Access Granted
Passwords & Codes
■ ■ ■
The typical person has an average of 130 different accounts, according to a password manager platform called Dashlane. How is anyone supposed to remember 130 passwords? Let’s not forget why you need passwords in the first place—because of identity thieves and hackers. So now you don’t just have to remember a code, you have to make it complicated enough so it can’t be easily figured out. And then if any of your accounts are compromised, you have to frantically create and remember new passwords.
When we think of passwords, we’re not just focusing on your email, social media, and Amazon accounts. We’re talking about everything you use to protect any of your assets, property, and information. That means PIN numbers, combinations, unlock codes, online passwords, usernames, and don’t forget the always-fun answers to secret questions.
Even if you don’t fancy yourself a digital person, you still have passwords—maybe to access a health care portal, or receive benefits, or open your garage door. How do you remember them all? People typically keep track in a number of common ways. They download and maintain all their passwords in a convenient (and often free) password manager app on their phone or computer. They keep them on a digital note or an actual piece of paper. Or they try to keep them all in their head.
Guess which is the most popular method? Take your time. OK, we’ll spill it: According to a Pew Research Center study, 65 percent of people say the method they use most often is to “memorize them in their heads.” The worst possible method is also the most popular, because of course it is. The next most popular method is writing them on a piece of paper (18 percent), which isn’t ideal but is much better than relying on memory.
The reason these numbers hit so close to home for us is that we are maniacally obsessive about security protocols. We wouldn’t have started a business and built an entire platform that protects people’s most personal information if it wasn’t always on our mind. This puts us on the paranoid, protect-everything-at-all-costs end of the spectrum. You don’t have to be crazy like us, but it really helps.
We understand that passwords are a hassle. We wish the world was a place where people weren’t required to institute such complicated measures to ward off devious marauders. But the truth is, no one thinks passwords matter until they get hacked. The same way no one cares about calamine lotion until they get assaulted by mosquitos.
Before we get into password storage methods, there’s one thing you need to focus on before you do anything else—deal with the modern-day appendage otherwise known as your phone.
Password Managers: Our List
■ 1Password (1password.com): $36–$60 annually
■ Dashlane (dashlane.com): Free version for up to fifty passwords; between $60 and $120 annually if you choose premium or premium plus
■ LastPass (lastpass.com): Free version for one user, $36–$48 annually for premium
For a more up-to-date list along with links, hit up this page on the web to get more info: incasethebook.com/password-manager.
SHARING YOUR PHONE PASSWORD
In an emergency, how could someone you trust access your phone?
This handheld computer, which connects you with the rest of the world, holds the keys to your life. Because of this, sharing your unlock code might make you nervous. This is understandable, because no one should be snooping around your private matters unless you grant permission. That said, you can’t take a time-out from an emergency—or death—to share the unlock code, so you have to take a leap of faith.
Even with all the new biometric tech around fingerprints and facial recognition, accessing your phone still comes down to a four- or six-digit code, which needs to be entered when restarting a device or after a long lockdown period. You might be clever enough to have a family member register their fingerprint or face on your phone, but they’ll still need the code.
How This Helps After You’re Gone
(Sharing your passwords)
■ Your family can instantly access vital digital services (like your email and phone) without having to snake through the legal process (and still maybe never gain access).
■ The right people won’t have to destroy perfectly good locks, doors, and safes because they’ll know all the codes and combinations.
■ Those same people will be able to maintain certain online accounts, which may include paying for services to continue, such as streaming or shopping services used by the whole family.
■ They’ll also be able to close online accounts, like social media, subscription services, or any services requiring payment (think paid online storage or Amazon Prime).
■ They can delete files from your computer or other devices or erase the hard drives on those devices.
■ They can inform any online communities or online friends of your passing.
How should you communicate the code in a way that makes you feel comfortable? Here are some options:
Smart and Secure
Keep it in one of the password-storing methods we recommend later in this section. We don’t want to jump ahead, but your unlock code should be front and center, since it’s a source of vital information and access.
Good, but Problematic
Write the code down and store it with important documents. Please keep it updated or else you will drive the person who needs to access it crazy. “The good news: She shared her code! The bad news: She must have changed it at some point, because it doesn’t work, and now her phone is going into a blender.”
In a world that’s becoming overwhelmingly digital, some of the most important and official things we own are still printed on paper or require some sort of physical ID. Although a few are ornamental certificates meant to be displayed (like a college degree), others are extremely crucial when you need them.
The challenge: How long would it take you to locate the following list of things?
Basic Rules
You’ve got a ten-minute limit. If you don’t have or need the ID or document listed, skip to the next item on the list. You must physically find the official document or ID, so if you can’t search for it right now but still want to play you must know with absolute certainty where it is. (We’re operating on the honor system, so play fair.)
Set the timer on your watch or phone right now. Ready, set, GO!
Things to Find
■ Birth certificate
■ Citizenship documentation/green card/visa
■ Driver’s license/nondriver’s ID
■ Military ID
■ Passport
■ Social Security card
■ Work ID
■ High school diploma
■ College/university diplomas (bachelor’s, master’s, doctorate, etc.)
■ Religious confirmation certificate
■ Professional or trade certifications or designations
■ Adoption papers
■ Marriage certificate
■ Divorce decree
■ Military discharge papers
How’d you do? Could you find all the things you needed? Are you out of breath from running all over the house? Take a minute, get some water, and cool down.
The point of this is to make you realize how many forms of ID and official documents we accumulate throughout our lives. Although some are ceremonial, others are vital in day-to-day life (driver’s license) or in providing benefits to your family if they need them. (Did you know you can’t get a death certificate without a Social Security number?)
Terrible for Security, Great for Access
Don’t lock your phone. A Pew survey found that more than a quarter of smartphone owners don’t lock it. Perhaps you don’t care who accesses your phone. You really should. Apple released a commercial about privacy that said, “There’s more information on your phone than in your home.” If you lose it, someone else will have way too many personal details about you and everyone you know. You don’t have to create a code that’s impossible to remember, but always have some kind of code, just in case.
Please Don’t Do This!
Store the unlock code in a note-taking app or document that’s accessible only on your phone. How would someone access your phone to access your phone? This might seem like an obvious “duh” because it is. We’d sooner you put the code on a sticky note taped to the bottom of your desk with a list of clues directing a code-worthy person to the location than risk getting locked out. Because once you’re locked out, it’s usually for good.
You may have seen stories of families that could no longer access Grandma’s iPad because they didn’t know the password, or even law enforcement unable to get the code to unlock a suspected criminal’s phone. There’s a reason for this, and Apple and Google aren’t entirely to blame. It’s about security.
Accidents and death don’t play by the rules, so sometimes you have to find a work-around to suit the situation.
PASSWORDS: The Next Level
Those people who want even more security can put in the extra effort with the following measures. They may add a modicum of hassle to your life and the lives of those people who may have to access your accounts in the future, but they won’t be nearly as much trouble as having everything about you stolen and sold on the dark web.
Two-Step Verification (or Two-Factor Authentication)
This is when a string of numbers is sent to your phone after you’ve entered your password, allowing you to complete the login process. It’s sometimes mandatory for sites with sensitive information, like banks or email. You don’t have to enter the code every time, only after a set period of time (like every thirty days) or when accessing that site from an unfamiliar computer or phone.
The security upside is that a person would need to have your password and phone to gain access to that account. The downsides are that you could lose your phone or not have your phone readily available, and you would be unable to log in until the phone is back in your hand. Hackers can also intercept the codes since they are sent via SMS. It’s still an effective layer of protection, but there’s another option if you want more security.
Authenticator Apps
This is another form of two-step verification, but you access the codes through an app on your phone. The codes are constantly being generated, and it makes you feel like a superspy since they have a timer always counting down to their expiration. We’re partial to the no-frills Google Authenticator, but there are others available, such as Microsoft Authenticator and Authy, all of which are free and can easily be found in the iPhone or Android app stores.
Backup Codes
Whenever you enable two-step verification, either via SMS or using an authenticator app on your phone, you should always ask yourself, What happens if I lose my phone or change my phone number? How will I get back into the site where I just enabled two-step verification?
The answer: That’s what backup codes are for!
After turning on two-step verification, you’ll almost always be given a code—usually a long string of numbers that you can use one time in place of the SMS code or the authenticator app. You should always write this number down or take a screenshot and put it in a safe place where you keep other important documents or files. You can even copy it and add it to the notes field for that specific account in your password manager. Most sites will let you enter that code by clicking a link on the page where the two-step verification code is usually entered (it’s sometimes called a recovery code). Frequently using this code will disable two-step verification, so you’ll need to turn it back on again.
PASSWORD STORAGE METHODS The Good, the Bad & the Ugly
We just made our case for sharing access to your phone; now apply the same logic to your computer, tablet, and any other device, since those can matter just as much. Now, on to the four methods people use to store passwords.
AUTOSAVE?
All browsers and most phones allow you to save passwords automatically. For us, this method doesn’t allow for a complete password picture, is confusing to navigate, and assumes you don’t use any other browser or access passwords only on your phone. Using one of these options is a good start—and you can easily import all of them into a proper one-stop-shop password manager—but lacks the flexibility of one.
This isn’t the only place where backup codes will come in handy when you’re accessing a protected device or service. For example, when you encrypt the hard drive on your PC or Mac, which means a person would need your password or encryption key to gain access to your hard drive, you’ll be given a backup code that you can use in case you forget the password for your machine. Think of it as a second “key” to get in the door of your machine, but one you would use only in an emergency.
Yet Another Reason to Share Your Phone Password
If you currently lock down your devices and accounts using any of these advanced methods, your family needs to be aware of it. You could share all the passwords you have, but if they don’t have access to your phone and email, they won’t be able to get into any of your accounts. The point of these extra security measures is to keep bad people out and allow good people to get in when needed.
KEYS TO THE KINGDOM: Your Most Important Passwords
Not all of your accounts are created equal—some stand well above the rest. If you were stranded on an island and could bring only five passwords, which would you choose? Here are some examples to get you prepped for island living.
For millions of people, Google is the mothership. It includes email (Gmail), documents (Drive), photo backups (Google Photos), contacts, calendar, phone info (Android), video (YouTube), and home automation (Google Home). It might also be the account you use to sign into other accounts across the internet. It’s a little frightening how deeply Google reaches into our lives, which also makes it an ideal pick for the top five.
If you rely on another platform for your primary email, like Outlook or Yahoo (or AOL, if that’s still a thing by the time you’re reading this), then that should make your list.
Apple
Apple, like Google, traps you in its digital tentacles, though the tentacles are far sleeker and more expensive. Your Apple ID and password should provide the works to whoever will need it.
Amazon
Amazon is simply massive, to the point where you probably don’t realize how often you use its services. Perhaps you have Amazon Prime for free shipping and entertainment (movies, TV, and music), books on a Kindle, photo storage, and an Echo device listening and responding to you in your home right now. It might seem like it’s just a shopping site, but if your life is this intertwined with a company, then perhaps it’s something your family would need to access.
Speaking of shopping, any account with a credit card associated with it should receive extra attention. The last thing you want is one of those being compromised.
There are now more than a billion people on Facebook. It has become a communications platform as much as a place to share photos of dogs, meals, and impulsive opinions. Like Google, Facebook has become a way for many people to log in to the majority of their other accounts and apps.
Banking & Benefits
Anything you use to pay bills, check balances, or receive any kind of benefits (like health care or insurance) should be considered. We go deeper into this later (see here), but for now pick one that you consider the most important, whether it’s a service that aggregates all your accounts or the place where you keep most of your money.
Cloud-Based Storage
We devote a section to digital photos much later in the book (see here), but for now you should consider including any cloud-based service you use as a backup. It could be Dropbox, Microsoft OneDrive, or another paid or free storage service that isn’t one of the major accounts you’re already sharing (such as Google, Amazon, or Apple).
Perhaps after reading our suggestions you’ll realize you have more than five major passwords worth sharing, or maybe you have only two and the rest don’t matter. Regardless, for now the limit is five that would provide the most value to your family if you actually disappeared to an island.
TIP: Don’t let the perfect be the enemy of the good. For example, if organizing your most important passwords is taking much longer than two hours, you’re probably spending too much time on passwords for shopping sites and old newsletters.
By the way, if you had a password manager, then you’d need to share only one password. Just saying . . .
Cryptocurrency
Cryptocurrency lives in a digital online wallet. If you lose access to it because you forget your password or misplace the security dongle used to log in, these funds will be lost forever. Seriously. Forever.
OFF-LINE TIME
Most of this section has been devoted to storing and managing digital passwords, but what about the codes you use that aren’t directly tied to an online service (or get you online)?
PINs
ATM/banking codes, the last four digits of your SSN, or other codes that prove you are who you say you are on the phone.
Lock Combinations
A safe or a padlock with a tricky combo.
Home Security System
High-quality home security systems have become easy to obtain, but they’re still confusing for people without a bit of technical know-how when it comes to installing and operating them. Some rely on Wi-Fi, which can be a problem if there’s an outage. We all know that once an alarm starts blasting, it’s panic time. To prevent others in your household—and visitors who need access—from having a heart attack, don’t forget to share the keypad master password and the safe word or phrase you use to cancel a false alarm.
More Keypad Codes
There are even more keypad codes lurking in your life: car doors, garage doors, offices, storage facilities, Batcaves (yes, even Batman needs codes). Perhaps this is how you open a home safe if you upgraded from a combination lock.
Plan of 
Attack
Here’s what you need to do to get it done:
Using a Password Manager
Time: One to two hours to import and organize all your existing passwords (manually and automatically if you use an assortment of browser or phone password storage programs). Then let the program do all the work from here on out.
Cost: Free for some, upward of $30–$120 a year for others we listed here.
Creating a Digital or Handwritten Document
Time: Three to four hours to organize all your existing passwords so others can understand them—and a solemn pledge to keep it regularly updated for the rest of your life.
Safe Words & Phrases
Apart from turning off a false alarm, you may need to use a phrase like a PIN when calling customer service. For example, if you want to cancel your cell phone service, they may require a four-digit code or an answer to a secret question. It’s these types of things that will drive a person crazy if they don’t have the answer.
Final Sweep
Take some time to look around your own home and life and see if any other passwords or codes are lurking about (like on a suitcase). Be mindful of the type of access you, and only you, have. It might seem obvious that the combination to the safe is the month and year you moved into your house, but who else would know that?
It can be daunting to put all your passwords and codes in one place, but it’s no longer a concern once you get it done. Speaking of which, do you have your Wi-Fi password handy? See what we did there? You just went on an entire password journey and we never even mentioned one of the most important passwords in your home: the one for your Wi-Fi. Or the password for the router where you set up the Wi-Fi password in the first place. That’s how sneaky passwords can be.
■ ■ ■