Entrust your cyber security secrets to a safe pair of hands
FYI, this story is more than a year old
Imagine, if you will, that your security is flawless, and not a single other person can access your sensitive accounts or information. And then the unthinkable happens – you’re in an accident. How will your loved ones get past your security measures to tend to your affairs?
It may seem a bit counter-intuitive, if you’ve taken to heart all the admonitions to lock up your valuables, to then take steps that enable someone to get at them.
Much of the advice for allowing an entrustee to manage your affairs - either temporarily or permanently - reads like a list of cybersecurity faux pas.
But in reality, the best steps to take for allowing a trusted caretaker in are slight modifications of the techniques you used to achieve thorough security in the first place.
You no doubt have an asset list, either stored mentally or written down somewhere, that documents all the machines and accounts in your care.
This list will be essential for your “In Case of Emergency” kit. Be sure to include all devices (don’t forget oft-ignored things like admin accounts for your modem and router), email accounts, utilities like power and water, financial institutions, cloud services, and any servers you might be hosting for other people.
Now that you have your asset list, choose an emergency contact. This person will be entrusted to take care of all your digital assets, and can be a family member or friend, or someone official like a lawyer.
If you have already written your will, you’ll likely have already chosen an executor to find and manage your assets. Some online services – like Google, Facebook and Instagram – allow you to designate an emergency or legacy contact who can administer your accounts.
Many password manager applications allow you to set an emergency contact too (which can also be helpful in less dire situations, if you ever need to reset a lost master password).
This is the point where you need to exercise a little extra caution, so as to avoid making security slip-ups. Create a list of your usernames and passwords, and create backup codes for any accounts that have two-factor authentication enabled.
To protect this list, there are a few things you can do. You can keep a copy on paper or removable media locked away somewhere, such as in a fire safe or safety deposit box. You can entrust it to a lawyer, or sign up for an end-of-life planning service.
Keep in mind that law firms and companies can and do go out of business, so you may still want to keep an additional form of backup. Be sure to ask them questions about their security too, as losing this much sensitive information at once would inevitably be a massive pain to fix.
If you keep a digital copy of your credentials, be sure to encrypt it. Public-key encryption is a natural choice for this situation, but you may need to be aware of expiration dates.
And keep in mind that storage media degrades over long periods of time, so every five or ten years you should move your information to a new disk.
We’ve all been through a fire drill or other preparedness training at least once in our lives, so we understand the idea that they’re meant to help us act swiftly and sanely even when our emotions are running high.
Likewise, preparing your loved ones in advance with the occasional practice run can make taking care of your digital assets less difficult and distressing for them when the time comes.
Matters of mortality are not fun topics, and not something most people give much thought to until well into their autumn years.
When accidents happen, the stress on survivors can be overwhelming, even without the Herculean effort required to get through our airtight security. By taking a few minutes to prepare for the worst, we can save our family and friends from having an extra burden to bear.
Article by Lisa Myers, ESET blog network