needs that to know what the bills are, they haven't been very intelligent about things in the first place. Same for investments. For that matter, same for passwords.

Re:I go old school (1)

alexander_686 (957440) | about 7 months ago | (#47275399)

I would tend to doubt that.

Quicken, and things like this, are good at handling internal flow data. How much am I spending on overpriced coffee drinks? What is my internal rate of return on investments? Etc. This data is most helpful for a continuous, ongoing business. The wife continues to run the personal finances; the business partner continues to run the business. However, this kind of implies that these people had access, and were using, Quicken prior to the death. So no change there.

On the other hand, I feel that the situation we are talking about represent "breaks" instead of "continuous" business. A new person enters the picture and inherits the assets. Normally they don't care what the deceased spent on coffee or what their old investments returns were. They might need prior knowledge of what is going on, but the normal course of action is for the new person to load the inhered data into their own accounting systems.

"long career in IT" (0)

Anonymous Coward | about 7 months ago | (#47274879)

Yet you ask if there is any way to share this electronically? If I didn't know better this smells like yet another made-up headline filler by Timothy without much thought put into it.

Re:"long career in IT" (1)

JazzLad (935151) | about 7 months ago | (#47275087)

I call BS on the whole thing, "long career in IT" =/= UID over 3.5M

Re:"long career in IT" (1)

alen (225700) | about 7 months ago | (#47275309)

long career of inserting punch cards into computers

Throw it out (0)

Anonymous Coward | about 7 months ago | (#47274891)

I know you spent a lot of time on it and have a lot of great memories but nobody wants your porn stash.

Bare-bones, secure laptop (1)

da6s (2935785) | about 7 months ago | (#47274897)

Invest in a durable, compact laptop preloaded with Linux and only the necessary software to view the data. This should be fairly cheap because you won't need a WiFi card or ethernet port, nor a high-end graphics card. The bulk of the cost should be spent on a reliable hard drive. Once you have everything documented, encrypt the drive and stick it in a safe-deposit box next to your will. This way the data never has to be transported anywhere.

Shamir's Secret Sharing and Encryption. (2)

grnbrg (140964) | about 7 months ago | (#47274899)

Pick a nice, long, secure passphrase. Use it to secure a GPG keypair. Back up this keypair in multiple locations, and with multiple people who know "This is the key that encrypts all of my digital stuff. My family will need it when I die.".

Use that keypair to encrypt all of your important passwords and data. Back up the encrypted files in multiple locations. Make sure your family knows where these locations are, and why thy and the files they contain are important.

Download a copy of http://passguardian.com/ [passguardian.com] . Load the saved copy (preferably in an offline PC) in a browser, and use it to convert your passphrase into several N of M parts. ie: Create 10 parts, and require at least 6 to reconstruct the passphrase.

Use something like http://goqr.me/ [goqr.me] (or any other generator) to create QR codes for the 10 secret shares. Laser print the text share, QR code and some instructions onto a business card sized piece of paper, and have them laminated.

You now have 10 waterproof, hard to damage cards, any 6 of which will unlock your digital data. Distribute them to trusted parties and locations with instructions to use the shares once they hear and confirm your death. These parties don't have to be literate enough to merge and decrypt the data themselves, they just need to know that it is possible with their share. On your death, they will arrange to bring the shares and data together, and even if they have to hire a nerd to help them, they will unlock what they need.

Re:Shamir's Secret Sharing and Encryption. (1)

Mike Van Pelt (32582) | about 7 months ago | (#47275493)

This. I've idly thought about this every now and then, and passguardian.com is exactly the tool I was thinking of.

In my case, what I'll be distriubting is parts of my LastPass login and password, with the actual data stored there.

Print it to microfilm... (1)

Narcocide (102829) | about 7 months ago | (#47274901)

... then roll it up, stick it in a tiny airtight canister and cram it faaar up your ass.

Weird questions... (2)

carlhaagen (1021273) | about 7 months ago | (#47274903)

You state that you have a long career in IT, and at the same time you ask how to electronically hand over information generated within IT. Among those things, you even claim that you have passwords, meaning that they have been stored insecurly. This has "IT Janitor" written all over it, or possibly a concocted story.

Re:Weird questions... (2)

UrsaMajor987 (3604759) | about 7 months ago | (#47275479)

Nope, not a concocted story. A long career in IT; the last 19 years with a major international bank that took great pains to secure sensitive data both within the data center and in transit between data centers. The problem I am trying to solve is different. With the bank, we were sending sensitive data from one secured facility to another; what I need to do is send sensitive data from my (reasonably secure) home system to a location where I can not be sure of the security. How do I keep sensitive data secure in a remote location that is not necessarily well protected? At first I thought it would be easy; just use a password protected zip file and put it on DVD or USB. Send the media and password through different channels. But then I thought, what if someone gets curious and unzips onto their hard disk and leaves the files unprotected? The more I thought about all the possible scenarios for compromise, I realized plain old paper was the best solution. I was hoping there was some way of doing it electronically since there will be updates in the future but I could not think of any safe way of doing it via computer. The best solution suggested so far is to print everything out on paper and keep in a safe deposit box in the local bank. I can send the branch location and deposit box number to the siblings and since the paper is kept locally, updates should require nothing more than a trip to the bank. Kind of ironic that after all those years in IT and worrying about securing systems and data; I am reduced to using paper. Maybe I will seal the documents with wax and a ring :-)

crypto! (0)

Anonymous Coward | about 7 months ago | (#47274907)

Archive and encrypt using a symmetric algorithm and a suitable passphrase. Take the passphrase and run it through a threshold system, also known as information dispersal algorithm, secret sharing, whatever. With this you can split the passphrase into five shares that require any three to reconstruct it. Then give the archive and a share of the passphrase to five trusted folks (friends, relatives, lawyers, whatever) with instructions not to give out the share until you are dead. Presto, as long as you trust three of the five folks to keep their shares a secret nobody can get your stuff.

Encryption! (1)

Mini-Geek (915324) | about 7 months ago | (#47274923)

Encrypt the file with a secure password or key, maybe using AESCrypt [aescrypt.com] . Email the encrypted file to the relevant parties. Put the password to the file in your will (keep it under appropriate trusted guard, to be released only on your death). As long as the will and the encrypted file are kept apart until after your death, the file will remain secure until then. You can also modify the encrypted file as things change, encrypt with the same password, and resend the file.

There's still the possibility that their computer is compromised after you die and they decrypt the file. They could reduce this risk by opening it only on a known-secure system (e.g. an Ubuntu LiveCD boot), if it really matters. In any case, this greatly reduces the security exposure by not have this file sitting around for years for anyone to read.

gnupg (0)

Anonymous Coward | about 7 months ago | (#47274927)

In this way only the people for which you have signed the "document", for instance a archived/compressed file, can un-encrypted it using their private keys; it could not be simpler. Mind you however no matter how secure is the transmission of this data and its subsequent un-encryption it does not guarantee the parties you'll share your data with will not leave the un-encrypted document(s) in a non-secure system but i guess that is not what you have asked.

Yes, paper. (1)

ShaunC (203807) | about 7 months ago | (#47274935)

Forget doing it digital. Your beneficiaries may have no idea how to decrypt something, or how to access whatever's become of some dead man's switch. Really, if I got hit by a bus tomorrow, even if I had things stored in quadruplicate across various flash drives, I'm not so confident anyone would know what to do with them.

Type the important stuff up, and seal it in an envelope (or several, if you're dividing things up amongst likely heirs). Present those things to an attorney and have him draw up a will. The attorney will retain those envelopes and ensure that things are done properly once you're gone. If your very important passwords change, revise the documents and stop by the lawyer's office with new copies in new envelopes. They might not even charge you anything for that.

I know we generally hate lawyers here, but this is one really worthy function that many of them can perform, and the courts know full well how to deal with written and physically signed documents. In the event that you outlive your lawyer, his or her office will retain custody of your will and your envelopes, or you can find a different lawyer.

Really? (0)

Anonymous Coward | about 7 months ago | (#47274937)

After being in IT for a "long career" you can't figure out how to encrypt a file and email it to people or better yet use a shared cloud storage that you can put your heavy encrypted file on that you can easily update at your own whim and they all get that copy instantly.

If you do not want them to have the decryption key, put that tidbit in your will to be handed out at the reading.

Where did you work in IT, Best Buy?

I got it (2)

necro81 (917438) | about 7 months ago | (#47274941)

Take pictures of all the documents and send them via snapchat. Isn't this the kind of application it was made for (restrictred permission viewing)? It's, like, toooootally secure.

ive used a time tested solution. (1)

nimbius (983462) | about 7 months ago | (#47274947)

Many of the 'knowledge share' sessions ive taken part in have requested my notes and musings on the technologies ive handled. Cryptography is the most logical means of securing this data as we all know, but the method by which one achieves this should be carefully followed.

1. Choose a cypher whos strength is measured in the number of heat deaths of a cruel gods distant universe. Many will suggest a 256 bit cypher, but dont let that stop you from pursuing the correct size, a 256 megabyte cypher.

2. passwords for archives and files should be sized accordingly as the md5 sum of the number of office parking spaces multiplied by the number of empty toilet paper rolls in the nearest bathroom to the largest conference room. the password must only contain characters whos hexadecimal value falls between the number of chairs warmed by the morning sun in the main lobby, and the number of lights in the break room that flicker when first turned on.

3. You can never be too careful with USB drives. potting has long been a method of deterrence for unauthorized reverse engineering, but many dont know that a far more economical means of securing your USB data is to plunge it into an identical reproduction of a fifteenth century hessian crucible on the first blood moon of Rajab, the holy month of Allah.

4. your paper trail should be auditable, and the business should know to whom you've shared information in order to determine future knowledge owners and process managers of your data. a CMS like system (similar to sharepoint) can easily be constructed by liberally dredging your paper documents and binders in a mixture of polychlorinated dibenzodioxins and low-yield fissile byproducts. the checked out or viewed copies will then be easy to track using simple FEMA disaster response processes.

and congratulations on your retirement! give yourself a pat on the back because you deserve it. I hope my tips help you achieve a smooth and manageable transition.


Few options (1)

tyggna (1405643) | about 7 months ago | (#47274965)

So, what I would do is pick a few passphrases that are long and cryptographically secure. Print these out and store them in a safety deposit box, bequeathing said box to whomever you want to give this information to.

From there, the linux command-line utility gpg will work nicely.

gpg -c filename

Will prompt for a passphrase twice (use one on your sheet), and output "filename.gpg" leaving filename still in tact.

From there, you can do whatever you want with the encrypted file--store it on a USB and put it in the safety deposit, email it, whatever. No one will be able to do anything with it until they have the passphrase.

The other way I'd do that, which is more of the day-to-day stuff, is create two bitmessage accounts and just send it via that.

PGP encrypted email is also a good way to go, so long as the recipient has their private key properly protected.

Re:Few options (1)

Overzeetop (214511) | about 7 months ago | (#47275137)

Simpler version: put the data in the safety deposit box.

No need for linux, or command lines, or encryption, or anything else. The only advantage to the encrypted file is that you don't have to get off your ass to make changes (i.e. put the updated data in the SDB).

Because, let's face it, as soon as the SDB is compromised, your entire security system is compromised. It's just a matter of time and computational effort at that point. And the risk is that the person who needs the information will not be able to access your information due to an error, or simple inability to work the technology. Anyone who is "after" your precious data will have the wherewithal to decode your stuff, but Aunt Matilda or cousin Jeb may end up just stuck.

private key? (0)

Anonymous Coward | about 7 months ago | (#47274967)

why not send them just the private key for something that you keep in your possession? it sounds backwards, but you can change the contents anytime, and they can't access it until the file is taken from your cold, dead hands.

also, make sure no one steals the file. ; )


Anonymous Coward | about 7 months ago | (#47274975)

Unbelievable, and when you click "goto classic" you go to the homepage instead of the story link you clicked.
Dice has a total disrespect to their users, fire everyone who is in charge of this mess.

The old fashioned way (1)

jeffmeden (135043) | about 7 months ago | (#47275011)

You will die exactly once (barring a zombie apocalypse, in the event of which I am going to disavow any credit for this post) so why reinvent the wheel if it's only going to get one turn anyway? Hire a reputable family lawyer, set up a will detailing your important documents (and whatever else you are giving away), name an executor, choose a safe place (in meatspace) for the documents to live in the meantime, and then enjoy your retirement.

You have no control (1)

DerekLyons (302214) | about 7 months ago | (#47275031)

There are lots of things to secure transmission of data, but once it arrives on the recipients' desktop, you run the risk of their system being compromised and exposing the data. Does anyone have any suggestions? Is paper still the most secure way to go?

You have no control of what happens once the data leaves your control - whether the data is held and transmitted electronically or held and transmitted physically.

That being said, though IANAL*, it seems that it's your executor who needs the data rather than people "pretty far away".

* And really, when it comes to drawing up a will, there should be one involved. It'll save everyone involved a whole ton grief in the long run if you set things up right in the first place.

Would be honored to serve your needs (0)

Anonymous Coward | about 7 months ago | (#47275043)

Dearest Sir:
My name is William Saweto and I represent the First Security Bank of Nigeria. My employer and I would be honored to handle your business. We guarantee secure handling of private data in our protected cloud environment. I would be honored to discuss this matter further with you. Please feel free to contact me at any time at nota419@gmail.com.
Yours truly,
William Saweto, MBA, MSc, PhDBanking, KoC Fellow

encrypted file on flash drive (0)

Anonymous Coward | about 7 months ago | (#47275081)

I carry my financial information and rarely used passwords on a file on a USB flash drive. I then use Winzip to encrypt it.

Get over yourself (0)

Anonymous Coward | about 7 months ago | (#47275091)

You had a career in IT, not international espionage. You're also not a billionaire. Get over yourself and talk to a probate attorney.

not binary (1)

Tom (822) | about 7 months ago | (#47275121)

1: Talk to a notary.

2: Digital methods can and will fail. Either on your end or because the recipient doesn't know how to use them properly.

Talk to a notary. These people have been handing over sensitive information about bank accounts, secret swiss safe deposit boxes and other stuff from one generation to the next for centuries, and you have a human who can work around any failures.

Sure, you can find 10 possible digital solutions on the pages of Applied Cryptography, but... goto 2

throw new Exception("you failed to follow the goto");

Fidsafe (1)

aprentic (1832) | about 7 months ago | (#47275127)

One of our clients does exactly this.

https://www.fidsafe.com/ [fidsafe.com]

Arrrr matey (1)

bukowski90210 (252368) | about 7 months ago | (#47275157)

Have we not learned anything from Sid Meier? Bury it on a deserted Caribbean island, draw a crude map with a red 'x' marking the approximate spot where your treasure is buried, then go to some bar on some other island and get really drunk and leave the map there with the bartender. Yarr..petarrr!!

You don't need a tech solution (1)

BrodyVess (455213) | about 7 months ago | (#47275199)

You need a *legal* solution. This is something you should be talking to a layer about, and not /.

You need a 3rd Party (0)

Anonymous Coward | about 7 months ago | (#47275257)

The proper way to do this is to hire a law firm to handle your estate and they hold the intellectual property until your passing at which time they seek out and deliver the goods. You can create a rather long list of succession this way, and ensure that no matter who else passes your data is relatively secure. (Imagine a scenario where you transferred the information on to someone, who then passed away and the information was handed to his/her next of kin before your passing, someone who may not know you or have the same intentions)

This is what lawyers are for (0)

Anonymous Coward | about 7 months ago | (#47275261)

No need to reinvent the wheel. Spend a small amount of money and consult a competent lawyer.

They do this for a living and unlike you (and everybody else who isn't an actual legal professional) they understand the ins and outs of the law. This can matter a hell of a lot when dealing with stuff like wills and estates.

It's already done for you... (1)

Jawnn (445279) | about 7 months ago | (#47275283)

If you "memories" have ever traversed a public network. Your tax dollars at work.

First of all (1)

WormholeFiend (674934) | about 7 months ago | (#47275297)

Solve the problem of motivating someone to do your will after you're dead.

Just Don't (1)

0xG (712423) | about 7 months ago | (#47275319)

but is there any way to share this sort of information electronically

Write it by hand.
Photocopy it on an analog copier, or if you can't find one, use carbon paper.
Send it by post.

Safer than any encrypted email.

Discrete hardware (1)

spire3661 (1038968) | about 7 months ago | (#47275351)

I jsut picked up a HP 7", 16 GB jelly bean android tablet WITH 4G radio and SIM for $120. Intel NUCS are $200 with RAM and the OS on flash. Raspberry PI, BeagleBones, Intel Gallileo, Arduinos equipped with SD slots. Put your data on discrete hardware, and have at it.

Probate. (1)

Vellmont (569020) | about 7 months ago | (#47275391)

The MOST important part is documenting where your assets are, and account numbers. After you die, your assets go into probate, and aren't just simply accessible via logging into your bank. So the username and password isn't really as important as you think it is.

Seriously, talk with a lawyer who's familiar with inheiritance in your state. Obviously documenting where all your assets are is very important, but don't just assume your loved ones are going to login to your account and transfer money out of it a few weeks after you're dead. That stuff gets locked into probate as soon as the financial institutions hear you're dead (with a few exclusions of course).

Another silly headline... (0)

Anonymous Coward | about 7 months ago | (#47275501)

No one has property rights in information ... and that means information cannot be "bequeathed"!

It can be TRANSFERRED upon your DEATH. Put it in the hands of someone you trust, who will see the foot-shaped dent in your bucket.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?