

PassMyWill Is A Will For Your Online Assets And Passwords - bzupnick
http://techcrunch.com/2011/10/02/passmywill-is-a-will-for-your-online-assets-and-passwords/

======
dguido
Pretty sure these guys have been doing something similar for a while now:
<https://www.lifeensured.com/>

I wonder if PassMyWill has ever been audited for security vulnerabilities?
LifeEnsured has: <https://www.lifeensured.com/faqs#security>

EDIT: lol. The login form on PassMyWill gets POST'd over HTTP.

EDIT2: Nope, the entire server doesn't support SSL. _facepalm_

~~~
jonursenbach
I love how companies play up the security theater they have in place in their
datacenters. If someone is going to try to get your data, the last place
they're going to get it from is in person at your DC.

~~~
dguido
I think it's kind of a standard disclaimer. Notice they got the most important
part right: independent review by experts.

Even people that do security well need to engage in security theater.

------
rdl
Another problem is keeping your backup passwords in sync with your day to day
use passwords, especially if you're not going to die to 40-80 years.

Probably the best solution is to have something like 1Password set to
automatically manage passwords, encrypted with a master password, and then
disclose only enough information to get to the daily-use 1Password. Disclosing
a single password like that is probably better accomplished in a paper will,
stored with a lawyer/executor.

Although there's also some value in an "I'm dead" script which deletes porn,
porn passwords, information about your affairs, criminal activity,
compromising photos involving porn and crime and drugs, the Guatemalan second
family you support, etc., before turning over things like facebook passwords
to next of kin.

~~~
mburns
Even better, use KeePass (and sync/backup into the cloud like Dropbox, etc)
and have an _open source_ solution that is safe and encrypted from end to end,
without trusting a company to not be stupid.

Then, just leave your master password(s) for the encrypted database in your
will, or safely amongst your personal belongings.

------
gkoberger
After they die, I don't see why someone would want their family to have their
passwords. Every email, IM and Google search? Even if you don't do anything
"wrong," there's still probably a ton of stuff you wouldn't want anyone
reading (especially out of context).

~~~
bdunbar
My father passed last summer.

He had a busy life online, post-retirement - built and ran a website for a
yacht club, used the computer to book stand-by travel with his former employer
(American Airlines), online banking, etc.

Nothing where the lack of access would have been a killer. But not having them
would have been inconvenient for a lot of people.

Happily, he kept his accounts and passwords in a tablet, on his desk. Single-
space, filled the page. So I was able to hand the 'keys' of the website over
to his backup, get my mother logged in to the website so she can book tickets,
and so on.

Every single online account would have been excessive. But the ones he
documented, I'm glade he did: saved a lot of people some inconvenience.

------
jseifer
This is an interesting start up and concept but it seems like there's a pretty
high barrier to entry. In order to use this site you have to place a lot of
trust in it to:

* Be secure with your credentials to sites * Reliably figure out that you are dead * Trust that your next of kin will figure out the key you've set up

It's certainly a useful concept and much better than hoping your loved one
placed the credentials somewhere you could access them.

~~~
shazow
An easy solution:

Encrypt your package using a fresh private key. Send the package to the will
handler (such as PassMyWill), but not the key. Send the key to all the will
recipients.

Upon the execution of your will, your recipients get the package that they can
already open with their key.

The trick becomes to keep the package opaque to the will handler, and to keep
the recipients from gaining access to the package prematurely.

~~~
feral
I think the best solution in this space would be to implement this:
<http://en.wikipedia.org/wiki/Shamirs_Secret_Sharing>

Then you could nominate some family members, friends, significant other, such
that some minimum number of them were required to collaborate to decrypt the
files.

------
joshzayin
What benefit would this provide over simply having an encrypted memory stick
(or similar) containing all of the necessary account information and leaving
the password with someone trusted (e.g., lawyer responsible for will, family
member friend, etc)? (or, as troels suggests, leaving the password or even the
stick in a safe)

~~~
bzupnick
The benefit is that if you did it with an encrypted USB that you keep with a
lawyer, every time you make a new account or change your username or password,
you would have to get the USB back, re-write the txt file, then give it back.
Whereas here, it may be easier to update your information in this fashion

~~~
joshzayin
Well, you could keep the USB stick and give the lawyer the decryption key.

------
yesimahuman
Entrustet.com has been doing this for several years now. They have been on TC
in some capacity a few times:

<http://entrustet.com/>

------
troels
I really don't see it competing much with having an envelope with a master
password (e.g. my gmail password) in my safe?

~~~
epochwolf
Same here, only leaving the master password for my laptop and 1Password in my
parent's safe. They would need to fly 2,000 miles to get physical access since
the passwords don't work on my gmail account.

