cancel
Showing results for 
Search instead for 
Did you mean: 

Phone as ID for digital estate plan - what if lost/destroyed?

coghlanpf
Good Citizen / Bon Citoyen

I want to give my spouse access to my digital IDs as part of an estate plan.  I've put the high-value stuff (banking passwords etc.) on my Microsoft One Drive Personal Vault, which requires 2FA.  For a proper 2FA, I wanted the phone to be the "something you have".  If my phone perishes with me in an accident or something, and my spouse needs the phone to access Personal Vault, can she move the number to a new SIM without access to my e-mail?

25 REPLIES 25

coghlanpf
Good Citizen / Bon Citoyen
Agree with the need to keep it simple. It was basically a choice between putting the high value passwords etc. on a stick in a sealed envelope vs in something like Personal Vault, but went with the latter for reliability.

srlawren
Retired Oracle / Oracle Retraité

@coghlanpf wrote:

@srlawrenOkay, same question then.  If the phone and I both meet our demise, isn't the authenticator app tied to the phone and, if so, how does she create another instance of it?

To me, the phone is the key.  It travels with me everywhere and is, therefore, the best candidate as the "thing that I have" (too bad the SIM is such a weak credential, though).  If I kick the bucket and my phone remains intact, it's otherwise a great second factor for her to use to access my personal information.


@coghlanpf I haven't started using Microsoft Authenticator just yet so I can't speak to how it works.  I do use Authy as my Google Authenticator client for exactly this reason though.  I can run Authy on multiple devices (including on my PC at work through a Chrome App) and can access my 2FA tokens from any of those devices.  So if I were away with 1 of those devices and lost it, I could still access via one of my other devices.  

 

That said, my recommendation stads to look at LastPass and how it implements the digital estate access scenario.  


>>> ALERT: I am not a moderator. For account or activation assistance, please click here.

Just implement a "non-digital" 2FA mechanism.

Leave half the user/password info in a sealed envelope with lawyer or safety-deposit box or whatever - requiring proof of owner's death and a whitelisted ID to access the contents.

Leave the other half of the user/password info with the authorized person (wife) - requiring access to the "secured" part of the information to make any sense of it.

 

But, honestly, it's far less hassle to trust someone - wife, lawyer, notary, professional, etc. There's articles online about digital estates, they all boil down to making things as simple as possible (instead of erecting additional obstacles) for your loved ones after you're gone. 

@coghlanpfIf you use 2FA on Google accounts etc, there is always an option to print a backup code that would come in the play in a lost phone / authenticator situation.

 

As for secure vault, you can always encrypt the data into a file using apps like vera crypt and sync it up to your clound app.

coghlanpf
Good Citizen / Bon Citoyen

A mod told me that the process of setting up an existing PM number on a new phone does not require e-mail verification, just the PM credentials and the following step:

  • Self-serve > Overview > Plan and Add-ons > Change SIM card > Enter New SIM Card Number and click Submit.

In that case, I should probably start by selecting a more secure password for my PM account Smiley Happy


@coghlanpf wrote:

@GinYVR Thanks for the explanation of the QR code.   Neither the Google or MS authenticators work with Personal Vault, apparently.  Even if they did, e-mail passwords are one of the things I want to put in the vault, since they put a lot of power in the  hands of online criminals.

I still like the idea of putting lower-value digital assets and account IDs (without passwords) on something that can be shared, such as Google Drive, and the high-value assets on some kind of vault that requires something I (or designated surviving family member(s)) need something I have (e.g. phone) to gain access.

I thought about just using a flash drive etc. squirreled away at home with the high-value info, but like the main parachutes on a space capsule, it has to be 100% reliable when required.

We never did answer the question of what is required to legitimately replace a lost phone.  If this requires e-mail access, I'm back to square one.





@coghlanpf  I have a slightly used enigma machine stored somewhere in my basement you could have....its a little dusty and has some cobwebs but I'm sure with a good lick and some polish, a touch of elbow grease and a can of wd40 we could get her up and running.....

coghlanpf
Good Citizen / Bon Citoyen

@GinYVR Thanks for the explanation of the QR code.   Neither the Google or MS authenticators work with Personal Vault, apparently.  Even if they did, e-mail passwords are one of the things I want to put in the vault, since they put a lot of power in the  hands of online criminals.

I still like the idea of putting lower-value digital assets and account IDs (without passwords) on something that can be shared, such as Google Drive, and the high-value assets on some kind of vault that requires something I (or designated surviving family member(s)) need something I have (e.g. phone) to gain access.

I thought about just using a flash drive etc. squirreled away at home with the high-value info, but like the main parachutes on a space capsule, it has to be 100% reliable when required.

We never did answer the question of what is required to legitimately replace a lost phone.  If this requires e-mail access, I'm back to square one.

@coghlanpfWirecutter has an article about different Authenticators https://thewirecutter.com/reviews/best-two-factor-authentication-app/

 

If you are an IT person and want to avoid storing data in the States you can also try BitWarden where with a professional license you can host your own server.

@coghlanpfAuthy and password managers have recovery options that allow you to run the authenticator on multiple devices. Those one time keys are 40bit encryption keys.. the QR code you scan is just a graphic representation of the key. If you jot down the key you can reuse it anywhere.

coghlanpf
Good Citizen / Bon Citoyen

@srlawren Okay, same question then.  If the phone and I both meet our demise, isn't the authenticator app tied to the phone and, if so, how does she create another instance of it?

To me, the phone is the key.  It travels with me everywhere and is, therefore, the best candidate as the "thing that I have" (too bad the SIM is such a weak credential, though).  If I kick the bucket and my phone remains intact, it's otherwise a great second factor for her to use to access my personal information.

88cranston
Model Citizen / Citoyen Modèle

@coghlanpf wrote:

@88cranston I also thought about using something like an Aegis Key, but that's another PIN/password for her to remember, and if it's misplaced...

 


Wow. That is neat!! But expensive!!!

88cranston
Model Citizen / Citoyen Modèle

What is the name of the first street you lived on together (Main) (or postal code W7W7W1)?

srlawren
Retired Oracle / Oracle Retraité

@coghlanpf wrote:

Thought about that, but I don't think One Drive accepts Google Authenticator...plus remember that I only want a surviving spouse to get at my most sensitive info if I'm no longer around, and possession of my phone is the "bar".  Access to my e-mail password via a key logger isn't going to cut it.  This isn't a slight against my spouse, it's just that personal passwords must remain so...until I'm gone.


@coghlanpf Microsoft have their own Authenticator app - for Android and for iPhone.

 

You may want to consider using LastPass instead.  It offers Emergency Access with a configurable confirmation time.  More here:  https://blog.lastpass.com/2018/11/3-ways-to-prepare-for-your-digital-afterlife.html/ and https://support.logmeininc.com/lastpass/help/set-up-and-manage-emergency-access-lp030013


>>> ALERT: I am not a moderator. For account or activation assistance, please click here.

88cranston
Model Citizen / Citoyen Modèle

@geopublic wrote:

@coghlanpf  Noted, but considering how easy it is to hijack one's sim and take over one's phone I would never use the phone as a secure 2FA method IMHO.


lol.  I am old!!!  I would not use the cloud for anything other that syncing my iphone with my ipad for pics, contacts, and books!!!

 

Maybe just wise not to trust any 3 party application between you and a company or? Like Skip the Dishes is no longer trustable. I would not put my credit card in ANY app. 

GinYVR
Mayor / Maire

@coghlanpfDon't use phone number as a 2FA EVER, especially Public Mobile since in an event of a SIM jacking it will take say 48 hours for them to respond to you, it will be way too late..

 

Use a proper 2FA app like Authy or hardware Yubikey AND print out and print a restore key somewhere safe like in an actual safe or a safety deposit box at a financial instuition that knows who you are.

coghlanpf
Good Citizen / Bon Citoyen

@88cranston I also thought about using something like an Aegis Key, but that's another PIN/password for her to remember, and if it's misplaced...

 

coghlanpf
Good Citizen / Bon Citoyen

Granted, but I looked around and the selection online vaults with 2FA seemed quite limited, and I wanted something that my spouse could possess as a second factor before gaining access to my list of passwords stored in something like Personal Vault, and phone/SMS seems to be the best option for now.

88cranston
Model Citizen / Citoyen Modèle

Develop an Excel File. Make a page each for A B C D.......

Put your info in there.

Save it with a password

Put it on a thumb drive

Update it monthly

Store it in a lock box or safe.

Or saftey deposit box and rotate it. 

@coghlanpf  Noted, but considering how easy it is to hijack one's sim and take over one's phone I would never use the phone as a secure 2FA method IMHO.

coghlanpf
Good Citizen / Bon Citoyen

Thought about that, but I don't think One Drive accepts Google Authenticator...plus remember that I only want a surviving spouse to get at my most sensitive info if I'm no longer around, and possession of my phone is the "bar".  Access to my e-mail password via a key logger isn't going to cut it.  This isn't a slight against my spouse, it's just that personal passwords must remain so...until I'm gone.

geopublic
Mayor / Maire

@coghlanpf  Instead of your phone you can use 2FA with an Authenticator app. Install the app on both your phones and it generate a specific time sensitive key when 2FA is required. This method is much safer the using a phone. Find out if OneDrive supports this method.

coghlanpf
Good Citizen / Bon Citoyen

We don't have one, plus stuff you really want to lock down should require "something you have".  E-mail password recovery for bank accounts etc. should be for the account owner only.

coghlanpf
Good Citizen / Bon Citoyen

She will have my PM userid+password, so as long as there isn't an e-mail verification etc, that should be fine.

My wife asked about how she would access all our accounts if I kicked off, so I started to think about it.  I'm an IT security guy, and swear by 2FA.

totalUser
Mayor / Maire

You may want consider having a common email account for you selfserve in a case she needs to reset password. Just a thought

 

Daps
Deputy Mayor / Adjoint au Maire

She will need access to your self-serve account in order to replace the SIM card. Talk about planning ahead. 

Need Help? Let's chat.