--- title: How to transfer digital assets upon one's unexpected passing date: 2015-03-05T14:02:42Z source: http://www.dafacto.com/how-to-transfer-confidential-data-upon-ones-passing/ tags: life, todo --- After a friend passed last week, I was forced to reflect on the matter of how our personal and confidential digital data would be passed on and entrusted to others in case something unexpected happened to my wife and I. ## Original approach I maintain a 256-bit AES encrypted disk image that contains a copy of my 1Password keychain and a text file whose contents include my 1Password password along with an extensive description of the locations and access credentials of the various places in which we store both physical and digital confidential data. Only my wife and I know the password to that encrypted disk image, and the idea was that if anything should happened to me, she would be able to access that disk and its contents. What I hadn't considered until now is the case in which something happens to _both_ me and my wife. How could I get that disk image to trusted relatives or friends, along with the password required to open it? Here's the solution I implemented this week. ## SecureSafe [SecureSafe][1] is a Swiss company that provides what can be thought of as an online digital safe-deposit box. It can be used to securely store digital files and to keep track of passwords. The service is extremely secure. Since your data is encrypted to a key derived from your password, the SecureSafe company itself can not access your data. In addition to that, there is no way to even reset your password. SecureSafe offer a feature called "Data Inheritance", which allows you to define any number of "beneficiaries" who can access the files and passwords you store in the system. When you create a beneficiary, SecureSafe generates a PDF file for them, containing a unique access-code along with a description of the procedure for using it to access your account. So what keeps a beneficiary from accessing your data when they shouldn't? If a beneficiary attempts to access your SecureSafe account, you, as the account owner, are notified by email and SMS. You then have a configurable amount of time (the "delay period") in which you can respond, denying the request. The default delay period is 8 days, but the account owner can decrease it to a day, or increase it up to 180 days. In support of my needs, I have uploaded two documents to SecureSafe: 1. A copy of my encrypted disk image. 2. A text file that is GPG-encrypted to the PGP keys of my beneficiaries, and which contains the password needed to open the encrypted disk. Although it's almost certainly unnecessary, I have chosen, as you can see, to add my own layer of encryption to the data I've put in SecureSafe. About once a month, I'll update the 1Password keychain and text-file information map contained in the disk image, and upload a fresh copy to SecureSafe. ## Deathswitch A second problem to address is the following. How would our beneficiaries know if something happened to us while traveling or on extended leave? That's where [Deathswitch][2] comes in. After creating a free account at Deathswitch, the system will send you an email every two weeks (or however long you define in the configuration.) If you don't respond to that email after a configurable delay period (default 5 days), Deathswitch goes into "worry" mode, during which it will try to contact you (optionally on a secondary email address) each day for a configurable number of days (default 10). If you have not responded by the end of the worry period, the system will then send out any number of emails, the contents and recipients of which are defined by you. ## Putting it all together Should something unexpectedly happen to my wife and I, Deathswitch would eventually send an email to each of our SecureSafe beneficiaries, explaining that we've not been heard from, and reminding them of their access to our data in SecureSafe. In addition, those emails would contain the beneficiary's SecureSafe access PDF (encrypted to their PGP keys) as an attachment, in case they've lost track of them. Using their SecureSafe access codes, and after having waited for the SecureSafe delay period, our beneficiaries would eventually have access to our personal and confidential data. [1]: http://www.securesafe.com/en/security/ [2]: http://deathswitch.com