• On TV.com: New TV sex symbol: Vintage black PORSCHE
March 10, 2009 8:00 AM PDT

Life insurance for your passwords: Legacy Locker

by Rafe Needleman
  • Font size
  • Print
  • 16 comments

Jeremy Toeman is unveiling on Tuesday a simple, clever, and very different kind of backup service.

Legacy Locker simply backs up the passwords and access codes to your online accounts. When you die, it gives that information to the people you designate.

I got this concept in half a second: if I go, I cannot imagine the trouble my wife would have trying to untangle my financial and e-mail accounts and deal with my contacts on my social networks, not to mention controlling the disposition of some online assets I own, like domain names.

The idea with Legacy Locker is to give your survivors easy access to your photo, blog, social network, e-mail, and other personal online sites so they can figure out what to do with the info and files stored there. Or, possibly, so your survivors can reach out to your followers or friends to let them know what's happened to you.

You can include financial accounts in your Legacy Locker file, although as Toeman reminded me, the rules of what to do with financial assets in the event of an account-holder's death are already established. You have responded to your bank's request to fill out a beneficiary form, haven't you?

Now, sure, you could easily do all of this for free by writing down all your codes and instructions, and putting that information in a safe or the hands of a family lawyer. Legacy Locker offers more fail-safes and features than a slip of paper, though. It can also distribute different access codes to different people.

The system periodically tries to log on to your accounts for you. If it can't--if you've changed passwords--it alerts you to update your records. Also, Legacy Locker only unlocks if two people whom you've designated confirm your death, and even then only if one of them supplies a death certificate to the company. Legacy Locker staff handles this; the unlock procedure is not wholly automated. Toeman claims that the system's files are all encrypted and cannot be unlocked without authorization.

You can set up your account to send out farewell letters to people you designate (or post items on sites per your instructions), if you die. The product also has a form of living will, an incapacitation mode (I call it, "coma mode"), that will turn on autoreplies and otherwise idle your accounts, without sending out your goodbyes.

Consumers will be able to buy Legacy Locker directly, for $29.99 a year or $299.99 for a lifetime subscription, but the company's real plan is to sell this service through estate planners. There are 35,000 of them in the United States, Toeman said, the ones he's contacted seem eager to resell this service to their customers.

Legacy Locker is morbid, but smart. It's scheduled to go live in April.

Related: Taking passwords to the grave.

Rafe Needleman writes about start-ups, new technologies, and Web 2.0 products, as editor of CNET's Webware. E-mail Rafe.
Topics:

Productivity and business,

Social network and groups

Tags:

Legacy Locker,

Wills

Share:
Digg
Del.icio.us
Reddit
Add a Comment (Log in or register) (16 Comments)
  • prev
  • 1
  • next
by karpenterskids March 10, 2009 8:40 AM PDT
Am I the only one who sees the irony in a "lifetime subscription"? lol


Looks like a great idea, though!
They seem to have thought every detail through...they deserve to be successful.
Reply to this comment
by MadLyb March 10, 2009 8:41 AM PDT
Okay, I like the idea, but to be quite honest, I already share this information with my family without paying $30 a month using nothing more than an encrypted Excel spreadsheet.

I like the password checking mechanism, but it kind of freaks me out that an external system is accessing my financial accounts.
Reply to this comment
by rafe March 10, 2009 9:17 AM PDT
@MadLyb, Just to be clear, it's $30 a *year*.
Reply to this comment
by sweetmileena March 10, 2009 9:45 AM PDT
I love this, and have actually had this on my mind lately- I am the computer pro in the house and have so many accounts including all our bills and whatnot, and it would be a nightmare for someone after my death to try and figure it out as I use many different passwords. But at the same time I do not want my information available before my death for my emails, domains, work accounts, etc. This would work perfectly, although I would hate to pay for it...hmmm.
Reply to this comment
by Smersh2000 March 10, 2009 9:54 AM PDT
"lifetime subscription" - bravo - i will write this down to remember :-)

The only reason why you should not use this service is that you may as well say bye-bye to security. This would be a weakest link in the security chain, and of course the one that matters.

Quote:"Now, sure, you could easily do all of this for free by writing down all your codes, and instructions, and putting that information in a safe or the hands of a family lawyer. Legacy Locker offers more fail-safes and features than a slip of paper, though."
Response: A piece of paper in the hands of the family lawyer (or, perhaps in a safe deposit box(es) with the key(s) given to a relative(s).

Why? Because the deposit box will not be targeted by attacks of script kiddies, and more serious guys. Your lawyer will not be bombarded with random attacks of an unsocial teen with plenty of time on his hands. Nor will they (bank or the lawyer) "accidentally release information" or experience "security breach" that often. No offence to modern technology (i am in IT field myself, and deal with security in financial world quite a bit).

It's the same thing as storing all of your passwords in an online repository.

Yes, "Our opinion was that this level of security was not sufficient, so we added 256-bit encryption based on multiple 512-bit hash keys on all information being passed through 256-bit encrypted secure socket layers (SSL), which is encrypted over a thousand times before being stored in our maximum security databases in its encrypted format." It's great that they know all these number-based terms, for those who seem impressed by them, or feel dizzy, here is a short explanation: they are referring to length of the key. And for the record, AES256 encryption is more than enough to withstand a brute-force attack(password guessing) for longer than anybody would live. The problem is that usually, it's not the encryption that fails, it's another link (human error, or code bug)

System is only as secure as the weakest link.
Reply to this comment
by Dalkorian March 10, 2009 2:36 PM PDT
Everyone should re-read this comment. Smersh is right on target here (though you could have phrased your "Quote - Response" 'paragraph' better). $30 / year to trust some company with the keys to your kingdom is the ultimate definition of stupidity. Trusting them to randomly access your accounts and not hose you in the process (deliberately or through a bug or outside hack) is insane.

I haven't even looked, but I'll put money on the fact that there will be disclaimers that absolve the company of any damages should they "inadvertently" lose or make public all your data.
by Remo_Williams March 10, 2009 10:13 AM PDT
Well, in the spirit of racing to the bottom, someone has already mentioned safe deposit boxes, which are nice, except you really want just one key on that slip of paper. Oddly enough, this was one of the first torrent use cases, in that (presumably) you could seed a torrent of your PasswordSafe file, and n-copies would always be available, unencryptable by anyone except you (or yours).

That itself is just another form of key management, so what are we offering here? Outsourced key management?

-R
Reply to this comment
by GreatSK March 10, 2009 10:42 AM PDT
"The system periodically tries to log on to your accounts for you."
"Toeman claims that the system's files are all encrypted and cannot be unlocked without authorization. "

Why does that sound really contradictory....
Reply to this comment
by NocturnalCT March 10, 2009 10:48 AM PDT
I use TrueCrypt to keep a small volume secure that contains things like TurboTax and Quicken files along with an excel sheet (in HTML format) with passwords. The password sheet gets printed out after every significant change and is put in the safe. The encrypted volume gets backed up regularly. Not the files individually but the entire volume. Since it's only a few tens of MB it doesn't matter that it is in effect a 'full' backup each time.

I've never used KeePass but that's an option too. Make sure your family knows where the master key is.
Reply to this comment
by LuvThatCO2 March 10, 2009 12:13 PM PDT
"The system periodically tries to log on to your accounts for you. If it can't--if you've changed passwords--it alerts you to update your records"

uh-huh.

I'm not one to shoot down others' business schemes, but this looks rediculous. And quite possibly disasterous if their servers get comprimised.
Reply to this comment
by cie247 March 10, 2009 2:38 PM PDT
Sorry...but I think programs like e-Wallet or simply storing the information on password protected jump drive and placing that in a safe-deposit box is more than sufficient. Leave a few hints in your last will and testament on how to access the information and the problem is solved.
Reply to this comment
by Legaldyne March 10, 2009 2:52 PM PDT
We have recently launched a VERY similar service VitalLock http://www.VitalLock.com
Reply to this comment
by applehazelnut March 10, 2009 11:39 PM PDT
One stop shopping for the National Security Agency. Nice... :)

Unless the Catholic Church starts a password storing company, I wouldn't use this. Or your wife starts a password storing company. :)
Reply to this comment
by ElizabethMoressi March 13, 2009 3:22 PM PDT
This is Brilliant. But I have to admit
BEFORE I even read the article I clicked on the link to their website to check for
Extended Validation SSL... and there was the bright green url with the certificate
issued in in Jan 2009, expires in 2010.

Well, you have to admit it adds legitimacy right off that bat.
Reply to this comment
by bruceslog March 16, 2009 9:08 AM PDT
"Toeman claims that the system's files are all encrypted and cannot be unlocked without authorization"
If nobody can unlock the customers information but the customer, how does it get the passwords to occasionally log into one's accounts ?
Reply to this comment
by federico001 September 22, 2009 2:59 PM PDT
hey
Reply to this comment
(16 Comments)
  • prev
  • 1
  • next
advertisement
Click Here

About Webware

Say No to boxed software! The future of applications is online delivery and access. Software is passé. Webware is the new way to get things done.

Add this feed to your online news reader

Webware topics

The 411 on early-termination fees

Verizon Wireless has doubled its early-termination fees for smartphones, but what does it mean for the rest of the industry?

Google has its own plan for Netbooks

No, the search giant isn't saying it will build a Netbook. But it sure knows what it would like one running Chrome OS to resemble, and that's a little different from the Netbook of today.
• Screenshot tour of Chrome OS

Inside CNET News

Scroll Left Scroll Right
News
News site map
Latest headlines
Contact News
News staff
Corrections
CNET blogs
Popular topics
Apple iPhone
Apple iPod
Cell phones
Dell
GPS
LCD TV
CNET sites
CNET Site map
CNET TV
Downloads
News
Reviews
Shopper.com
More information
Newsletters
CNET Mobile
Customer Help Center
RSS
CNET Widgets
About CNET