A generation ago, photos were kept in an album or slide carousel, and important personal information was on paper. Today, photos are on hard drives, mobile devices, and in the cloud. Many people have opted out of paper records. Our modern digital lives present significant challenges to our loved ones when we die.
In his New York Times article “Is Your Digital Life Ready for Your Death?”, Tim Herrera discusses how some online services provide death planning. Facebook allows users to designate a contact to deal with their account when they die. Google’s Inactive Account Manager feature can be used to notify one or more people if an account has been inactive for a certain period of time, and optionally allow them to download data. Many other services, including Twitter, LinkedIn, Snapchat, and Tumblr, have established basic processes so that accounts of the deceased can be frozen or deleted by their next of kin.
Herrera points out that online backup services are particularly tricky to access, especially if files are encrypted. But that’s just the tip of the iceberg…
The public Internet has existed for just over twenty years, and most of the migration to digital data has occurred within the last ten. As our new digitally-enabled population ages, it is essential that this issue be addressed.This is actually part of a much larger problem, to which some solutions already exist.
Paradoxically, the same security mechanisms that protect individuals against identity thieves, fraudsters, and other criminals make life difficult for Executive Assistants, the next of kin, executors, and people acting under a Power of Attorney. Laptops and mobile devices are designed to keep everyone but the owner out. Adaptive multi-factor authentication technologies are replacing the simple passwords that were easy to share with a trusted assistant or loved one.
In corporate environments, there has always been the need for shared folders and delegated access to inboxes and calendars. In some cases this is achieved by sharing a password, usually in violation of policy. Common office solutions, including products from Microsoft and Google, provide the ability to share and delegate access to selected resources. From a security perspective, the best way to deal with data beyond death is to recognize it as a case of conditional delegated access. In other words, let account owners decide who should have access to their accounts and what privileges they should be granted, both before and after death.
Most people have dozens of online accounts, including email, online file storage, banking, insurance, investments, and a multitude of other services. Businesses increasingly prefer to interact with consumers online. Addressing this challenge on a per-service basis is just not practical; imagine the burden of dealing with dozens of online services, each with their own policies and procedures.
A better solution is widespread migration to a service-independent authentication and authorization model. Technologies to accomplish this, including SAML, already exist. In corporate and government environments, these approaches provide additional control and reduce the number of passwords employees need to remember. For example, business that use Office 365 or G Suite (formerly known as Google Apps) can configure them to authenticate users against a corporate authentication service instead of burdening users with yet another password. In the consumer space, applications and cloud-based services that offer users the ability to sign in with their existing Google or Facebook credentials are also becoming more popular.
In the future, all products should allow users to select an authentication service when signing up instead of choosing a password. This will create a new consumer market, the authentication provider. While some people may be comfortable using Google or Facebook, others will prefer a paid service that provides robust, risk adaptive, multifactor authentication. As an additional benefit, this will alleviate the need for each product developer to create their own, frequently flawed, authentication layer.
Authentication providers will enable controlled and strongly authenticated delegated access to address a myriad of personal and business requirements. In the event of death or disability, one or more designated individuals will be able to gain access to all accounts through a single authentication provider. Delegated access will make life easier for families and businesses on a day-to-day basis, as well as facilitate access to digital data beyond death.
Have a security question you’d like answered in a future column? Please send me an email.
SAMSUNG GALAXY S8 PLUS
The Samsung Galaxy S8 Plus is a beautifully crafted smartphone with nearly no bezel, curvaceous in design and reflects a…
How to: Connect to Exchange Online Using Multi-Factor Authentication
Using PowerShell to manage your Microsoft cloud services like Exchange Online and using multi-factor authentication (MFA) separately is awesome. Using…