Bogleheads.org

[RTR2006]

Our accounts are not with Vanguard, and I maintain stock DRIP accounts that my wife should have access to in case of my demise, and I doubt she'd even know who to call if I dropped dead tomorrow. Why make things harder on her? I was simply responding to the op with the opinion that sharing passwords with a spouse is not necessarily quantitatively a risk.

RTR

[lightheir]

I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.

[celia]

I don't see a "yes" answer to this as being any sort of security concern. I have everything written down - everything - including the log-in info on my Windows machine at home so if anything happens to me my wife can get into my/our account. Do you really think that if I drop dead I want my wife to turn on the computer in her state of despair and see a picture of a golf club or slice of pizza or my first dog or my favorite rock group from the 60s logo or whatever, and not know how to get into my account to be able to access our retirement accounts?

How secure am I? How secure are we all? But maybe more important, how secure are your heirs if you drop dead tonight?

RTR

Forget about dropping dead tonight. It is far more likely that your computer and the paper with your passwords would be stolen while you are away from home tomorrow. Then what?


Dying is the easy part. It's also easy for your spouse to then call up Vanguard and ask them what he/she should do. It's not so easy to clean up fraud/identity theft problems after you were careless.

[celia]

The topic of sharing your password with your spouse was discussed in Giving Vanguard password to spouse is a financial risk. If you don't want to read the whole thread, at least read the third page.

[Sunny Sarkar]

Your Vanguard.com password should not be:
Written down or stored on your computer.
https://personal.vanguard.com/us/help/S ... ontent.jsp

we store your encrypted data on your local PC when you login, so that if LastPass.com can't be reached, you can still login to the add-on and get to your accounts.
https://lastpass.com/whylastpass_technology.php

Does using LastPass thus violate Vanguard security policy, since LastPass stores passwords locally (albeit highly encrypted)?

[tadamsmar]

Do you really think that if I drop dead I want my wife to turn on the computer in her state of despair and see a picture of a golf club or slice of pizza or my first dog or my favorite rock group from the 60s logo or whatever, and not know how to get into my account to be able to access our retirement accounts?

No, what I really think is that people like you should make sure your spouse knows what to do if you drop dead, see this link:

https://retirementplans.vanguard.com/VG ... +loved+one

[Epsilon Delta]

Our accounts are not with Vanguard, and I maintain stock DRIP accounts that my wife should have access to in case of my demise, and I doubt she'd even know who to call if I dropped dead tomorrow. Why make things harder on her? I was simply responding to the op with the opinion that sharing passwords with a spouse is not necessarily quantitatively a risk.

RTR

If you want to make things easier on her, give her the list of people to call. Or get a copy of the appropriate forms and pre-fill them, highlighting the information she will need to add (e.g. date of death) and the documents she will need to provide.

Continuing to operate an account after the owners death is likely to make things harder for your wife.
The SSA publishes a list of the SSN of dead people. Many institutions will check this at some point and freeze accounts associated with those SSN. At that point your wife will have to go through the proper procedures anyway, and may have to answer awkward questions about dead people performing transactions.

[tadamsmar]

I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.

You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.

[lightheir]

I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.

You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.

Well, considering she's pretty good at reading, and I've left a pretty clear note attached to the USB drive about how to access the info, I'd say I'm covered. It'll probably take her 20 mins max to figure out how to turn on my computer and log into Keepass (less than 5 minutes most likely.) Almost everything is automated so even if I disappear, almost everything keeps running smoothly and she can take her time to figure out what's what in the interim.

[LadyGeek]

There's a world of difference between reading and doing. Have her try this on her own. If she has a problem (I'm thinking yes), let her make notes in her own words and keep trying until she's successful.

This is the same situation in which everyone says they backup their data on a regular basis. But, how many have actually restored the data? Delete a file and try it now. I'm betting there will be a few questions (for a different thread).

[lightheir]

There's a world of difference between reading and doing. Have her try this on her own. If she has a problem (I'm thinking yes), let her make notes in her own words and keep trying until she's successful.

This is the same situation in which everyone says they backup their data on a regular basis. But, how many have actually restored the data? Delete a file and try it now. I'm betting there will be a few questions (for a different thread).

Yes, have done that. It's very easy to loginto Keepass and then find the subsites - I've shown it to her twice already, but given that she's not a Keepass user herself on a regular basis, she instantly forgets how/what to do unless I write it down explicitly for her (she rarely even uses a computer, favoring her iphone for web browsing.)

The idea of checking your backups as well is a good one - I do it every few months with my Crashplan online archive as well as with my external HD backups (I have 2 local ones.)I've been impressed with how well and smoothly Crashplan has been working - it's has been nearly flawless in its execution of background backups. Especially once that initial big datadump was done, the incremental ones have been effortless - I don't even monitor it.

[astrohip]

I try to check banks, VG and CCs weekly.

+1. I check all my financial sites every Wednesday. Banks, brokerages, credit cards. I look for anything unexpected. And have found a few things over the years.

[teacher]

Very important thread. How often should usernames and/or passwords be changed? I couldn't find mention of that question in the Vanguard site on security.

[tadamsmar]

I'm not planning on dropping dead anytime soon, but it does make it easy to pass along info if you're a big Keepass user - you just make a "special" backup copy of the database and the program installation .exe on a USB, make up a password that is comprised of information only she would specifically know (like special trip details you did with her on certain vacations), and store the USB somewhere safe but yet accessible, like a safety deposit box. My wife isn't a keepass user and definitely not particularly computer savvy, but even if she can't figure it out, she can get a friend to help if needed to get the key information in there to access all my/her accounts. (I do keep it as organized as possible, which is pretty easy.) Yet another reason to love Keepass.

You are nowhere close to keeping things organized as possible because you have not even bothered with the first step: to figure out what your wife is supposed to do and organized things so she can easily do that.

Well, considering she's pretty good at reading, and I've left a pretty clear note attached to the USB drive about how to access the info, I'd say I'm covered. It'll probably take her 20 mins max to figure out how to turn on my computer and log into Keepass (less than 5 minutes most likely.) Almost everything is automated so even if I disappear, almost everything keeps running smoothly and she can take her time to figure out what's what in the interim.

Seems your goal is to have your wife inpersonate a dead man. But even measured against that goal, you are not very well organized. You need to avoid news of your death getting around, that news will eventually gum up the works for your wife. You need to see the movie "Bernie" to get some ideas.

I have not considered this approach. Instead, I have organized toward to the goal of my wife avoiding impersonating a dead man and just going through the ordinary process of executing the estate.

[lightheir]

Totally disagree that I'm having my wife impersonate me.

The point isn't for her to take over and assume shes me to continue using my accounts - it's for her to access anything shared we need so she can track it and transfer if necessary.


Most of my utilities and other bills default to emailing to me - most of them do not allow multiple email options, and my wife wouldn't want them in her inbox anyway. By having them listed in Keepass, she can find out what's where and make the arrangements to transfer.

Joint bank accounts she already has access to, but she accesses our brokerage and retirement accounts sso rarely that she will def need my records to remind her how to get back in.

She's already listed as the main beneficiary on all financials.

I wish I could get her to actively manage the bills, etc. like I do, but she's not interested, and frankly, it's probably working better with only one cook in the house. About once a year I show her how to use my Keepass, but it's not meant to substitute for my written instructions.

I'm wondering what you think a better solution is to track/mantain all records for a spouse who isn't very interested in the details of bills and accounts.

[runthetrails]

Having finally gotten around to doing the business of cross-authorizing my wife's account and mine, I would say that I think it's a great thing to do--not because of the security issues in telling your spouse your password, but because it is extremely difficult to deal with a spouse's password and it is much easier for your spouse to access your account via your spouse's own username, password, and security questions... meaning better security the sense of security against loss to your heirs due to overlooked, forgotten, or inaccessible accounts.

I agree, and my spouse and I are cross-authorized for our IRAs, but our 401(k)s -- both at VG, apparently are not eligible for spousal authorization. So I'm obliged to log in as her to manage our accounts as a whole.

[tadamsmar]

Having finally gotten around to doing the business of cross-authorizing my wife's account and mine, I would say that I think it's a great thing to do--not because of the security issues in telling your spouse your password, but because it is extremely difficult to deal with a spouse's password and it is much easier for your spouse to access your account via your spouse's own username, password, and security questions... meaning better security the sense of security against loss to your heirs due to overlooked, forgotten, or inaccessible accounts.

I agree, and my spouse and I are cross-authorized for our IRAs, but our 401(k)s -- both at VG, apparently are not eligible for spousal authorization. So I'm obliged to log in as her to manage our accounts as a whole.

It's called Agent Authorization at Vanguard, check the links here:

https://personal.vanguard.com/us/litful ... C&subCat2=

not sure how you and your spouse could not be eligible, assuming the other party (other spouse in your case) is willing to grant agent authorization.

[tadamsmar]

Totally disagree that I'm having my wife impersonate me.

The point isn't for her to take over and assume shes me to continue using my accounts - it's for her to access anything shared we need so she can track it and transfer if necessary.


Most of my utilities and other bills default to emailing to me - most of them do not allow multiple email options, and my wife wouldn't want them in her inbox anyway. By having them listed in Keepass, she can find out what's where and make the arrangements to transfer.

Joint bank accounts she already has access to, but she accesses our brokerage and retirement accounts sso rarely that she will def need my records to remind her how to get back in.

She's already listed as the main beneficiary on all financials.

I wish I could get her to actively manage the bills, etc. like I do, but she's not interested, and frankly, it's probably working better with only one cook in the house. About once a year I show her how to use my Keepass, but it's not meant to substitute for my written instructions.

I'm wondering what you think a better solution is to track/mantain all records for a spouse who isn't very interested in the details of bills and accounts.

For Vanguard accounts, start here:

https://retirementplans.vanguard.com/VG ... +loved+one

Not sure of the details of all other accounts. I think joint accounts tend to be easier to manage, require less red tape, but not sure about all joint accounts in all states. Of course, it's unusual to have everything in joint accounts because many types of retirement savings accounts don't allow it.

While you are alive, she can use agent authorization if you arrange it.

Having your wife as the sole beneficiary on an account is not the same as having a joint account.

[tadamsmar]

Option 2 should read "I use a strong and unique _password_," no?

Other options should include (at least) the following:
- I use two-factor authentication
- I use non-obvious security questions

No! I meant usename. Read Vanguard's fraud policy linked in the OP.

My poll does not cover everything in the fraud policy.

Usernames are public information. They _must_ be unique. And what does it mean to make them "strong"?

Edit: If you want to measure security accurately, you shouldn't leave out "I use a complex, unique password." It is the most important element on (not on?) the list. And you should probably omit "I use a strong and unique username" because it is inconsequential.

A unique username is one that is not used on some other website:

http://www.google.com/goodtoknow/online ... passwords/

A strong username is one that is hard to guess. Vanguard allows letters and numbers in the username.

Usernames are not really public information in the way that your voter registration is public information, one can't just look it up online. By "public information" I guess you mean it appears on the screen when you log in, in that sense a username is more public than a password.

[lightheir]

I treat my usernames on my financial websites just like a password. Unique, long, and complex.

I manage all financial logins with Keepass, so there's no extra effort at all required to have complex hard-to guess username on top of password. Makes it a bit tougher for a hacker to crack both if they're both unique with bank-strength complexity. Fortunately, with Keepass, the amount of work required to login with a bank-strength password/username is identical to the work logging on with a simple one.

[telemark]

A bit of personal experience here -- my mother never used the computer and had only a minimal knowledge of my parents' finances. When my father died unexpectedly, we discovered that he kept all his online account and password information in an encrypted database, with a key that only he knew. I will admit that I initially saw this as a problem, but now I think it was a good thing. It kept me from doing anything stupid and forced us to do everything legally and properly.

If you want to provide for your survivors then make a will, name your beneficiaries, and keep good records. Sharing your passwords is no substitute for any of that.

[kamo]

Too many usernames and password I have. Every site seems to need them nowadays, and if you only use the site once a month/quarter, then you have to write it down somewhere. And because you have so many you need them frequently and so where you write them down has to be easily and quickly accessed. I guess it's best to have important ones, like for financial accounts, written down on an encrypted doc and the silly ones on a regular (WORD?) doc.

[lightheir]

Too many usernames and password I have. Every site seems to need them nowadays, and if you only use the site once a month/quarter, then you have to write it down somewhere. And because you have so many you need them frequently and so where you write them down has to be easily and quickly accessed. I guess it's best to have important ones, like for financial accounts, written down on an encrypted doc and the silly ones on a regular (WORD?) doc.

Just go Keepass. Makes it trivial to have different usernames/pwd's for all financial sites. Me, and a bunch of others on this forum use Keepass (a free download) to manage all financial or sensitive websites and passwords, and then just use more rememberable passwords without keepass for things of low-security importance to keep things streamlined.