Another option for storing passwords is to use a commercial password keeper, which typically can be used as an app on a smartphone or tablet and through an online site. These products not only manage passwords, but they also can generate passwords for individual accounts. When using such an app, the user needs to remember one password. After opening the app on his or her phone, the client can access the site directly through that app. Numerous companies offer these apps and websites, some of which are free.
Creating safe, secure passwords that are easy to remember is a third challenge in safeguarding electronic data. Many of the password keeper sites have a function that will create a random password, but it is often difficult to remember since it is actually a random sequences of letters, numbers and symbols. A15-digit random password may be: Kpz?V7zFng7_4sM.
An alternative is to create passwords that are based on a formula or a phrase that is easy to remember, but hard to recreate. For example, the phrase “I work at Atlantic Trust on the 37th floor!” would be a way to remember the password “IwaATot37thf!”. Similarly, the phrase “the Patriots are the 2015 Super Bowl champs” would be a way to remember the password “P!at2015SBc”.
There are a couple of additional rules to consider regarding password management. First, be sure to change passwords at least twice a year, particularly for accounts that a hacker may watch, such as those used for e-mail or social media. Second, take advantage of two-step verification when available. This utilizes a single-use security code sent to your phone or e-mail that you need to input before logging in.
The United States Computer Emergency Readiness Team (www.us-cert.gov) is a resource clients may also find useful. It offers tips and advice on security issues for non-technical computer users.
Hopefully, clients have an estate plan in place. In connection with cybersecurity, clients and their advisors should consider whether their current powers of attorney include provisions relating to accessing digital assets and accounts.
Failing To Prepare, Preparing To Fail
Why is there a need to plan for digital assets? First, advisors and their clients need to prevent the theft of a client’s identity and assets when he or she dies. Second, fiduciaries need to identify and gather assets to ensure their proper disposition after a client passes away. Third, information needs to be kept secure for emotional reasons. Family pictures stored in the cloud, for example, may have no significant financial value, but they often do have sentimental value among family members.
Tools and strategies for the administration of digital assets upon a client’s death are still in their infancy. Last year, the National Commission on Uniform State Laws approved the Uniform Fiduciary Access to Digital Assets Act, which vests fiduciaries with “at least the authority to manage and distribute digital assets, copy or delete digital assets and access digital assets.”
In addition to state law, many websites are governed by an electronic agreement covering the terms of service. Many clients simply click “accept” when creating a new account and do not look at the terms. In connection with a fiduciary gaining access to a deceased person’s account, terms may state that the account is nontransferable. However, some sites are making inroads on this issue. Facebook, for example, is creating a “living will” program that will allow users to appoint a “legacy contact” or otherwise decide what happens to their accounts when they die.
Cybersecurity and digital planning present numerous challenges for our clients and their advisors. Clients need to deal with a constant flow of new information as passwords change, websites change and accounts are opened and closed. Estate planning for digital assets is still an evolving process. Strategies for how to dispose of digital assets and accounts, including the potential efficacy of trust ownership and powers of attorney, should be a part of estate planning discussions.