Where There's a Will

The recent story about Apple and the widowed iPad user is more complicated than it might seem.

Apple eventually backed down on its alleged insistence that Peggy Bush couldn't be given her late husband's Apple ID so that she could make use of the iPad he left her: it seems that originally the company asked for a copy of the will and a death certificate, but then insisted that a court order would be necessary.

According to the Register, the iPad itself was password-protected, but Ars Technica says that they shared the iPad and she realized she needed the password in order to regain access to a game. 

Regardless of the exact circumstances and any opinion you may have about Apple's standpoint (and the company should at least take reasonable steps to ensure that such requests are genuine), there is an issue here that affects many people. In an imperfect world, many devices are going to be password-protected, for obvious security reasons, and most software and service accounts of any significance. Increasingly, multi-factor authentication will mean that single static passwords will be augmented or replaced by other means of authenticating the user, adding additional layers of complexity, especially if some kind of biometric measure is in place.

There are also licensing issues: when you buy a device, it usually becomes entirely yours, but software and some kinds of services are usually licensed to the buyer rather than sold outright. The testator (the person making a will) may not be legally entitled to name a beneficiary to 'inherit' access. There's no easy rule of thumb I can offer here: this is something the individual has to look into and sort out, before it's too late. 

Leaving that aside, for the Register, Iain Thompson suggests: 

Leaving a digital will containing logins and passwords for key accounts is increasingly being recommended. Naturally, writing all this stuff down is a security risk, so be sure to encrypt the data and – just to be on the safe side – give one half of the key to your executor and the other half to a good friend in rude health.

For Ars Technica, Jon Brodkin quotes an 'estate lawyer who spoke to CBC [and] said that wills shouldn't contain actual passwords for security reasons, but they should include information on where family members can find passwords.'

That's certainly good practical advice, but it doesn't really address the licensing aspect, and as I'm most definitely not a lawyer, I'm not going to either. But I do strongly suggest that you consider these matters when you do talk to a lawyer about your will - as you certainly should, if they're matters that will be of concern to those you leave behind. 

What’s Hot on Infosecurity Magazine?