Apple backs down from barring widow her dead husband's passwords A Canadian widow won't have to go through the courts to get the password to her dead husband's iPad after Apple, in the face of media pressure, withdrew its insistence on legal action. Last August 72-year-old Peggy Bush lost her husband to lung cancer and, among other belongings, was left her husband's Apple laptop and iPad. …
You could easily get banged up on remand for a month and the authorities might think there is evidence on your PC. You can elect to refuse to hand over the password, but if it gets automatically sent to your next of kin after a month you place them in the invidious position of either selling you out or else risking jail to defend your principles/privacy.
If anyone wants to use my kit after I expire they can wipe the drives and reinstall the OS. If that isn't possible with Apple kit then I'll add it to my existing list of reasons why I avoid fruity bling.
Maybe a dead man's switch is a good idea. If you don't access your e-mail account for a month, e-mail the password to your next of kin.
Google has such a feature: you can nominate someone to be the recipient of your account details after three months of inactivity.
In some respects Apple's stance on customer privacy is quite admirable, in this case they've clearly lost the plot though. It's strange how these examples of dreadful customer relationships are always a 'misunderstanding' once the media gets involved.
is a figure of speech, hopefully. There's a lot of flexibility here: you can "split a key" into n pieces and require m of them for decryption, without any loss of security. So you could, for instance, create 10 keys and distribute them round your family, but only require 4 of them to unlock your stuff.
So you could, for instance, create 10 keys and distribute them round your family, but only require 4 of them to unlock your stuff.
---
Like a Secret Sharing scheme, you mean? Sound advice.
Really, who do you expect to try and get your passwords? Write it down, put it at the back of the filing cabinet in between the water bills and tell your spouse where they are. The likelihood of anyone schmoozing around there is less likely than an exploitable flaw in the software that is doing the protection/encryption.
My dad did this for my mom, with passwords for banks, credit cards and retirement accounts, and provided copies to my brother and I in case they were both in a car crash or something.
Not that any of us can read his handwriting... I was going to suggest typing it, and then updating the copy as needed, until I realized that would provide quite a juicy target for malware that made its way onto his PC. The proper way to handle that is to keep it on a USB stick (and hope that LibreOffice doesn't keep temporary files laying around on the PC after editing such files) but that's getting pretty complicated for him.
He uses his PC for email, bridge and paying bills...I'm already worried he'll get malware that will steal his passwords when he logs in to his credit card or retirement account, but the idea of having him login to those from a VM is a complete non-starter - he'd never understand that. If only Bridge Baron ran on Linux, I'd update his PC while he was away on vacation and tell him it was a new version of Windows - he'd never know the difference :) Maybe I should see how it runs under VMware Unity mode.
As with every good idea, there may be unintended side effects...
It's a bit old fashioned but how about a typewriter? I found my 35 year old portable in the attic recently and my children are having fun working out how it works (they seem to find it strange that it doesn't have a mouse).
I'd like to see anyone hack the typewriter. Well apart from listening in and trying to decode the audio, KGB style, but I think that that's out of the league of your average script kiddie.
Yay, real typewriters! Except my Hermes 2000 does not have a separate '1' (digit one) key, the lowercase 'l' (ell) does double duty. Also does not have a '!' (bang), one must type an apostrophe, back up, and type a period. Fine for most writings, but 1234 != l234. Might be easier to only use passwords with no ones, ells, capital eyes, zeros, or capital ohs.
"Hacking typewriters is possible by accessing the ribbon cable..."
Yes, everybody who's ever watched the Clumbo episode "Now You See Him" (I think is was in season 5) knows this.
All you'd have to do is to remove the cartridge and burn or shred it. Or burn the shreds. And dissolve the ashes with acid. And flush the remains down the toilet.
The problem with a typewriter is that he'd have to type from scratch whenever he changes his passwords (surprisingly he said he does, so I guess at least some of these sites are forcing him to do it)
The reason I suggested a USB stick was so he'd have a copy he could modify - he would still print out copies for all of us like before, just now they would be human readable. If the USB stick failed, he'd just have to retype, that wouldn't be the only copy (though I'd probably have him give me an electronic copy also so he'd have a backup)
I've been using SecureSafe.com for ages, which has built-in data inheritance support.
You can get it to generate an access code with a time delay, and give that to whoever is supposed to use it after you pass away. They can't use it beforehand without you knowing because it'll email every day until the delay has passed (which means you can kill off the process and generate a new code), and you have to select which passwords will be given free.
No, I don't work for them, but I appreciate it when someone does it right. Not convinced about their document thing, but you don't have to use all of it anyway.
So Apple supports strong encryption and opposes backdoors. Yet it can provide the password for your iPad after you die? Am I misunderstanding something here ?
Quite apart from the issue of whether the deceased actually wants the next-of-kin to have access to their personal device. Who knows what they stored on there.
Not clear whether they have the actual password or can unlock it.
It's really two different questions:
The widow now owns the laptop, no argument, so Apple can factory reset it to recover the value of the HW.
But does she have the rights to all his data?
What about his medical history? What about before they were married?
Should the same thing apply to all heirs?
Do grandchildren have a right to know about the illegal abortion she had in the 1950s or the illegitimate child he had during the war?
"But does she have the rights to all his data? What about his medical history? What about before they were married? ..."
If the will bequeaths everything than yes. Old stuff will likely be on paper records or in photo albums, diaries etc. If those are locked in filing cabinets then the beneficiary has the right to what's inside and can ask a locksmith to open it if the keys cannot be found. That's exactly the equivalent of what this widow was asking of Apple.
If you don't want your family finding out about your exciting past - don't bequeath it to them!
Quite right of Apple to be cautious, she knew the pin for the iPad, so no issues with backdoors, but didn't know the password for his email address / apple id, Obviously deceased didn't have 2FA or would've been easy as a reset or maybe he did & that was the issue & when contacting Apple it was the daughter that was doing it.
Actually the following sentence implies that she did NOT know the pin to unlock it: "But when she fired up the fondleslab she found it was password protected and her husband had neglected to write it down anywhere."
It still highlights the issue that if they can unlock it for the widow by resetting the password without any other authentication, then they can unlock it for anyone. Which makes Cook's public posturing on the subject, well, public posturing.
This is quite different from resetting it to a "clean slate" which is clearly appropriate since she now owns the hardware.
The Reg article's a bit unclear, on the Canadian site, says she had pin for pad, but didn't know
His Apple ID, all stemmed from not being able to play a card game, so clear cut, no backdoors
on iPad, reset was for Apple ID, but the person requesting it was not immediate family, but the daughter of the deceased, no doubt with a different name.
[A]n Apple staffer told her they would need a court order to hand over the password.
PLEASE tell me this is actually about resetting a password, not retrieving a password.
If Apple staff are actually able to retrieve users' passwords, then Apple security is hopelessly broken.
Yet, if they still can reset the password, the device is actually backdoored. It might not allow access easily without user knowledge, but there's still something alike a "master" user/password able to reset the user password remotely.
Failing to give her the password before he died isn't proof that he didn't want her to have the password, particularly if (as the article suggests) he'd actually bequeathed the device to her in his will - a reasonable third party observer might then consider that, on balance of probabilities, the failure to supply the password along with the device was merely an oversight rather than a deliberate attempt to prevent access to whatever data was on said device.
Let's be honest here, how many of us are now so conditioned into entering a password or some other form of access data every time we use one of our devices, that it becomes something we do without really giving it any further thought? Once the use of passwords etc. become so ingrained into our daily routines, I think it's then quite likely that a lot of people would simply overlook the need to let someone else know what those passwords are in order to allow them access to whatever it is.
I'm guessing the issue here is being unable to reinstall fresh OS as a new pad without removing "Find My iThing" for which you need your iCloud pass.
It would have been easier to have access to his email through his ISP and then go to https://iforgot.apple.com/ to reset the icloud pass.
Unless he used only his @icloud.com email as his one and only account.
It can get complicated so to simplify this at home my wife and I decided to make sure all our devices have the same PIN to unlock (phones, tablets etc) and that we would put our primary email address password into our respective password vaults so that in the event of something going tits up we'd have a good chance of being able to reset credentials - you can reset most forms of authentication as long as you have access to the primary mailbox associated with the account. We also make sure we only use answers to those personal questions (like maiden names etc) that both of us know the answer to.
Not perfect but it will do for now.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
