Unfortunately, if your will is silent on the subject of your digital assets, your best option is to re-do your will. Many jurisdictions don’t allow will supplements. And even though a will supplement is permitted in certain States, it’s still best to revoke your prior will and draft a new one to avoid any possible conflict between the two documents.
You can appoint your executor as long as he/she is technologically savvy, and has the proper computer and internet skills. If your executor can handle all of the traditional post-mortem jobs with amazing skill, but can’t find the start button on a laptop, you are going to need to find an alternate. You can give your executor the power to appoint someone with the necessary technical skills. And if your State allows it, you can appoint a digital executor.
Whatever you decide, make sure to appoint someone with the necessary skill set and authority.
You should update your digital asset inventory every time you change a username or password, or add or delete an account. If you use a password locker like DashLane, your password locker will update new information automatically.
It’s not a matter of which one is better. The answer depends on what you are using each one for.
A cloud service is best for reliability, sharing, and the ability to synchronize your data across all of your devices. Save your data in one location and access anywhere it else you have an internet connection. You can’t beat that.
However, a cloud service may have restrictions that complicate providing access to your survivors. That’s where the benefit of a physical device comes in. A physical backup drive is yours, and you control who can, or can’t, access it.
The best setup is to complement one backup solution with the other. Use your cloud service for reliable synchronised access and sharing. And use your physical backup to avoid any complications with your cloud provider terms of service.
In theory, your executor has broad enough power to manage your digital assets. Adding the words “digital assets” to the executor’s powers should convince the doubters. But assuming that he/she will be capable of dealing with your digital assets is a mistake.
If your executor isn’t technologically inclined, he/she will be starting out at an immediate disadvantage. Furthermore, how will your executor know what digital assets you have? The answer is they can’t possibly know any of that information, unless it’s provided to them in the first place.
So theoretically, the answer is “yes”, but as a practical matter, the answer is a resounding “no”, unless you do some advance planning.
For an added layer of security, fingerprint scanners are starting to appear on cellphones, tablets, and computers. As a result, access to a device protected by a fingerprint scanner presents a unique challenge. But most, if not all of these devices have a secondary access method like a password or passcode. You should include all of these details in your digital asset inventory.
However, including this information in your inventory isn’t sufficient by itself. You also must have the proper langauge in your estate documents providing your chosen representative with the authority to access your device.
What happens to your accounts when you die is dependent on your Terms of Service, State and Federal laws, and the terms of your estate documents. Even if your survivors have your consent, disclosure by your service provider is voluntary, and many providers will not give any information to anyone other than the account holder (you).
A proper digital asset plan can greatly reduce the nightmare your family will face if you have no plan.
It’s becoming increasingly common for people to store all of their family photos online. Accessing those photographs after you die can be a challenge for your surviving family members.
Snapfish recommends: “…that you do not give your password to anyone and that you change it every 3 months”. Shutterfly prohibits sharing of your password and username: “You agree not to disclose your username or password to any third-party “.
However, despite password sharing limitations, both services are specifically designed for photo sharing. If you want to make sure family members have access to your photos, use the services as intended, and share.
Snapfish wisely recommends that you “…should always preserve your original Content, or make back-up copies of such Content, on your personal system. You should not use the Service as the only repository or other source for your Content.”
Shutterfly recommends that “…you keep back-up copies of your User Submitted Materials on your hard drive or other personal system.”
Good advice from both Shutterfly and Snapfish. If you use an online service for photo storage and sharing, you should physically backup your photos elsewhere. And of course, include that information in your digital asset inventory.
If you back up your photos with another cloud service, you will be subject to their terms of service. Sharing your password isn’t an option if the backup cloud service prohibits password sharing. On the other hand, if the service permits sharing of your stuff, then you can certainly use that method to share your photos too. If not, then a physical backup may still be the default option for maintaining your family treasure trove of photos.
If you don’t have a plan for your digital assets, here’s what you can do:
- Identify your digital assets
- Create a digital asset inventory
- Keep a copy of your inventory with your important documents
- Use an online service or password locker to store your inventory
- Know your Terms of Service
- Speak to an attorney
- Decide who should or should not have access and to what
- Add language to your power of attorney, will, and/or trust
The major disadvantage to using a password manager is that your locker is accessible with a single password. However, as long as you use a strong password, you can take advantage of all of the benefits that these services offer.
These articles provide an excellent overview of the challenges of dealing with digital assets, and contain sample langauge that you can use in your estate planning. As always, you should consult with an attorney to determine what language belongs in your estate planning documents:
From the American Bar Association: “Who Will Delete the Digital You”
From Bessemer Trust – Page 116: “Planning Considerations for Dealing With Digital Assets”
From the NAEPC Journal of Estate & Tax Planning – “Web Meets the Will”
Since a Will can become a matter of public record, it should never list your digital asset inventory. In addition, the Will execution process is incompatible with the frequent changes necessary for good password management.
Storing your passwords in a safe deposit sounds like a good idea. If safe deposit boxes weren’t secure, people wouldn’t use them to store valuable items like jewelry and important documents.
Over the course of time, your account list and passwords will change. If you are updating frequently, that’s going to translate into lots of trips to the bank. Not to mention the number of times you will have to re-print your paper list.
As an alternative, you could save your account list in a spreadsheet stored on a USB drive, and then store the USB drive in your safe deposit box. However, that option also means lots of trips to the bank with your USB drive. Of course, you’ll have to keep a duplicate file at home. But now imagine keeping track of what’s on which list. And one of your lists is always across town.
Furthermore, if you aren’t making frequent trips to the bank to update your list, that means one of two possibilities. Either your passwords are no longer secure, or your list is hopelessly out of date. You may not need to change your accounts on a regular basis, but you should certainly be updating your passwords. Again – more trips to the bank, and a lot of wasted time.
If you keep a paper list or a computer file tucked away in a safe deposit box, how can you pass the list along when you’re gone?
One way to share the list is to add someone else to the account. However, that means that the person you’ve added to the account can access your box and your handy list. And now your list is no longer secure.
Your survivors may eventually gain access to your safe deposit box after you die, but that may take time. Your bank will almost certainly freeze your box when you die, and your survivors won’t be able to access it until your estate is probated – a process that can take many months.
You could avoid the problems associated with your survivors getting the list from your safe deposit box by providing for specific access to the file on your computer via your Will. But then that would defeat the purpose of keeping the list in your safe deposit box in the first place.
So although your password list is an important document that might otherwise belong in safe deposit box, it really doesn’t belong there. If you want to have an easily transferable, synchronized, up-to-date, encrypted, password list on every device that you own, just use a password locker like DashLane.
Storing your usernames and passwords in a spreadsheet is definitely better than storing your information on a sheet of paper.
A spreadsheet will keep your information a lot more organized, and you can secure the file itself with a password. However, it’s still not the ideal storage location.
A spreadsheet won’t solve the issues inherent in keeping a manual list like making up multiple unique strong passwords for all of your accounts, or cutting and pasting the information into your browser every time you log in. You’ll still need to password protect your spreadsheet, cloud service, and device. And you will need to figure out a way to get the list to your survivors and/or executor.
A spreadsheet is definitely better than paper, but not as good as a password locker.
I will be providing a sample form that you can use for a digital asset inventory. Please sign up for the firm newsletter, if you would like to be informed when the sample form is available.
In a digital asset inventory you should list all of your digital assets.
Whenever you sign up for a new application or service, the provider will usually require you to agree to their Terms of Service.
You should never sign a contract without reading it, and unfortunately most people agree to a TOS without bothering to read the fine print. The TOS will typically control whether or not you can share your password or username, whether you can share the data or info that you are storing, and even what happens in the event of your death or incapacity.
Here’s how Gmail handles a deceased user’s account:
“We recognize that many people pass away without leaving clear instructions about how to manage their online accounts. We can work with immediate family members and representatives to close the account of a deceased person where appropriate. In certain circumstances we may provide content from a deceased user’s account. In all of these cases, our primary responsibility is to keep people’s information secure, safe, and private. We cannot provide passwords or other login details. Any decision to satisfy a request about a deceased user will be made only after a careful review.”
Yahoo may delete everything:
“You agree that your Yahoo account is non-transferable and any rights to your Yahoo ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.”
Evernote may give your survivors access:
“Evernote’s pledge to protect the privacy of your Content will continue, even after your death or incapacity. If you wish to enable someone to have access to your Content or Account Information after you are no longer able to provide them access, you need to implement a process for providing your Account Information to them. We will not provide your Account Information, or your Content, to anyone, even next of kin, unless we determine that we are legally obligated to do so. We encourage you to include your Account Information, with instructions on how to access your Content, in your will or other estate plans, so that anyone you wish to have access to your account will have the means to do so. Please see our Commercial Terms for information on terminating payment for Paid Services upon death or incapacity.”
The fine print matters!
Online services and applications are completely intertwined in our daily lives, and the list of activities you can do online is nearly limitless.
This is not intended to be a comprehensive list, but just consider a few examples of how much you can do online on a daily basis:
- credit cards
- video chats
- social media
- hotel & travel rewards
- online storage
- important documents
- paying bills
- have at least 8-12 characters (14 + is even better);
- contain combinations of numbers, symbols, and upper case and lower case letters;
- do not use common words, phrases, your name, date of birth, social security number, etc.;
- change frequently;
But don’t take my word for it. Google offers some good suggestions for creating strong passwords, and this article offers some decent tips too. Or you can skip the manual process and use a password locker to generate them.
A password locker is an online service that will warehouse all of your usernames and passwords.
DashLane is the service I recommend most often to family, friends, and clients.
There are many reasons why you should use a password locker. The average person has dozens of online accounts and applications. Remembering your log in information, and making sure every account password is unique and secure, is nearly impossible.
A password locker:
- ensures secure password usage
- keeps an inventory of all of your usernames and passwords
- encrypts and secures your account information
- helps you generate strong passwords
- prevents you from using weak passwords
- prevents you from repeating passwords
- saves you time filling out your account information
- automatically logs you in to your accounts
- enables you to control sharing of your account information
- will synch your password information across multiple devices
- helps to avoid having to remember countless username and password combinations
- enables automatic password changes
- may use two-factor authentication for additional security
Sharing passwords isn’t a decision you should take lightly. There are a lot of very good reasons to share your passwords, and a lot very good reasons not to.
You should share your passwords to enable your survivors to manage your online accounts, and to prevent identity theft and fraud. Sharing can also help you maintain your privacy, secure sentimental assets and documents, and can prevent losses to your estate.
Password sharing isn’t for you if you are concerned about your online security. Nor should you share if you want to avoid any possibility of violating your Terms of Service, or any State and Federal laws.
But it’s not necessary to choose one path or the other. You just have to strike the right balance in the grey area in-between sharing and not. I’ve discussed the dilemma of password sharing in further detail in two blog posts here: (Never) Share Your Passwords and 6 Steps for a Smooth Digital Asset Handoff. However, before you consider any password sharing, you should organize and secure all of your passwords with a password locker.
“Click-through” agreements are the terms that control your use of a particular application, service, or website. Users must “accept” and “click-through” the rules in order to use application, service, or site. When you click “I accept”, you are subject to the rules you are “accepting”. See also Terms of Service.
You can certainly keep a paper account list, but it’s probably not a very good idea for multiple reasons:
- Are your usernames and passwords, unique and strong?
- Have you re-used any usernames and passwords?
- Is your list out in the open for all to see?
- Is your list secured in a locked cabinet, safe, or drawer?
- If saved in a computer file, is your computer and your list password protected?
- Do you update the list every time you add an account or change a username or password?
- Are you updating your usernames and passwords on a regular basis?
- Can you read your handwriting?
- Does someone know how to access your list in the event of an emergency?
Since most people answer these questions the wrong way, you should use an online password locker like DashLane.
A paper list isn’t really safe, it’s messy and difficult to read with changes, and most often contains passwords that aren’t secure. Saving a “paper” list on a computer is a little better, assuming you secure the list and your computer with a password. Either way, you’ll have to update the list manually, and you will need to come up with unique strong passwords on a regular basis.
An online password manager solves all of these issues. It keeps your list up to date, and it generates unique strong passwords as often as you need. With a password manager you don’t even need know what your passwords are. Once you unlock your list with your master password, the password manager will automatically log you in to your accounts. There’s no cutting and pasting, and the system will accurately enter all of your passwords with a single click.
Survivor access to your accounts will depend upon State and Federal law, your Terms of Service, and the language in your Will. Most online services and applications prohibit the sharing of your password information. However, many services, such as photo and cloud storage providers, specifically allow you to share your data. Either way, it’s critical to understand your Terms of Service to know what you can share, with whom, and under what circumstances.
You can also backup your data to a physical device, and specifically provide for access to that particular device via your Will. If you have extensive online accounts and assets, a Digital Asset Trust might be a worthwhile alternative.
Most importantly, you should consult with an attorney to determine the best way to provide your survivors with access to your online accounts based upon your individual circsumstances and applicable law.
Terms of Service are the unique rules that govern use of a particular application, website, or online service. Case-law has generally upheld their validity. These rules are also called “click-through agreements”, because users must “accept” and “click-through” the rules in order to use a particular service or application. When you click “I accept”, you are subject to the rules you are “accepting”.
Every State has laws that criminalize unauthorized computer access. You can see a list of the various State rules by clicking here.
A digital executor is someone you designate to handle your online and digital assets after you die. A digital executor can be the same person as a “regular” executor if he/she has sufficient computer and internet skills. If your executor doesn’t have the necessary skills, you can give your executor the power to engage a technology specialist.
In theory, once you’ve selected a digital executor, that person should be able to access your online accounts. However, service providers may still refuse access to your accounts based upon their Terms of Service.
Although many States don’t formally recognize the role, it’s an important job that someone will need to fill. You should discuss this appointment with an attorney who can help you plan based on your individual circumstances.
There’s no set definition of what constitutes a digital asset. The parameters are constantly evolving with the pace of technology, which moves faster than the law.
The following are examples of digital assets:
- Any information stored in a digital format
- any information stored in a computer, hard drive, cloud drive, cell phone, tablet *
- domain names
- music & books **
- medical records
- business records
- tax records
- social media accounts (Facebook, Snapchat)
- financial accounts (investment, banking, and bill payments)
- business accounts (eBay, Amazon, Etsy)
- loyalty program benefits such a frequent flyer miles
- virtual currency or property
- online accounts (Facebook, Flickr, LinkedIn, Pinterest, etc.)
- usernames and passwords
- security Q&A’s
If you’re interested in a more formal definition of “digital assets”, the State of Oregon has a pretty good one:
“”Digital assets” means text, images, multimedia information, or personal property stored in a digital format, whether stored on a server, computer, or other electronic device which currently exists or may exist as technology develops, and regardless of the ownership of the physical device upon which the digital asset is stored. Digital assets include, without limitation, any words, characters, codes, or contractual rights necessary to access the digital assets.”
*Physical devices such as computers, hard drives, phones, tablets, USB drives, CD’s, DVD’s, etc., are generally considered tangible personal property. However, the information stored on these devices would fall into the category of “digital assets”.