Preserving your digital legacy - the Password Paradox
One of my colleagues posted to Facebook last week that her client was locked out of the family photo collection. Not all that unusual by itself, except for one thing. The client’s wife was the keeper of the couple’s photos and she had passed away. Her iPad was locked and he had no way to get at years of family pictures, much less any other important documents that she had saved. Without the iPad password, or her Apple ID, or her email login, or access to any of the possible gateways, he was suffering the digital equivalent of a house fire that had simply eliminated years of the life he’d shared with his beloved wife.
It used to be that password lockouts were the province of bored siblings or friends who wanted to prank a kid by changing their login, and aside from some grotesque selfies and game history, nothing much was lost by an erase and restore to make the iPhone functional again. But now we carry a filing cabinet full of important documents, photos, reminders, schedules and personal contact information on our phones that is, sadly, often not backed up or accessible anywhere else. In that case, erasing a locked phone and restoring it to new condition is not an option.
It’s time to take passwords seriously.
The fact that we don’t is obvious every time I see online advice to take the locked iPhone to a Genius Bar or call Apple Support. Surely Apple can get it unlocked.
No, they can’t. And that is the point of the security after all. To make it impossible for anyone but the authorized user to unlock the device and access data. Privacy is a big thing at Apple and they do their best to deliver. In fact, one of the most damning arguments I’ve heard for buying an Android phone was that you could hack past the screen lock security, unlike iOS.
So let’s all agree that password security is serious stuff. That it works as advertised and deserves a little respect. But that doesn’t mean we can’t dumb it down when appropriate.
First, you need to think about the level of security you really want. For a road warrior who is traveling worldwide with a device full of sensitive information, that may be a lot. In fact, it may be required by an IT department. But for an active parent who is multi-tasking from dawn to dusk, ease of access may trump security concerns and encourage using simple, easy-to-remember (and guess) passwords instead. Maybe you even add your child to Touch or Face ID so they can use your iPhone independently. Or your home computer has the password written right there on a Post-It Note because, hey, if someone gets into your house you have bigger problems anyway. It’s all a matter of effort for return.
Regardless, passwords are now a fact of life. Almost everything you access has a financial component that requires a barrier to entry. We even need a password to protect our passwords. And I can tell you from personal experience that it’s worth it. Identity theft is a bummer. Biometrics like Touch ID and Face ID go a long way to streamline access, but at their core there’s still a password that has to be created, applied, and, eventually, recovered.
So here are some best practice suggestions for dealing with passwords:
Write them down immediately! I don’t care if it’s your dog’s name and you’ve only ever had one dog. I have watched people agonize for an hour over their 4 digit code or 2 character computer password. Capitalization matters.
Record your passwords in an app that syncs across devices or to the Cloud, or keep a hard copy stashed away.
If you are overwhelmed by too many passwords, at least prioritize on the ones that can’t be easily recovered or reset; your device login(s) are the most crucial. Especially the ones you use infrequently.
Proper backing up specifies duplicate data in at least 3 places over 2 or more locations. That applies to passwords too.
Always carefully reset passwords yourself. Don’t let anyone else - especially kids - do it. They can make mistakes that aren’t obvious and the device that was accessible 30 seconds ago is suddenly and irretrievably locked.
Which brings up the parent thing and passwords.
I believe that kids shouldn’t have their own security until they are old enough to be responsible for the consequences. Not just as a parenting philosophy, but as a new rite of passage. Like learning to drive or getting your first credit card. Kids today will live with password security all their lives and they ought to get used to the process early on. Who to trust with their passwords? How to keep them safe and updated? What needs security and what doesn’t? And that, in a business environment, someone else will always have access to their stuff. But, mostly, to learn that losing a password can be like losing your car keys in the middle of the desert. Having a backup plan (read “parent”) makes the learning process less traumatic.
So then, what about my colleague’s client?
I know the outcome, because while writing this article, I had a similar experience with a family friend who needed to upgrade the family computer; an iMac that had belonged to his late wife. During the course of the upgrades, her Apple ID password that had seemed to work only days earlier, failed too many times. The old recovery email was now unavailable as was her iPhone for a confirmation text. It was the perfect password storm that happens all too often. But we had the computer log in and were able to move all the precious photos and documents to a new user account for my friend, so the only loss was access to the old iCloud account.
It should be obvious now that granting emergency access to your devices and accounts is a good idea. It could be as simple as a sealed letter in a desk drawer or as complex as a digital will. But it ensures that important documents aren’t lost and that life details like photos can be accessed by others.
For me, the smartest way to manage the issue is with a password app that offers emergency access to a trusted individual. A password app is also likely to have the most current logins and serves as an inventory of all the accounts and apps that someone is using. In a perfect world, it reduces the password paradox to handing off just two logins: one for the device and another for the password app itself.
So I encourage all my clients to create a password strategy that they like, can use on a daily basis, and can hand off easily in an emergency. The fact that our digital world is so intangible and password management so frustrating makes it easy to underestimate the effect of sloppiness until it happens to you. Hopefully, biometrics or some yet-to-be-discovered technology will make the process more secure and less awkward, but for now passwords are the best system we have for keeping our digital lives both safe and accessible.