I need to start making plans for when I am gone, much sooner than I thought, and I realized our finances are pretty opaque to my spouse. Our bank account is shared, but there are other sites that only I have access to.
The easiest solution would be to physically write down logins and what needs done, put it in an envelope, and tell my family where that envelope is. I’m not thrilled about that, because I would have to shred and rewrite it every time I update a password or a URL changes, and it’d be vulnerable to nosy guests.
Putting it in a shared Google Doc would be easiest for everyone. But then Google has that data. Even supposing I trust a cloud SaaS provider not to misuse the data (which is a big ‘if’) I do not trust them to never have a data breach.
Self-hosting seems like the next step, except I expect my home server to be the first thing to collapse once I’m gone. Filing login info with an estate attorney would still require frequent updates. Putting a document on a flash drive risks data loss, but is what I’m leaning towards.
Is there a solution I’m missing?
Use something like Bitwarden, and record your master password and/or backup codes in an envelope.
Self hosted stuff will collapse without you. Bitwarden has a family plan with survivorship rules. You can also share passwords easily. Also, Google and Microsoft accounts also have survivorship rules you can set up.
No solution I’ve found, but I’ve been working on this myself. As I see it, there are two situations, and four categories of data:
I. My wife survives me II. We both die, e.g. in a car
- Digital media
- Financial accounts
- Subscriptions
- Physical possessions
I’ve been thinking about getting an M-Disk writer for media, because ultimately, backing up to B2 is fine until I’m gone. Family members will need physical media for the photos and stuff.
For secrets, I’m planning using SSSS. Keys will be given to members on each side of my wife’s and my families. If we both die, they’ll have to get together, put their keys together, and decrypt the KeePass DB.
The online accounts are almost all financial; those are in a KeePass DB. My wife already has access to all of that through power is attorney, and if we both go, it’s SSSS for the family.
The third data category are accounts and services that will be to be stopped. I don’t subscribe to much, but the VPS provider and B2 will have to be terminated, and a document with instructions and with the credentials is in the SSSS archive.
The final category are assets: home, mortgage info, where and what the M-Disks are, a copy of the will that deals with all of the valuables, and any notes about anything not covered in the will. That’s in documents in the SSSS archive.
I still have to put the archive together. I’ve been working toward a state where all of the secrets are in a cryptfs that’s shared on the LAN and automatically encrypted with SSSS and synced to a share. Once I have that automated, I’ll communicate out the SSSS keys and a how-to document.
In some ways, it was easier when you just died and your kids fought over the china. But I have a plan.
This is the one reason I’ve paid for 1Password. My wife has access and can get what is needed without figuring out how to revive a self hosted password solution. I realize this isn’t about self hosting, and that you can pay for Bitwarden too. It just struck a chord.
OP wishing you all the best.
You kinda only need the email credentials. Shouldn’t the rest be resettable from that point?
Is there anything that needs MFA that they won’t have?
