A sadly common question for Mac 911 since the start of the pandemic was how to deal with someone’s online accounts and data stored on computers and mobile devices after they’d died. In most cases, preparations have to be made to provide this sort of posthumous access. Apple added an option in late 2021 called Digital Legacy that lets you set up your iCloud account in such a way that you can make it a simple task for appointed people to retrieve specific data, like photos and contacts.
But a reader recently asked the inverse question: how can data be locked away forever in the event of a death? Some people have secrets; others are intensely private; others wish to be forgotten. The author Franz Kafka burned an estimated 90 percent of his work while alive. He died of tuberculosis at the age of 41, leaving instructions to his dear friend and literary executor Max Brod, “Everything I leave behind me…in the way of diaries, manuscripts, letters (my own and others’), sketches and so on, to be burned unread.” (Brod ignored this instruction, which has prompted a century of second-guessing.)
Modern strong, whole-device encryption makes it feasible to prevent anyone from obtaining your locally stored data once you’re gone. For cloud-stored data, it’s possible that there’s no technical way to ensure an account that contains files or details encrypted only by the cloud provider could be made irretrievable. You may need to leave some instructions behind and hope for a more faithful Max to carry them out.
Here’s how to set things up to avoid losing access during your lifetime and largely ensure your data dies with you if that’s what you want. (Please note that this is a column at a computer publication. I am not a lawyer, and none of the following comprises legal advice. Consult experts when making precise plans.)
What you want to leave behind
Assuming that you want some photos, documents, or other details available to family, heirs, descendants, friends, or the public, identify those first. I’d recommend storing that information and regularly refreshing it at a site that allows inexpensive storage and to which you could provide someone a password for post-mortem access.
For instance, set up a Google account that’s separate from any you use for other purposes, and pay the company’s yearly data storage fee for amounts greater than the included space if necessary.
Then keep everything else securely locked away.
Passwords and second factors
It’s never a bad time to improve your password strength, confirm the ones you use are good enough, and enable stronger account protections:
- Password manager: Use 1Password, DashLane, LastPass, or iCloud Keychain to generate and manage all your passwords. Some of these apps let you store other information securely within them. This centralizes your password storage, making a single locked vault. But also…
- Password manager password: Except for iCloud Keychain, set a strong password that you memorize and otherwise keep unavailable to other parties. You may want to create and retain a recovery kit, which password managers produce, in case you forget the password. But if you store that kit in a place other people might find, they could use it just as easy to unlock passwords for all your email and online accounts. (iCloud Keychain relies on device passwords and biometrics; see below.)
- Strong passwords: To prevent people from guessing your passwords, make sure that at all services at which you store private data or leave a record of what you do that you have what’s currently considered a strong password. That’s at least 12 randomly generated characters from a password manager or randomly selected words that form a password 20 characters or longer. (Use passkeys when they become available at Apple, Google, and Microsoft later in 2022 for even more protection.)
- Two-factor authentication (2FA): While 2FA deters easy access to your account by those without your credentials, it can also be another lock that keeps accounts secure.
One weakness for leaving accounts behind is that a relative or another party who obtains access to your phone number—not even your phone—may be able to trigger a sequence of account recovery steps even at sites that support 2FA. See below under “Leave instructions” for thoughts.
Prepare within the Apple ecosystem
If you’re entirely in the Apple ecosystem, here’s how to prevent anyone else from obtaining your data. (Many of these tips suffice for the living and the dead.)
- macOS: Enable FileVault. With a strong account password for all accounts enabled to log in via FileVault, the Mac’s data is effectively unrecoverable. (Intel Macs with a T2 Security Chip and all M-series Macs automatically encrypt all data on the internal startup volume, but without FileVault enabled on those machines, the Macs can boot and decrypt the startup drive before you enter your password, making it easier to crack.)
- iOS/iPadOS: Since the iPhone 5s for iPhones and the iPad Air (2013) for iPads, Apple has built full-device encryption into its mobile gear. A device has to be started up and unlocked to enable access to data stored on it. Set a strong passcode—six digits minimum, but preferably a longer alphanumeric one. Because of how Apple throttles and controls password input to deter cracking, its password doesn’t have to be nearly as long as ones stored elsewhere in which a cracker could obtain the encrypted form of the password and perform trillions of offline brute force tests.
- iCloud: Using iCloud at all could leave your data available after you’re gone. Most iCloud sync services are encrypted only by Apple, meaning someone with account access could access and download that data. (iCloud Keychain is end-to-end encrypted, avoiding that issue.) However, if you don’t enable Digital Legacy, described above, it’s unlikely Apple would let anyone log into your account. Apple also has a process to delete a deceased person’s account.
On devices that offer Touch ID or Face ID unlocking, these biometric methods are ostensibly impossible to bypass. After you’re no longer among us, your biometrics pass with you. (There are some gruesome suggestions online that it might be possible to unlock devices of someone who had just died; I think that’s unlikely for the vast majority of us.)
Apple automatically disables biometric access after 48 hours of a device not being unlocked in any fashion, reverting to password-only unlocking.
Leave instructions about credit cards, bank accounts, phone numbers, and online accounts
Even if you don’t have substantial assets you think you will leave behind, it’s best to have a will and find a friend, family member, or lawyer that you can trust to act in your interests as your will’s executor. That person can manage the financial aspects of shutting down services. For instance, an executor can alert all financial institutions and credit card companies about your death and send a copy of the death certificate to freeze spending from your accounts.
However, as the legal-information site Nolo notes, “In most states, your executor will have no legal authority to access your digital assets.” Instead, you’ll have to provide someone you trust with instructions on what you want to be done. You might leave money to that person with the stipulation they carry out your wishes, but whether an executor can manage compliance with that, it’s hard to say. (Again, I am not a lawyer: this is a great area in which you should find local legal advice.)
Data in the cloud or at online accounts remains vulnerable unless it’s encrypted using keys held only by you or generated and stored on your devices. For the former, that would include Backblaze for online backups, where you and only you possess your backups’ encryption key. For the latter, many iCloud services rely on end-to-end encrypted secured by keys only held on your iPhone, iPad, or Mac, such as iCloud Keychain (noted earlier), Health data, Wi-Fi passwords, and your Safari browsing history and bookmarks.
You could rely on benign neglect: without regular interaction with many accounts, they simply go defunct. A lack of an active credit card or a failure to respond to security notifications could cause a site to shut down an account. With password preparations made above, ostensibly no one will be able to access the account even if it remains active indefinitely.
But you can’t fully count on that: sites get hacked. You probably want someone to take more aggressive steps.
While you are able to, create a list of all the sites, banks, phone companies, and other services related to phone numbers, text messages, data storage, and other services so that a party you trust could methodically shut things down that an executor can’t:
- Secure your phone number or numbers: Some sites allow account access or recovery by texting links or codes to a phone number. You should ensure an executor will retain your number for a period of time with the stipulation they cannot use it for account access, or have the number frozen or shut down to avoid another party gaining access.
- Shut online accounts: Many services let an appropriate party notify them to shutter an account. A copy of the death certificate is typically needed. Each service is different, so your appointed person may have to perform a fair amount of research. It might take 30 to 60 minutes per account to find the current instructions at the time of your passing, generate the paperwork, and follow up.
- Wipe devices: Depending on the state or country and local rules, you may be able to ask someone to erase your devices. With proper device security, that may be impossible. Further, Apple devices that support Activation Lock will generally be unusable if you were to die with Find My Mac/iPhone/iPad enabled—the device will at least be erased, but unusable to any subsequent person.
This Mac 911 article is in response to a question submitted by an anonymous Macworld reader.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to email@example.com, including screen captures as appropriate and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.