Your passwords should be secure, but not secret

As least one other person should know your passwords

My dad recently passed away and I am in Florida this week helping my mom figure things out. Getting into my dad’s accounts and changing them over to my mom’s info has been a multi-day adventure.

Fortunately I’ve had quite a bit of success. But only because my dad did two things every security expert will tell you not to do:

- His phone didn’t have a lock screen (this was a huge help)

- He kept a little paper in his wallet with a few of his most current passwords (we just found this today)

The two things I’m still having trouble getting into are his iMac desktop computer and his iPad. His computer was still logged on the day after I got here, but I stupidly did not immediately change the password. The next day the computer had rebooted and I didn’t know his logon credentials. I was able to reset the password by booting into safe mode, but then the apple ID wasn’t synced once I logged in. Trying to change that has been a nightmare. I would send a code to my dad’s phone, but even when I immediately entered it, it would then tell me it wasn’t correct.

I’m here for a few more days, and expect I’ll eventually get it figured out. But in the meantime it’s been additional stress that I didn’t need.

So what have I learned from this experience?

It’s okay (actually necessary) to have strong passwords, and I can’t imagine not having a lock screen on my phone. I would freak out if I lost an unlocked phone, tablet or laptop. But if nothing else, it is imperative that at least one person, and preferably several people, know how to both access your phone and have the passwords for your Google and/or Apple accounts.

With these two things, it’s possible to access/change just about everything else.

If it’s a hacker, that’s bad. But if it’s your loved ones trying to figure things out after you’ve unexpectedly passed away, it’s very helpful.

Something important to keep in mind about phones: with most phones these days having fingerprint scanners or face ID to login, you really need to make sure that you also choose a pin code. Then MAKE SURE that a couple of trusted people know your pin, and make sure you keep them updated if you ever change the pin.

You should absolutely have two factor authentication enabled for all of your accounts.

But since your phone and gmail accounts are accessible, this shouldn’t be an issue.

I ended up creating a spreadsheet for my mom with all of her new usernames and passwords. But I don’t think it’s really necessary (or even a particularly good idea) to record and/or share your passwords for every single account … especially if you save user names/passwords in your Chrome browser or Apple keychain.

Phone and primary email (and password manager if you use one) are essential though.

Oh yea, one last thing; the answers to your security questions also shouldn’t be a total mystery to the close friends or relatives most likely to be the ones trying to access your accounts if you’re no longer here.

That being said, I have a hard enough time remembering who my own favorite teacher in elementary school was; so I don’t feel terribly bad that I couldn’t guess most my dad’s answers.

Until next time …
Todd