We have no wish to come across as morose or to depress you, but as we age, we all come to face the reality that our lives have a finite term and move ever closer to the point at which we will shuffle off that mortal coil. As time goes on we grow more and more dependent upon technology, and technology has necessitated some changes in connection with end of life planning. This same evolution has also impacted preparatory planning for dealing with disabilities that do not result in the end of life, but change for the worse, our ability to care for ourselves and our estates. This column will give you some help in making the necessary preparations respecting technology.
- Make a list of all of your Internet accounts. We all know that you need to make a list of your brokerage accounts, bank accounts, life insurance policies, etcetera for the benefit of anyone forced to act on your behalf due to a disabling condition and for the convenience of your survivors and executors/administrators/trustees upon your demise. Similarly, you should make a list of your Internet accounts (including all of your email accounts) for the benefit of that same group of people. Additionally, if you continue to practice law and use the Internet for storage of client information, your clients get added to the list of those that benefit, as without that information, they may not have the ability to get their data or to have it passed on to a successor attorney.
- For want of the password a kingdom was lost! Almost everything we do online requires that we establish some sort of account. Almost every account has security protocols that include a password. Even systems using fingerprints or facial recognition generally require the use of a password to set up those features and retain the use of the password as a means of unlocking them. If you lose the password, you can usually reset it, provided that you have some essential information. Generally, you cannot recover the information in the account or otherwise access the account without either the password or the security information that allows for a password reset. Moreover, most of the reset information gets sent to the email account you used to set up the account, so you need to identify the account (see the preceding paragraph) and provide the password for access to the account. Simply making a list of your passwords creates potential security risks, depending on where you leave it. You will need to make a list of all passwords and store it in a secure location. If you make the list in hard copy, you will want to leave it in a safe deposit box or lock it in a safe in your home or office. You could also leave it on a computer, smart phone, or tablet as a backup, but should not store it there exclusively as such equipment gets lost, stolen, replaced or simply ceases to function and you do not want to lose the access to the information. You could also store the information online. It should go without saying (but won’t as some of you will not know this), but you should encrypt any such information that you store in any electronic device or online. You should also password protect the encryptions. Any device on which you store such information should also require a password for access and/or a biometric test such as fingerprint or facial recognition.
- Where did that *!@#$%^ list go? Making lists without making arrangements for the recovery of the lists when necessary and appropriate helps nobody. You need to make sure that someone you trust knows where you have stored them. Examples include the grantee of your power of attorney (assuming you made a power of attorney [recommended]), the executor of your will (assuming you made a will ([recommended]), and your successor trustee (assuming you have a trust [recommended]). All of those people should know the location(s) of those lists and have access to the location(s) so that they can retrieve the lists if/when necessary.
- Keep that information secure. Remember, the accounts and passwords constitute the keys to the kingdom. They provide access to all you have online, so you want to treat them with some care. Anyone with access to these lists will have pretty much all they need to take all you have, including your identity; so, pick and choose with care. You will want to ensure that those to whom you provide the information also treat it securely and protect its confidentiality. For example, you may put it in your own safe deposit box and tell them where the box is and where they will find the key. You may want it in a safe that you have and they know about and give them the combination to the safe. You may want them to put it into their own safe or safe deposit box. You get the concept. Giving someone access to the lists requires telling them the location and providing them with all passwords required to access the information. That means you will need to provide the password(s) for your computer/tablet/smartphone, the location of the online storage account, the username of the account holder, the password to access the account and the password to decrypt all encrypted information.
- A word about passwords. Use strong passwords. Generally, the longer a password, the stronger the password. Ideally you will use a password of at least 12 characters and a combination of alphabetical (upper and lower case), numeric, and symbolic characters. Randomly generated combinations make the most secure passwords, but also the most problematic in trying to remember them. The most commonly used (and therefore least secure) passwords include: “password” and “123456”. Stay away from such insecure passwords. Some examples, of strong passwords: “@TYutSC*D58976!” (random combination using upper and lower case alphabetical, numeric, and symbolic characters), “#julIAS^ceaSAR^256$%” (easier to remember combination based on an historic character and using upper and lower case alphabetical, numeric, and symbolic characters). In setting a non-random password, stay away from obvious choices such as derivations of your name or nickname or the names/nicknames of your spouse, child, grandchild or pet). Incidentally, good practice suggests that you should update passwords with some regularity (for example every 2 or 3 months). Ideally you will do it more often than less. Waiting several years to update your passwords creates security issues.
- Regularly update the lists. Making a list gets you off to a good start. Just like you need to update your will or your trust every once in a while, you need to update your lists of locations, passwords, etc. with some regularity. Ideally, you will update the list every time you change your password on an included account, open up a new account or email address, or terminate a previously established account or email address.
- Protecting client confidentiality. If you continue to practice law, you may want to keep the information for your law office email account and the access to client information on a separate list and provide access to that information to a law partner or a successor attorney with whom you have an agreement to see to the winding down of your practice.
Jeffrey M. Allen is the principal in the Graves & Allen law firm in Oakland, California, where he has practiced since 1973. He is active in the ABA, the California State Bar Association, and the Alameda County Bar Association. He is a co-author of the ABA book Technology Tips for Seniors.
Ashley Hallene is a petroleum landman at Alta Mesa Holdings, LP, and practices Oil and Gas law, Title Examination, Due Diligence, Acquisitions and Oil and Gas Leasing in Houston, Texas. She frequently speaks in technology CLEs and is Deputy Editor-in-Chief of the Technology and Reviews Department of the GPSolo eReport.