Last time, in “How will you pass on your passwords when you pass away? Part 1,” I suggested that you need to start using a password manager to store all of your critical passwords and make the master password available to your spouse or loved ones in the event of your demise. But how do you insure that your master password is accessible if, as you should, you regularly change it and something happens to you before you can pass it on? Thanks, in part, to a listener’s question in Security Now! Episode 340, I present the following:
Method 1: Come up with a standard master passphrase that will always remain the same. When you change your passphrase, you will not alter the master portion, but will add to it at the front, the back, or both. What you add will be your own personal pattern based on the year and frequency of change. It is a simple matter to write up instructions and/or a list of those changes going ahead to any date in the future.
For example, you change your passphrase two times a year, say on January 1, and June 30. Assume your passphrase is MyPassphrase and it’s January 1, 2012. You might do this: 0101MyPassphrase2012; then, when you change it in June, you might do 2012MyPassphrase0630. What and how you do it is up to you; just make sure it is a pattern that you can easily communicate.
The beauty of this is that someone who knows the pattern could go back or ahead in history to try different passphrases if the first try doesn’t work. That would also work with the next method.
Method 2: Generate a long list of passphrases that extends well into the future and store the list in your safe deposit box or with someone like your attorney or accountant. If you change your passphrase twice yearly, generating 100 of them would give you 50 years of changes.
You can use GRC’s Ultra High Security Password Generator or any method of your own choosing to generate the passwords, save them in a spreadsheet, and pass them on.
In the meantime, Live long and prosper!
I’m a LastPass guy, too, and this is exactly what I’ve worked out with my wife. I use a really long passphrase, a stanza from an obscure prayer we both know and like. Lotsa characters, impossible to guess, and it’s not written down anywhere.
We’ve agreed to have a family meeting to formally convey the new master LastPass password when it changes. Keeping it in a safe deposit box, or with our wills, is also a great idea. I’ll add that in to the mix.
John Atkinson