Skip to Content

Six things to do with your data before you die

How to make sure your loved ones can get into all your accounts. Or, alternatively—how to cover your tracks.

Illustration of skeleton arm lifting corner of doormat shaped like an iphone, revealing a key
Illustration of skeleton arm lifting corner of doormat shaped like an iphone, revealing a keyBenedikt Luft

What would happen to your digital estate if you died, suddenly, before finishing this paragraph? Would your survivors be able to find what you left behind?

There is nothing hypothetical about this for many people: the problem emerges, wholly formed, when tragedy strikes. What’s worse, more than half of Americans don’t have a will, let alone one that’s up to date, according to a 2016 Gallup Poll. As a result, most survivors lack a road map to the deceased’s assets (physical and digital) or even, in some cases, the legal authority to proceed.

Fortunately, there are many things you can do now, without a lawyer, to make things easier for your survivors.

#1 Build a back door
Fifteen years ago, if you died and your next of kin got your laptop, that person was pretty much guaranteed access to your data. Then, in 2003, Apple introduced full disk encryption, designed to protect your data from a thief, but also keeping it out of the reach of your survivors. Cryptocurrencies pose a similar problem: if no one has access to your digital wallet, then any value there is lost—there’s no Bitcoin central control to complain to.

Today there’s a debate as to whether tech companies should put back doors in their crypto technology so law enforcement can get access to data on devices they seize during an investigation. Short of that, it’s easy to back-door your encryption yourself: just write down your hard drive’s master password, put the paper in an envelope, and seal it. Do the same with your Bitcoin wallet. Make sure it’s well hidden but in a location that’s known to your loved ones.

#2 Sign up for Inactive Account Manager
If you have a Gmail account, use Inactive Account Manager to specify an e-mail address that will be automatically notified three months after your Google account goes inactive. Google defines “activity” broadly: if you check Gmail, log in to a Google website, or perform a search with a Chrome browser that’s logged into your account, Google will assume you’re not dead. But when your digital heartbeat stops, this approach ensures that someone you trust can access your Gmail account, Google Photos, and other data.

#3 Download your medical records
Your doctor is supposed to keep copies of your test results and other records, but it’s a good idea to keep your own. Ask for copies and scan them. You might also be able to get your records directly if your health-care provider participates in the US government’s Blue Button Connector, which lets you download PDF files for yourself and a special format for other health-care providers (should you wish to give it to them).

My elderly father keeps a copy of his records on a USB stick that he carries with him at all times. It comes in handy when he sees a specialist who might not have access to his primary care provider’s computer. Yes, there’s a risk the stick could fall into the wrong hands, but he’s decided that the risk of medical professionals not having access to his records is greater.

#4 Use a password manager
It used to be straightforward to identify the deceased’s accounts by waiting for bank statements and tax bills to arrive by snail mail. These days, two thirds of Americans do their banking online (according to a 2017 survey by the American Bankers Association), and many people no longer receive paper statements. This significantly increases the chance that your bank accounts or retirement accounts might be declared “abandoned” in the event that you die.

So use a password manager like 1Password or LastPass. Now make sure that your spouse, or lawyer, or children, or parents, or somebody has some way to get to your accounts (so they can, for example, save any cherished photos or easily delete your accounts after you’re gone).

One way that couples can simply access each other’s accounts is by sharing their passwords. This is getting harder as websites implement two-factor authentication, but it’s still possible by registering multiple second factors (like a FIDO Universal 2nd Factor device) and giving one to each partner.

#5 Ponder the complexities of social media
If you are an avid user of Facebook or Twitter, take some time to read their data-after-death policies. You might not like what you find.

When Facebook is notified that one of its users has become medically incapacitated or died, the company allows authorized individuals to request that the user’s account be either “memorialized” or removed. Be aware: memorialized accounts can be managed by a legacy contact (who has to be specified in advance), but that person can’t log into the Facebook account, remove or change past posts, or read private messages. In one famous case, parents of a 15-year-old German girl who died after being hit by a subway train were unsuccessful in trying to force Facebook to open the girl’s account so that they, the parents, could determine if she had experienced cyber-bullying or depression, or if her death really was a tragic accident.

Twitter’s policy is similar: after you die, a family member can contact the company and ask that your account be deleted, according to a help page on its website. Twitter will also, if requested, remove specific imagery or messages sent just before or after an individual’s death. But Twitter will not give family members access to a deceased user’s private messages.

So if you’re storing something on Facebook that you’d like people to have access to after you’re gone, you should download that data regularly and store it where your loved ones will have access—for example, in Google Drive.

#6 Be careful what you wish for
I gave much of this advice at a cybersecurity training seminar a few months ago, and almost everybody in the room thought I was crazy. The people there—mostly men—said they’d never share their passwords with their spouses.

And maybe they’ve got a point. Family members should be careful about taking extraordinary measures to crack open these encrypted digital crypts, warns Ibrahim Baggili, associate professor of computer science at the University of New Haven and an expert in digital forensics. “This person I knew died, and his wife managed to finally break into his e-mails and iPad and found all sorts of things about him that she did not want to know,” says Baggili. “She really loved him, and it changed her whole perspective on him.”

Simson Garfinkel is a science writer living in Arlington, Virginia, and coauthor of The Computer Book: From the Abacus to Artificial Intelligence, 250 Milestones in the History of Computer Science, published this November by Sterling Milestones.

Keep Reading

Most Popular

Scientists are finding signals of long covid in blood. They could lead to new treatments.

Faults in a certain part of the immune system might be at the root of some long covid cases, new research suggests.

Large language models can do jaw-dropping things. But nobody knows exactly why.

And that's a problem. Figuring it out is one of the biggest scientific puzzles of our time and a crucial step towards controlling more powerful future models.

OpenAI teases an amazing new generative video model called Sora

The firm is sharing Sora with a small group of safety testers but the rest of us will have to wait to learn more.

Google’s Gemini is now in everything. Here’s how you can try it out.

Gmail, Docs, and more will now come with Gemini baked in. But Europeans will have to wait before they can download the app.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at customer-service@technologyreview.com with a list of newsletters you’d like to receive.