|
Post by moonraker on Jul 11, 2021 9:30:34 GMT
We are sometimes enjoined to keep (securely, of course) a note of our passwords so that trusted people can access our accounts in the event of our serious illness or death. I have reservations.
At present I have a variety of passwords to some 40 forums and websites. These I have noted cryptically on two sides of A4, so much so that in a few cases I have trouble interpreting them. Nearly all of these would be of no use to a trusted person, though there is one forum of which I am a very senior member that I would like notified of my departure.
I also have passwords for 20 or so "sensitive" sites: utilities, my bank, HMRC and organisations with which I have investments. (Thank goodness for the Hargreaves Lansdown platform which has many of my holdings.)
I cannot see what use nearly all these passwords would be to my executors and the solicitors handling my estate. Presumably they would have to write to the organisations enclosing a death certificate and proof that they are empowered to handle my affairs; this could not be done through my online accounts.
I have granted Lasting Powers of Attorney to two cousins to handle my financial and health interests should I become unable to do so myself. Here I can see some reason for them to know some of my passwords but to legally handle my investments they would need to prove their attorneyships to the organisations concerned, and I remain unconvinced that this is possible via my online accounts.
I can see one advantage in making passwords available in that my trusted persons can access details of my accounts, such as their numbers, but these are available on printed matter on physical files locked in a safe.
A password manager file does not appeal.
I maintain one spreadsheet of my investment portfolio (without account numbers and passwords) with a print-out on a physical file, and have details of my utilities, Internet provider and council accounts (without passwords) on another print-out on my "death" file. I think that this is sufficient?
Your comments and experiences would be of interest, please.
|
|
alanh
Posts: 556
Likes: 560
|
Post by alanh on Jul 11, 2021 9:41:21 GMT
"These I have noted cryptically on two sides of A4, so much so that in a few cases I have trouble interpreting them"
I'm glad I am not the only one that does this!
|
|
archie
Posts: 1,839
Likes: 1,842
|
Post by archie on Jul 11, 2021 9:44:28 GMT
|
|
adrianc
Member of DD Central
Posts: 9,045
Likes: 4,841
|
Post by adrianc on Jul 11, 2021 10:12:39 GMT
"These I have noted cryptically on two sides of A4, so much so that in a few cases I have trouble interpreting them"
I'm glad I am not the only one that does this! SWMBO does. Drives me round the bloody twist. Ultimately, the only thing that actually matters is your email account. If somebody controls that, they can reset the passwords on everything else. So make that a strong password... And, of course, modern browsers will save and sync all your passwords for you. So make the password for THAT account a strong one. That's just two passwords you need. Best password practice is to come up with a phrase that's memorable but not easily guessable (especially without substantial social engineering), then apply some reasonable character-substitution to it, perhaps a homophone or two. Bingo, almost uncrackable. So... "Peer to peer forum"P!3rT0oP}}r4umm
|
|
|
Post by bracknellboy on Jul 11, 2021 10:36:35 GMT
As noted and I believe you already understand, the right method for access is via the powers of attorney. Accessing the account purely via knowing the account details would probably be illegal.
It is something I do not yet have sorted. My wife's and my finances are separate, except for a joint account. I've not kept a paper record of my multitude of accounts and assets, only electronic. Like you, I have a single spreadsheet to keep track of accounts but again without any account numbers or online details. This at the very least I ought to regularly produce a hard copy of and put somewhere accessible. I don't as yet. Without it, people would have a hard time even knowing what my accounts were, as i generally don't keep a paper record of each individual account: my life has moved pretty much online.
The one area that would concern me quite a lot is my wife getting access to at the very least an account which could give her a lump sum or regular access while issues of POA or probate get sorted. Luckily, I'm pretty confident that her own income and savings would probably tide her over if required.
As for passwords: bah, well..... I do have a crib sheet, but again its electronic not paper. (ok, I hear security risks). But they are cryptic, and most critically for finance accounts I use something common which is systematically adjusted for each account so they are all unique but (nearly always) instantly recallable. This means my record would be utterly useless to anyone but me, and I do not believe that stealing one could lead to the others falling.
|
|
|
Post by bernythedolt on Jul 11, 2021 10:47:24 GMT
Bitcoin and other crypto has long troubled me in this respect. My understanding is, unless you've passed on your private key to a survivor, that's your holding lost forever. Nothing anyone can ever do to retrieve your funds. Please correct if I'm wrong. I wonder what provision there is to handle the rules posted by archie above? Is there any way to present a death certificate to Bitcoin?
|
|
registerme
Member of DD Central
Posts: 6,233
Likes: 6,038
|
Post by registerme on Jul 11, 2021 11:03:03 GMT
I wonder what provision there is to handle the rules posted by archie above? Is there any way to present a death certificate to Bitcoin? There is no "Bitcoin" to present it to.
|
|
|
Post by bernythedolt on Jul 11, 2021 11:12:24 GMT
"These I have noted cryptically on two sides of A4, so much so that in a few cases I have trouble interpreting them"
I'm glad I am not the only one that does this! Ultimately, the only thing that actually matters is your email account. If somebody controls that, they can reset the passwords on everything else. So make that a strong password... This important point is easily overlooked, and also don't pick a provider like Hotmail who recycles previous addresses that once belonged to another person and have been deprecated through non-use over a period of time. Some providers recycle these addresses and some don't. Several years ago, I picked an address for myself which, unbeknownst to me, had been previously owned before being recycled. To this day, I still receive invitations from PayPal to access this chap's account, reset his password, etc. I have learned many personal details, including his home address. I've reported this data breach and security loophole a couple of times to PayPal, but they're simply not interested. They insist I am their customer, because I now hold the email address they have recorded! eBay, same story, but I did manage to get it changed there. I've also invited Which? magazine to investigate the whole issue of recycled addresses, but again no interest so far. Moral of the story - don't allow your email address(es) to time out and potentially be recycled.
|
|
|
Post by bernythedolt on Jul 11, 2021 11:15:22 GMT
I wonder what provision there is to handle the rules posted by archie above? Is there any way to present a death certificate to Bitcoin? There is no "Bitcoin" to present it to. Quite. So your money's down the pan.
|
|
michaelc
Member of DD Central
Posts: 4,920
Likes: 2,774
|
Post by michaelc on Jul 11, 2021 11:45:24 GMT
There is no "Bitcoin" to present it to. Quite. So your money's down the pan. Not really. It depends if you are holding the crypto keys locally (e.g. on a pc or memory stick). A lot of folk trust their bitcoin exchange to hold the bitcoin for them. In that case, presumably the bitcoin exchange could be required to release those keys. BTw, I'm not suggesting its a good idea to let the exchange hold the cash for you long term but it is typically the default so I suspect its common.
|
|
adrianc
Member of DD Central
Posts: 9,045
Likes: 4,841
|
Post by adrianc on Jul 11, 2021 11:53:28 GMT
Quite. So your money's down the pan. Not really. It depends if you are holding the crypto keys locally (e.g. on a pc or memory stick). A lot of folk trust their bitcoin exchange to hold the bitcoin for them. In that case, presumably the bitcoin exchange could be required to release those keys. BTw, I'm not suggesting its a good idea to let the exchange hold the cash for you long term but it is typically the default so I suspect its common. And, of course, you then open yourself to platform risk... Something we P2Peers should understand by now. www.bloomberg.com/news/articles/2021-06-23/s-african-brothers-vanish-and-so-does-3-6-billion-in-bitcoin
|
|
|
Post by bernythedolt on Jul 11, 2021 12:33:55 GMT
Quite. So your money's down the pan. Not really. It depends if you are holding the crypto keys locally (e.g. on a pc or memory stick). A lot of folk trust their bitcoin exchange to hold the bitcoin for them. In that case, presumably the bitcoin exchange could be required to release those keys.BTw, I'm not suggesting its a good idea to let the exchange hold the cash for you long term but it is typically the default so I suspect its common. Good luck in "requiring" an unregulated entity to comply, although I guess one or two might be helpful.
|
|
registerme
Member of DD Central
Posts: 6,233
Likes: 6,038
|
Post by registerme on Jul 11, 2021 12:33:59 GMT
Quite. So your money's down the pan. Not really. It depends if you are holding the crypto keys locally (e.g. on a pc or memory stick). A lot of folk trust their bitcoin exchange to hold the bitcoin for them. In that case, presumably the bitcoin exchange could be required to release those keys. BTw, I'm not suggesting its a good idea to let the exchange hold the cash for you long term but it is typically the default so I suspect its common. Yes, but asking if "there's a Bitcoin to present it to" kind of assumes that they're not held in an exchange wallet, and you don't have possession of the key(s) yourself.
|
|
|
Post by mfaxford on Jul 11, 2021 13:02:18 GMT
Not really. It depends if you are holding the crypto keys locally (e.g. on a pc or memory stick). A lot of folk trust their bitcoin exchange to hold the bitcoin for them. In that case, presumably the bitcoin exchange could be required to release those keys.BTw, I'm not suggesting its a good idea to let the exchange hold the cash for you long term but it is typically the default so I suspect its common. Good luck in "requiring" an unregulated entity to comply, although I guess one or two might be helpful. Having seen some well known companies struggle with Power of Attorney documents (Ordinary rather than Lasting in that case) regulation probably makes little difference. That said some Crypto Exchanges are regulated and do take things seriously. The others may well have disappeared before it's a problem for most here.
|
|
shimself
Member of DD Central
Posts: 2,561
Likes: 1,170
|
Post by shimself on Jul 12, 2021 13:29:44 GMT
Moral of the story - don't allow your email address(es) to time out and potentially be recycled. If you have your own domain (eg bernythedolt.com, which is available from all good registrars) then you're all set
|
|