I had a serious “oh shit” moment today, and after you’re done reading this, you’re going to say “oh shit” too…

If you DON’T, then I commend you on serious smarts.

I was doing research today on estate planning and I was looking into Two-Factor Authentication (2FA). You know what it is; you log in to a service, they send a text message to your phone, you put the code in, and then you’re good to go. Many, many services have turned on 2FA and it’s highly recommended by security professionals. Sure, it’s annoying, but it’s for your own protection. It’s becoming more and more common.

I think we can all agree that 2FA is very good idea.

But…what happens when you die?

What happens when your heirs disconnect your phone service?

What happens when, if after they disconnect your phone service (which bricks your phone), and then they try to log in to Amazon, or Draft2Digital, or any other site you use where you’ve enabled 2FA? They have your password, but they don’t have the code, which means they can’t log in!!!!!!!!!!!!!!!!!….!!!!!!!

Oh shit…

Canceling your phone before getting access to your accounts is an innocent mistake your heirs could make. I wouldn’t blame them for disconnecting your phone. Would you?

Also, writing your passwords down for your heirs won’t mean a thing if they can’t bypass Two-Factor Authentication. This method is meant to be foolproof, and it’s almost impossible to get into an account if you can’t authenticate it.

So…either you just don’t use 2FA (which is a bad idea), or you use it responsibly and with an eye to the future. Otherwise, you’re tempting fate and almost ensuring that your books (and all your other accounts) will die along with you.

Of course, if you’re dead, your heirs could use power of attorney and contact the company to get access. But that’s a pain in the ass and there’s no guarantee they’ll be let in. In fact, I learned today that some states (in the US) don’t permit powers of attorney to retrieve login information. YIKES. Besides, do you really want your heirs to try to deal with Facebook’s legal department? Or Google’s? Sheeeeeet….They’re going to be grieving and handling your affairs. Having them deal with cutthroat corporate attorneys is the last thing they need……if they can even get someone to reply. With Google, Facebook, and Amazon these days, you can’t get a live person anymore. Everything’s done by AI which will make your heirs’ lives even more maddening.

So, what can you do?

As best as I can tell, here’s my recommendation if you’re using 2FA on your accounts (which you should be).

  • First, learn how 2FA works. Admittedly, I consider it to be very techy and not at all the easiest thing in the world to understand. Most people will just turn it on and not understand the consequences. But you need to wrap your head around it. It’s not complicated—it’s just a little unusual to get used to. But when you get it, you’ll understand it. I didn’t know very much about it before today, but it turns out that most companies operate their 2FA in the same way. You sign up for 2FA, enter your phone number, and many give you the option to either use a text message, phone call, or use a separate authenticator app (more on that in a second). The nice thing is that you can usually choose how you want to receive your code. They will also give you back up codes that you can use in case you lose your phone (or if your heirs accidentally turn the phone off). The back up codes are critically important; with these, you’ve got the keys to the kingdom even if you lose your phone. You just have to be diligent enough to save them somewhere safe.
  • Turn on 2FA wherever and whenever possible. It’s a smart security mechanism to protect yourself. If you use Amazon or Draft2Digital, you should especially turn it on as this will protect your royalties while you’re alive.
  • Use as many verification methods as possible. Don’t just turn it on for your phone. You can also do email and an Authenticator service in addition to your phone.
  • An authenticator app such as Authy can really help you and your heirs out because it serves as a single place where your 2FA codes go. As long as your heirs have your phone number and Authy password, they can access your codes. Even if your phone is lost, they can access the backups. Again, Authy is not immediately intuitive for the average person, but after about 30 minutes playing with it, you’ll understand it. Alternatives to Authy are LastPass Authenticator, Duo, Microsoft Authenticator, Google Authenticator, etc. They all work the same way and have their pros and cons. Many agree that Authy is the best though. And it’s free.
  • Make a list of websites you have accounts with that support 2FA. This website is a good start to help you start your list: https://2fa.directory/. Write down the account info and the back up codes (if they exist), and then print that out or store it offsite in a bank deposit box. Is this a PITA? You better believe it, but you’ll be glad you did it.
  • Leave instructions in your estate plan to your executor about where to find the codes if they are needed. They’ll thank you. Oh, and make sure that they don’t cancel your phone line until they’ve changed the 2FA on all the accounts!!!!

I’m really glad I stumbled upon this problem, because I consider it to be a silent killer of author estates. Not only do you need to keep track of your usernames and passwords, but also your 2FA accounts. Otherwise, you’ll lock your heirs out of everything important.

5 years ago, this wouldn’t have been a problem. But as we move into a more digital and security-focused world, little things can have massive consequences. I bet if you enabled 2FA on your accounts, you never thought twice about what would happen when you die. You just login, put in the code, and access the account. But there are indeed consequences if you’re not careful.

I think people underestimate just how important their phones are in running a writing business. Amazon KDP, Draft2Digital, and even places like Dropbox support it now. Your banks probably require it. Some day in the near future, it may be mandatory for everything. The number of writing-related services that will offer (or even require) 2FA is only going to grow over time. Most do not right now.

To me, if you can do the following things to secure access to your phone, you will be light-years ahead of most people in protecting their estate:

  • If you use a phone passcode, write it down and store it with your estate documents so your heirs can find it (because if they can’t access your phone, that’s a nonstarter)
  • Enable 2FA in as many methods as possible and store your backup codes in a safe place.

And of course, we also have to remember that in the near future, people may want to rely on their phones less. 2FA could become obsolete or replaced with something else. So we’ve got to stay vigilant and on top of things.

Here’s a very good article from The NY Times about 2FA and how it works. It’s long but worth a read: https://www.nytimes.com/wirecutter/reviews/best-two-factor-authentication-app/

Anyhoo, guess what I’ve been doing today???

Hopefully this was helpful to some of you.

Have a good night.

Help a brother out and share this content