Someone DOES Need to Know Your Password

Ever since our childhood days of building forts, passwords have been designed for secrecy, admitting only the one who has the secret code.  The goal of a password is to create something no one will know, to keep our information private and hidden.  Advice on creating extra-strong passwords abounds, and often is required.  New types of password security are emerging, from fingerprint swipes to picture recognition.

All this is true.

However, someone out there DOES need to know your passwords — or at the very least, where to find them.  Don’t learn this lesson the hard way:

Something may happen to you.

I’m not just talking about your death, although that of course is a possibility I know all too well.  But you might be unconscious for a while, and I’ve met those people in hospitals, too — from a car crash to a blood clot, the unexpected can happen.  Or, you might end up stranded in an ice storm or a flood, with no working phone lines or cell service.  Why let your affairs deteriorate just because no one has access?

In my experience, there are plenty of kind-hearted companies and individual employees who will make things right for you after a catastrophe… but there are also those who will not budge.  Lawsuits and the difficulty of discerning truth from malicious lies have created barriers that may only be navigated with the proper passwords.

A Practical Blessing

If you are reaching out to someone in crisis and want to do something practical, corralling passwords together could be a blessing.

A few may believe they have no passwords, without realizing that they selected passwords when they first set up their computer or phone.  Or, they may forget that various billing accounts ask for telephone passwords; my internet provider refused something as simple as adding my name to the bill (I wanted to continue paying them!) without the password my husband had created.

Most of our someones, however, recognize passwords these days are getting out of hand.  Much of our world now just runs online and over the phone, using passwords.

Together, you may uncover dozens and dozens of passwords being used to access…

• each electronic device, including the router;
• email, social networking, and discussion forums;
• bank accounts and credit cards;
• utilities, software subscriptions, and other bills;
• medical records, appointments, and prescription refills;
• insurance policies and tax payments;
• purchases, receipts, and delivery status;
• records of donations and gifts;
• class materials, teacher updates, and scholastic transcripts;
• phone numbers, addresses, photos, and documents stored on devices;
• videos and photos posted or stored online;
• buying and selling used items at online sites; and
• things as simple as playlists, wish-lists, or online subscriptions.

Blame Me

This is a blessing that can feel awkward at first.  Planning for emergencies can seem to imply that your someone will die soon or catastrophe is imminent.  If you see a need you would like to address but your someone is resistant, or if you are unsure how to bring up the importance of planning ahead… feel free to blame me.

I’ve been told it works to say, “Julie says we should do this. She says it’s really important.”  I have personal experience being left without all the passwords, and it is important.

The Next Step

Once you have gotten past the awkward stage of bringing up the topic and have begun gathering up the passwords, you may see a next step on the horizon:  How will you store all the passwords you have assembled together?

When I ask people what they are doing to keep track of all their passwords, answers are often haphazard.  Post-its may accumulate around the house or be stuffed into laptop bags.  Many rely on devices to save passwords for them or use virtual post-its to display passwords openly.  These casual methods might be useful when the memory is strained or when a device is handed over to a trusted person during a crisis; however, these methods could be a disaster if our device ended up in the wrong hands.  We also may need access when our devices are not available or are no longer functioning.

We can’t rely on information stored haphazardly.  Setting up a method for recording passwords can…

• make it more realistic to use unique, strong, and frequently updated passwords;
• provide access when our usual devices are unavailable; and
• ensure we will not be cut off from critical tasks when weather or damage or health puts us out of commission, allowing someone else to step in.

For those who are facing a crisis, accessibility becomes critical.  An often-neglected piece of password organization will be to strategize together:

In an emergency, exactly how will you or anyone else know where to find all the passwords?

Strategies Need to Include What-Ifs

There is no single way to keep track of passwords.  Three common methods are described below to help get a conversation going.  You might talk through your someone’s current method(s), make a plan that is both secure and realistic, and then follow the plan all the way through to the last what-if:  Who could step in, and how would they do that?

• Storage in a document, e-mail, or cloud:  Many people have created a document to record all passwords.  This seems realistic and easy to update.  If this document is accessible from different devices, then it will be retrievable from many locations.  However, others point out that documents in our computer, our email, or the cloud are always vulnerable, even when password-protected.  I had some files completely disappear from my computer, unable to be retrieved by experts, and potentially now in the wrong hands.

Is there a compromise?  For instance, the disappearance of my files seemed targeted with an eye toward file names (I did enjoy the fact that one missing file was titled “Top Secret” and a hacker may not have been expecting my son’s cookbook cover).  Could we keep password files accessible but fairly safe by naming the file something obscure, storing the file somewhere unlikely, breaking up the passwords into parts, or using clues rather than actual passwords?  Similar to password retrieval methods used on some websites, we might use hints (e.g. PUP for dog’s name), abbreviations (e.g. ADD for address), and little clues about unique symbols and capitalized letters (e.g. 3rd UC = the 3rd letter is upper case) rather than recording actual passwords.  After discussing a system that feels safe, move all the way to the last what-if:  Is there someone who will be able to find this file in an emergency, and will that person understand any hints?

• Password notebook:  Similar to address books, password notebooks have emerged to help us use unique, strong passwords without losing track of them as we accumulate more and more over time.  A simple spiral notebook will do, as long as you have everything in one place and know where it is.

These notebooks probably are locked up by some users, while others may lightly camouflage them among papers or books, with the assumption that most Internet theft today is not occurring within the home.  Password notebooks could also disguise passwords by using hints, abbreviations, and little clues.  However, once again keep in mind that someone else does need to know how to find this password notebook, and we don’t want that person to be completely unable to decipher any password clues used in the notebook.

• Storage software:  The U.S. Computer Emergency Readiness Team (US-CERT, part of Homeland Security) publishes a fact sheet called Choosing and Protecting Passwords. *  This fact sheet mentions password managers.  Password managers are software programs that can store all of your passwords or produce randomly generated passwords for you. If your someone is concerned about security, you might investigate software options.

Of course, you will want to set it up so your someone can access the password manager remotely, in case his computer crashes or his laptop is stolen or his phone falls in a lake.  And, when at least one other person can access the software, his affairs can continue uninterrupted even if something unexpected happens.

With any of these strategies, your blessing is to remind your someone that he or she will likely want a trustworthy person to be able to find passwords and understand any information such as abbreviations or clues.

It would have helped me a lot if we had recorded every last one of Shane’s passwords.

* https://www.us-cert.gov/ncas/tips/ST04-002

Blog #7 Comments:  Do you have password experiences to share, either horror stories for us to learn from or successful ideas that might help someone else?