back to article Apple backs down from barring widow her dead husband's passwords

A Canadian widow won't have to go through the courts to get the password to her dead husband's iPad after Apple, in the face of media pressure, withdrew its insistence on legal action. Last August 72-year-old Peggy Bush lost her husband to lung cancer and, among other belongings, was left her husband's Apple laptop and iPad. …

Silver badge

"give one half of the key to your executor and the other half to a good friend in rude health"

With whom you never share a car journey, plane trip, etc.

Maybe a dead man's switch is a good idea. If you don't access your e-mail account for a month, e-mail the password to your next of kin.

4
0
Silver badge

Terrible idea

You could easily get banged up on remand for a month and the authorities might think there is evidence on your PC. You can elect to refuse to hand over the password, but if it gets automatically sent to your next of kin after a month you place them in the invidious position of either selling you out or else risking jail to defend your principles/privacy.

If anyone wants to use my kit after I expire they can wipe the drives and reinstall the OS. If that isn't possible with Apple kit then I'll add it to my existing list of reasons why I avoid fruity bling.

8
6

Maybe a dead man's switch is a good idea. If you don't access your e-mail account for a month, e-mail the password to your next of kin.

Google has such a feature: you can nominate someone to be the recipient of your account details after three months of inactivity.

In some respects Apple's stance on customer privacy is quite admirable, in this case they've clearly lost the plot though. It's strange how these examples of dreadful customer relationships are always a 'misunderstanding' once the media gets involved.

14
0
Silver badge

"Half the key"

is a figure of speech, hopefully. There's a lot of flexibility here: you can "split a key" into n pieces and require m of them for decryption, without any loss of security. So you could, for instance, create 10 keys and distribute them round your family, but only require 4 of them to unlock your stuff.

1
0
Silver badge

Re: "Half the key"

Did she try 123456?

0
0
Anonymous Coward

Re: "Half the key"

So you could, for instance, create 10 keys and distribute them round your family, but only require 4 of them to unlock your stuff.

---

Like a Secret Sharing scheme, you mean? Sound advice.

0
0
ZSn

Just write it down

Really, who do you expect to try and get your passwords? Write it down, put it at the back of the filing cabinet in between the water bills and tell your spouse where they are. The likelihood of anyone schmoozing around there is less likely than an exploitable flaw in the software that is doing the protection/encryption.

24
0
Silver badge

Re: Just write it down

My dad did this for my mom, with passwords for banks, credit cards and retirement accounts, and provided copies to my brother and I in case they were both in a car crash or something.

Not that any of us can read his handwriting... I was going to suggest typing it, and then updating the copy as needed, until I realized that would provide quite a juicy target for malware that made its way onto his PC. The proper way to handle that is to keep it on a USB stick (and hope that LibreOffice doesn't keep temporary files laying around on the PC after editing such files) but that's getting pretty complicated for him.

He uses his PC for email, bridge and paying bills...I'm already worried he'll get malware that will steal his passwords when he logs in to his credit card or retirement account, but the idea of having him login to those from a VM is a complete non-starter - he'd never understand that. If only Bridge Baron ran on Linux, I'd update his PC while he was away on vacation and tell him it was a new version of Windows - he'd never know the difference :) Maybe I should see how it runs under VMware Unity mode.

As with every good idea, there may be unintended side effects...

3
0
ZSn

Re: Just write it down

It's a bit old fashioned but how about a typewriter? I found my 35 year old portable in the attic recently and my children are having fun working out how it works (they seem to find it strange that it doesn't have a mouse).

I'd like to see anyone hack the typewriter. Well apart from listening in and trying to decode the audio, KGB style, but I think that that's out of the league of your average script kiddie.

4
0
Happy

Re: Just write it down

Yay, real typewriters! Except my Hermes 2000 does not have a separate '1' (digit one) key, the lowercase 'l' (ell) does double duty. Also does not have a '!' (bang), one must type an apostrophe, back up, and type a period. Fine for most writings, but 1234 != l234. Might be easier to only use passwords with no ones, ells, capital eyes, zeros, or capital ohs.

0
0
Anonymous Coward

Re: Just write it down

Hacking typewriters is possible by accessing the ribbon cable to read the characters typed from the impressions they leave

1
0
Silver badge

Re: the ribbon cable

More likely to have success with later models as the newer carbon ribbon cables were more conductive...

0
0
Silver badge

Re: Just write it down

"Hacking typewriters is possible by accessing the ribbon cable to read the characters typed from the impressions they leave"

Now do that remotely.

2
0
Silver badge

Re: Just write it down

Type list with typewriter (or write it by hand, penmanship is an aquired skill).

Put list in envelope.

Put envelope in deposit box in bank vault.

Your heirs and/or executor will be able to access the vault, and given the story here, without too much hassle.

4
0
Silver badge

Re: Just write it down

"Hacking typewriters is possible by accessing the ribbon cable..."

Yes, everybody who's ever watched the Clumbo episode "Now You See Him" (I think is was in season 5) knows this.

All you'd have to do is to remove the cartridge and burn or shred it. Or burn the shreds. And dissolve the ashes with acid. And flush the remains down the toilet.

1
0

Re: Just write it down

USB stick? I wouldn't like to trust a single one of these to retain important information for any length of time.

0
0
Silver badge
Joke

Re: Just write it down

I assume you would have it as a copy, you could always leave a 2 bay NAS (I assume you would not trust a single hard drive)

:P

0
0
Silver badge
Joke

Re: Just write it down

I's assume you have 2 NAS boxes, one off site in a different town (I assume you won't trust a single motherboard or PSU or single house that might burn down.

1
0
Silver badge

Re: Just write it down

The problem with a typewriter is that he'd have to type from scratch whenever he changes his passwords (surprisingly he said he does, so I guess at least some of these sites are forcing him to do it)

The reason I suggested a USB stick was so he'd have a copy he could modify - he would still print out copies for all of us like before, just now they would be human readable. If the USB stick failed, he'd just have to retype, that wouldn't be the only copy (though I'd probably have him give me an electronic copy also so he'd have a backup)

0
0
Anonymous Coward

Nah, much easier.

I've been using SecureSafe.com for ages, which has built-in data inheritance support.

You can get it to generate an access code with a time delay, and give that to whoever is supposed to use it after you pass away. They can't use it beforehand without you knowing because it'll email every day until the delay has passed (which means you can kill off the process and generate a new code), and you have to select which passwords will be given free.

No, I don't work for them, but I appreciate it when someone does it right. Not convinced about their document thing, but you don't have to use all of it anyway.

2
1
Bronze badge

"Renting" music ffs

If one only "rents" music for the duration of one's life, then isn't it about time that copyright only exists for the lifetime of the artist? Last to expire if it's a group thing.

(yes, yes i know, groups rarely own the copyright).

16
0
ZSn

Re: "Renting" music ffs

How about buying it with a ready made backup format - called a CD. Available nearly everywhere and portable! You can rip it to many formats, bit rate to choice. No DRM.

11
0

Re: "Renting" music ffs

No DRM on CDs? You forget the Sony fiasco.

http://www.theregister.co.uk/2005/11/21/gaffer_tape_trips_up_sony_drm/

0
0
Anonymous Coward

"low and behold"

I'm pretty sure the expression is "lo and behold", meaning "look and behold" the web tells me!

(Thanks for making me look it up.)

Anyhow, "low" just makes no sense.

13
0
Holmes

"low and behold"

@AC I agree with your comment wholeheartedly but to which post do you refer?

Unless the miscreant has edited their post in the mean time.

Curse them.

0
0
Silver badge

Re: "low and behold"

It looks like he's referring to the article's use of it. Now why the "tips and corrections" button wasn't used... maybe he didn't want to email since it was AC?

2
0
Coat

re: "low" just makes no sense.

Apple's behaviour seemed pretty low to me.

Leaving now ....

0
0
Headmaster

Re: "low and behold"

"Unless the miscreant has edited their post in the mean time"

Would that be greenwich mean time?

2
0
Headmaster

Re: "low and behold"

Maybe it's mean time between (spelling) failures

1
0

So Apple supports strong encryption and opposes backdoors. Yet it can provide the password for your iPad after you die? Am I misunderstanding something here ?

Quite apart from the issue of whether the deceased actually wants the next-of-kin to have access to their personal device. Who knows what they stored on there.

7
1
Silver badge

Not clear whether they have the actual password or can unlock it.

It's really two different questions:

The widow now owns the laptop, no argument, so Apple can factory reset it to recover the value of the HW.

But does she have the rights to all his data?

What about his medical history? What about before they were married?

Should the same thing apply to all heirs?

Do grandchildren have a right to know about the illegal abortion she had in the 1950s or the illegitimate child he had during the war?

6
2
Silver badge

"But does she have the rights to all his data? What about his medical history? What about before they were married? ..."

If the will bequeaths everything than yes. Old stuff will likely be on paper records or in photo albums, diaries etc. If those are locked in filing cabinets then the beneficiary has the right to what's inside and can ask a locksmith to open it if the keys cannot be found. That's exactly the equivalent of what this widow was asking of Apple.

If you don't want your family finding out about your exciting past - don't bequeath it to them!

2
0

I'd Say,

Quite right of Apple to be cautious, she knew the pin for the iPad, so no issues with backdoors, but didn't know the password for his email address / apple id, Obviously deceased didn't have 2FA or would've been easy as a reset or maybe he did & that was the issue & when contacting Apple it was the daughter that was doing it.

1
0

Re: I'd Say,

Actually the following sentence implies that she did NOT know the pin to unlock it: "But when she fired up the fondleslab she found it was password protected and her husband had neglected to write it down anywhere."

It still highlights the issue that if they can unlock it for the widow by resetting the password without any other authentication, then they can unlock it for anyone. Which makes Cook's public posturing on the subject, well, public posturing.

This is quite different from resetting it to a "clean slate" which is clearly appropriate since she now owns the hardware.

5
0

Re: I'd Say,

The Reg article's a bit unclear, on the Canadian site, says she had pin for pad, but didn't know

His Apple ID, all stemmed from not being able to play a card game, so clear cut, no backdoors

on iPad, reset was for Apple ID, but the person requesting it was not immediate family, but the daughter of the deceased, no doubt with a different name.

1
0
Silver badge

Re: I'd Say,

"but the person requesting it was not immediate family, but the daughter of the deceased"

I think daughter of the deceased probably does count as immediate family, more so than a spouse, genetically speaking.

2
0
Megaphone

PLEASE PLEASE PLEASE tell me this is just lost in translation!

[A]n Apple staffer told her they would need a court order to hand over the password.

PLEASE tell me this is actually about resetting a password, not retrieving a password.

If Apple staff are actually able to retrieve users' passwords, then Apple security is hopelessly broken.

12
0
LDS
Silver badge

Re: PLEASE PLEASE PLEASE tell me this is just lost in translation!

Yet, if they still can reset the password, the device is actually backdoored. It might not allow access easily without user knowledge, but there's still something alike a "master" user/password able to reset the user password remotely.

1
0
Anonymous Coward

What ever you do, don't...

...put your written passwords in the bottom of a locked filing cabinet stuck in a disused lavatory with a sign on the door saying beware of the leopard.

Way

Too

Obvious!

3
0
Gold badge
Coat

Re: What ever you do, don't...

Damn.

Anyone want a leopard? Cheap to anyone with a use for it.....

0
0

Pratchett was there too

"Why was it cheap?" "Because it's deaf."

1
0
Bronze badge

Leopard?

Does any software still run on an Apple old enough to run Leopard?

0
0

so, did he backup his consciousness to the device?

Question: if he didn't want her to know in life, why should she know in death?

1
0

Re: so, did he backup his consciousness to the device?

Failing to give her the password before he died isn't proof that he didn't want her to have the password, particularly if (as the article suggests) he'd actually bequeathed the device to her in his will - a reasonable third party observer might then consider that, on balance of probabilities, the failure to supply the password along with the device was merely an oversight rather than a deliberate attempt to prevent access to whatever data was on said device.

Let's be honest here, how many of us are now so conditioned into entering a password or some other form of access data every time we use one of our devices, that it becomes something we do without really giving it any further thought? Once the use of passwords etc. become so ingrained into our daily routines, I think it's then quite likely that a lot of people would simply overlook the need to let someone else know what those passwords are in order to allow them access to whatever it is.

1
0

How does Apple know the geezer's password?

2
0
Meh

Surely you can factory reset an iPad without needing to know the previous owner's password?

Or are you supposed to be buried with it?

Legitimate concerns if all your family photos are stored in "the cloud", however.

1
0

Acces to email?

I'm guessing the issue here is being unable to reinstall fresh OS as a new pad without removing "Find My iThing" for which you need your iCloud pass.

It would have been easier to have access to his email through his ISP and then go to https://iforgot.apple.com/ to reset the icloud pass.

Unless he used only his @icloud.com email as his one and only account.

0
0
Joke

Re: Acces to email?

ISP email? Is it 1996 again?

0
0

It can get complicated so to simplify this at home my wife and I decided to make sure all our devices have the same PIN to unlock (phones, tablets etc) and that we would put our primary email address password into our respective password vaults so that in the event of something going tits up we'd have a good chance of being able to reset credentials - you can reset most forms of authentication as long as you have access to the primary mailbox associated with the account. We also make sure we only use answers to those personal questions (like maiden names etc) that both of us know the answer to.

Not perfect but it will do for now.

0
0

Looks to me a bit like using iforgot.apple.com. That resets your Apple ID password, and requires a new password to be entered to continue.

Yes, I own iShit.

Sorry.

0
0

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Forums

Biting the hand that feeds IT © 1998–2018