28 November 2014
After a friend passed last week, I was forced to reflect on the matter of how our personal and confidential digital data would be passed on and entrusted to others in case something unexpected happened to my wife and I.
I maintain a 256-bit AES encrypted disk image that contains a copy of my 1Password keychain and a text file whose contents include my 1Password password along with an extensive description of the locations and access credentials of the various places in which we store both physical and digital confidential data.
Only my wife and I know the password to that encrypted disk image, and the idea was that if anything should happened to me, she would be able to access that disk and its contents.
What I hadnt considered until now is the case in which something happens to both me and my wife. How could I get that disk image to trusted relatives or friends, along with the password required to open it?
Dead Mans Switch is a simple, free service that sends you an email from time to timei.e. a “heartbeat” emailwith a link to click to indicate to the service that you’re still alive. If you don’t click the link after a period of time, it will send an email that you’ve pre-written to a group of recipients that you’ve specified.
Since the service doesn’t allow file attachments, I created a ZIP archive containing the confidential information in the above-mentioned disk image, and PGP encrypted it with the keys of some trusted friends and family members, and put the resulting PGP-encrypted file in Dropbox.
The email message that I then configured in Dead Man’s Switch explains that if the recipient received the message, it means something unfortunate may have happened to my wife and I, and includes the URL to download the PGP encrypted data, and asks them to use the data responsibly.
Simple, but hopefully effective.
PS: Although Dead Man’s Switch is free, I chose the one-time, lifetime payment of $20, which allows me to specify the three trigger times manually:
In this way, our friends would be notified and provided with our digital assets in a maximum of 30 days after the last heartbeat confirmation.
Note that the above approach is an update to a previously-described setup involving two online servicesSecureSafe and DeathSwitch. Unfortunately, DeathSwitch went out of business and using a PGP encrypted file stored in Dropbox makes SecureSafe no longer necessary.