After your death, you want to make sure that a special someone gets a vital piece of information (like the password to your bank account), but:
You don't want anyone else to be able to get that information as long as you live.
You only want a particular person to get that information.
How would you do it?
A little more than a year ago, I was in a situation where I feared for my life. I gave this some thought and here's what I did.
I made a video recording containing everything I wanted people to know after I die, then I stored the video in a TrueCrypt volume and gave two copies to my two most trusted friends, and the password to my father and my then-girlfriend.
I told my dad and my then-girlfriend not to share the password with anybody, and told my trusted friends to share the file only with my dad and my then-girlfriend, and only after I die or after I'm reasonably believed to be dead (due to the nature of the danger, a sudden disappearance was a likely possibility).
The effectiveness of this arrangement comes from my trust in those people, a trust that has been built over many years. I've chosen this arrangement because I couldn't trust a purely automated solution. For example, I set up a Dead Man's Switch message that contained trivial to low-profile information, but at the time, there was a possibility that I'd disappear for weeks or months after which I could still be alive. In that period The Switch would have been activated.
Another solution is to hire a lawyer, draft your will, give him the password, and instruct him to share it only in the case of your death. This way, your password is safe by the power of the law (your lawyer can't breach the confidentiality, and even if he did, the files are with other people). Your lawyer has no access to the information, and your loved ones will get the password after your death.
Google has set up a service called "Inactive Account Manager" which lets you specify certain trusted people who will get access to your account if it is inactive for a certain amount of time (for example, if you are dead). The inactivity period can be set anywhere from 3-18 months. See a screenshot below.
My friend uses PGP cryptography, so he encrypted the message he wanted trusted people to receive with their public keys. This guaranteed that only they will be able to read it.
To prevent them from accessing the data right away he also encrypted the message with a symmetric cypher and put the password in a dead man's switch service that will email it to them in case he disappears.
This can be improved by giving the password to the symmetric cypher to a lawyer instead of a dead man's switch online service, as Adnan describes. Due to use of PGP keys only the intended recipients will be able to decrypt the message, and only after they receive the (meaningless by itself) password from the lawyer.
If I die first, then my most loved one will be in great emotional pain. Under these circumstances, I would not want her to have to go through many complicated decryption steps -- while full of emotions -- to get my message from the grave. And I wouldn't want to inflict a video on her in that situation ... it would be too life-like and strong.
For me, it's the good old lawyer's will printed out on paper. Paper lasts for a long time. And hopefully the lawyer will read it in a tactful and helpful manner.
The only thing 'digital' I'd add to the will would be the master password for a backup copy of my password manager file; just in case.
The way I see it,
Granted the bank/lawyers office could theoretically attempt a bruteforce in the intermediary time. A sufficiently long and random (to avoid any dictionary attacks) password would easily thwart any attack for sufficiently long for you to die and the recipients to get the password anyway.
This might be an interesting way to bequeath a bitcoin wallet or similar
Only the Right Lawyer Will Do the Trick
Adnan makes one particularly excellent suggestion – hire a lawyer to make sure somebody legally obligated to do so will share your pre-selected information with the right people at the right time without letting the wrong people see it. This is where the trusted human being comes into play.
So hire a trusted lawyer and I'll be fine? Well, it’s not quite that easy. Speaking of wrong people, there are scads of lawyers who wouldn't be any more capable of addressing this situation than they would defeating Sinestra in the Bastion of Twilight on Heroic Difficulty in World of Warcraft. In other words, if their only advice is that you keep a paper list someplace safe, their advice is only slightly better than ignoring your digital assets entirely. You'll run the risk of hiding a paper list someplace so secure that it won't be found by estate representatives, or someplace so accessible that it's easily pilfered. And if they suggest you store something like this in a safe deposit box or lawyer vault, not only is it inconvenient for you, but I'll bet dollars to donuts your list will out-of-date before you know it. (Sorry petiepoo!)
Fortunately, the digital revolution that got us into this mess now provides a wealth of convenient and secure solutions to get us out of it. Get yourself three important people in combination: a super-techie lawyer, a techie-client (you) and a techie-estate representative (person who does stuff on your behalf once you’re dead). The three of you can explore password safes like LastPass, 1Password, or Keepass. These use a single, master password to manage a database of usernames and passwords that is encrypted. On the downside, these programs not only require technical proficiency for all parties involved, but they grant all-or-nothing access to online accounts so you can’t pick and choose who gets what.
Less technological, LegacyLocker is a direct-to-consumer product that gives users the ability to selectively pass-on online asset information. It only deals with online assets and isn't designed to integrate with a law practice, but they are trying to break into the world of estate lawyers to get them to suggest their product as a solution to these challenges. The solution is a bit simple but it's better than nothing.
Estate Map is a highly secure solution that allows password management like Legacy Locker along with the ability to selectively pass-on gobs of other important estate information (from funeral plans to Facebook to where you've kept the key to the riding lawnmower). Estate lawyers offer this service to their clients as part of the process of getting a will done (and if they don't already, the product website lets them sign up for free). The real safety net with Estate Map is that requires your attorney to confirm your death (or disability) before information gets shared. And even then each piece of information only gets shared with the person you identified (so I can leave an online porn account to my brother – if I had such a thing – but everything else to my wife and kids). Finally, the lawyer will probably add enabling language to your will and power of attorney to make it clear you intend to share your information.
As davidwebster48 alludes, online businesses will likely continue coming up with easier solutions like Google's inactive account manager (though that only deals with Google accounts). But for the time being, the safest and surest way to accomplish your goal is to hire a savvy lawyer with the right tools at her or his disposal. Good luck!
I'd suggest using a safe deposit box. There are clear guidelines of who can enter your safe deposit box upon your death and what can be removed under specific conditions.
Take an index card, write down a long random password along with instructions on how to use it, all on one side, fold it in half, hiding the password, then write the intended recipient's name and any privacy warnings on the outside, and finally run the folded card through a laminator.
Write a will specifying who your executor should be (they will have access to your safe deposit box by court order), and specify in your will how the password cards should be handled.
Then, for each recipient, either give them the file to be decrypted, or let them know how they can retrieve it. Or specify that in the will or inside of the laminated card.
I'd be wary of physical media (eg. a CD-ROM in the safe deposit box), as they're only readable for a few years. Even things like USB flash drives will eventually start losing bits. Plus, the USB standard will eventually be superseded. If you're committed to occasionally verifying the file's integrity and accessibility, then a USB drive in the safe deposit box might work.
You may consider storing the encrypted file online, if you can find somewhere with long-term, guaranteed accessibility. Just don't make it so complicated the recipient can't retrieve it when the time comes.
I'd also be wary of asymmetrical encryption (eg. PGP) as it adds unneeded complexity, and keys can have expiration dates. That said, PGP and GnuPG have a symmetrical encryption option if you want to steer clear of WinZip or similar. 7-zip would also be a good choice, as it's free, open, and easily available.
Put your data in a crypted container, for example secured by TrueCrypt, or just a password-protected ZIP. Use Secret Sharing to distribute pieces of information to various trusted people. You can specify how many of these people have to cooperate to unlock your secret.
