Legacy Locker

No matter how protected and technologically advanced a website may be, it’s all for naught if your passwords are weak or your security hints are easily discoverable.

“TwitterGate” is the most recent reminder that many of our passwords are weak and our hinting infrastructure (the supportive questions asked to either refine a secure login or help a person remember an original password) is a giant gaping hole waiting to be exploited. In a quick nutshell: a hacker used publicly available information found on social networking websites and other information-rich sources on the internet to gain a somewhat complete personal picture of Twitter senior employees. The hacker pieced together information from different sources to form a map of an individual’s life that ultimately allowed him to make educated guesses as to what hint answers might be. Through brute technological force, the hacker found out all the personal information he needed to crack into Twitter employees’ Gmail accounts and ultimately gain access to a treasure trove of information.

What does this tell us? That while operating independently our accounts are safe, the online ecosystem of an individual provides enough information to compromise us if we’re not very careful about the personal data we use to gain access to our accounts. Most password hints are items that our best friends usually know about us: favorite movie, pet’s name, favorite actor, street we grew up on, etc. At Legacy Locker, we are very concerned about people utilizing easily discoverable recent historic information or basic personal preferences in this manner. The prevailing thought here is that we need to fundamentally rethink the way we choose our passwords, hints and other secure information. According to a recent publication by professors at Carnegie Mellon, even social security numbers can be guessed based on available information found on Facebook profiles.

Aside from choosing highly improbably guessed passwords, it is important to use hints that are known only to you and no one else. Don’t use clues that have a finite universe of answers, instead use hints that are opinion-based or only you know the answer to. Good examples include your favorite historical figure, the name of your first kiss (even the other girl or boy involved is unlikely to know it was your very first) and your SAT score.

Don’t let the fear of forgetting a password cause you to use easily discoverable hints. Think creatively, have some fun with it and put real thought into your personal security infrastructure so that all of your online assets remain secure and above all, private.

One final word on the subject: make sure your Legacy Locker password is unique and not re-used on any other sites!  This way you can even use Legacy Locker as a “password vault” in case you forget the rest!

UPDATE:
Check out this Slate.com article entitled, “Fix Your Terrible, Insecure Passwords in Five Minutes.”

Gregg Delman
Director of Business Development

When thinking about your “Online Assets”, have you ever wondered what happens to YOUR photos?

Last week, I flew back east to help my grandmother move out of her apartment in Brooklyn. She dusted off about a dozen old picture albums from the 1920’s onward and painstakingly went through each and every photograph. That’s when it occurred to me: I won’t have picture albums. All I have are Facebook, Flickr and Picasa albums. When I’m an old man, the only thing I will be dusting off is my laptop.

So how will I bore my grandchildren with all of the photos from my lifetime? Unless I go through the hassle of downloading each picture to a backup drive and re-label everything accordingly, the answer is that I’d better plan a way for my progeny to access my pictures. It’s wonderful that my photos will never degrade but what’s the point if they’re lost or inaccessible? Also, what if something happens to me suddenly and unexpectedly? Unless my albums are public, there is no easy way to access and then download all of the thousands of pictures I’ve uploaded to the various photo sharing websites. Another question I had was whether I even own those pictures once I’ve uploaded them to the cloud.

So I did some digging about various website’s photo policies.

Facebook (http://www.facebook.com/terms.php)
When you upload photos to Facebook, you’re agreeing to give the site the right to do anything they want with any of your photos for any reason. Once you remove your photos from Facebook, a copy of it may still exist in their data archives, but their user agreement states it will no longer be utilized by the site for any purpose. So basically, you’re trusting Facebook with all of your personal memories. Regardless, third party access to the site content of an individual may be challenging in the first place (see previous posting on “Looking at the Facebook Death Policy”).

Flickr (http://www.flickr.com/creativecommons/)
Flickr is a little fancier in that it allows you to control who can do what with your photos. However, this policy only extends to other users and not the company itself. So, Flickr can use your photos, but you can limit other people’s ability to copy your photos. It’s also important to review its owner’s policies (Yahoo!) concerning photo content. Basically, you’re agreeing to let Yahoo! do whatever it wants with your content, which your next of kin will probably need to obtain a court order to access if user names and passwords are not available.

Photobucket (http://photobucket.com/terms), Picasa (http://picasa.google.com/intl/en_US/web/tos.html), Kodak (http://www.kodakgallery.com/TermsOfService.jsp) and Shutterfly (http://www.shutterfly.com/help/terms.jsp)
The good news is that not all websites claim ownership rights to your content. The above sites all allow you to keep full ownership rights of your content. The only catch is that these companies retain all patent, trademark and copyright to any content you submit, post or display, and you are responsible for protecting those rights. Furthermore, by submitting, posting or displaying content, you grant these websites a worldwide, non-exclusive, royalty-free license to reproduce, adapt, distribute and publish such content, including RSS or other content feeds, and other services. In addition, by submitting, posting or displaying content which is intended to be available to the general public, you grant a worldwide, non-exclusive, royalty-free license to reproduce, adapt, distribute and publish such content for the purpose of displaying, distributing and promoting their services.

Despite retaining some rights, these websites will discontinue licensed use within a commercially reasonable period after your content is removed. Remember, this is completely opposite Flickr’s and Facebook’s stated policy. For those of you who really value your online content, make sure you’re using a service that recognizes your ownership rights. Also, take precautions to ensure future generations will have access to the content you’ve spent a lifetime creating.

Gregg Delman
Director of Business Development

Disclaimer:
This Blog/Web Site is made available by Legacy Locker, Inc. for educational purposes only, not to provide legal advice. The Blog/Web Site should not be used as a substitute for competent legal advice from a licensed professional attorney in your state.

Please note that the material contained in this blog is not legal advice and is not to be relied upon in a court of law. Furthermore, any federal tax advice contained in this communication, including attachments and enclosures, is not intended or written to be used, and may not be used, for the purpose of (i) avoiding tax-related penalties under Internal Revenue Code or (ii) promoting, marketing or recommending to another party any tax related matters addressed herein.

Google launched  new features with their Google Health service today (you can read the details here).  Obviously there is much inefficiency in the field of online medical documentation and healthcare issues (privacy rights, etc), but it inevitable that the Internet will be a major intermediary for the future of healthcare. Your vital information will need to be very well protected and respected, but at the same time allow healthcare institutions and loved ones to easily and securely access this critical data.

Google Health’s new features are a great complement to an existing comprehensive estate plan and your Legacy Locker account.  The first step in any estate plan is to discuss your end of life documentation and make sure your primary care givers are aware of your wishes.  However, once engaged in the process of thinking about this difficult subject matter it’s important to look at all the issues your legacy may create.  That is why we feel that Google health is just one important aspect to consider when safeguarding your online self.

For those of you who do try out Google’s Health services, you should know that this account can be incorporated into your Legacy Locker thereby creating a beneficiary for this account in the event of disability.  Currently, Google Health does not provide the ability to share this information post mortem. While there are some sharing features and services built into the new Google Health feature, our analysis is that it might not be enough for the variety of types of needs of our customers. After all, the whole point of an estate plan is to protect all of your different assets with all sorts of different types of directives and needs.

Overall we’re very excited to see companies as big as Google beginning to take a look at the concept of digital services that extend deeply into personal lives. So to our customers, who have a lot of content secured in your Legacy Locker, take a look at Google Health. There’s a lot you can do with it, just don’t forget to make it part of your Locker while you’re at it!

We are constantly seeking to improve our service and add value for our users, and today we have two new features to announce: secure file storage and Video Legacy Letters.  We think these are important enhancements to the service, and they are being offered at no additional charge to our existing or new customers!

1. File Storage - you can now keep a secure, encrypted copy of your most critical documents in your Locker.  Examples of useful documents to store include your will, a property deed, stock certificates, and other “can’t lose” files. Each account holder (of a premium or lifetime account) can store as many as 10 files, of up to 5MB each (we plan to increase the number of files in the future).
2. Video Letters – in addition to written Legacy Letters, you can now upload video messages as well.  Each user (with a premium or lifetime account) can upload as many as 3 videos, and each file can be up to 20MB in size.  Videos will be stored securely and individually encrypted, ensuring that only the intended recipient will be able to retrieve them, when the time comes.  In the future we intend to allow direct recording from within the site, and will enable more than 3 videos per user.

Having a secure, digital copy of important documents (like your will for instance) can be extremely valuable.  And Legacy Locker can be accessed and updated from anywhere in the world, so if you want to retrieve your document or update with a new copy, it’s easy to do from any computer, any time.

Legacy Letters offer a means for communicating with loved ones (like a spouse, a child, or a dear friend) one last time.  Video is an even more personal medium than text-based letters, and allows your loved ones to see you one more time, hear your voice, and remember you the way you want them to.  Each video is safely and securely stored, and can only be retrieved by the intended recipient.

Both of the new features are only available for paid account holders.

We think that these features add value to our service, and we’re excited to introduce the new functionality.  We just launched two months ago, and we have many more ideas for new feature sets and tools.  If you have ideas feel free to pass them on to us, we would love to hear from you.  You can comment here on the blog, or send us an email at support [at] legacylocker [dot] com.  We promise we read every email that comes in, and we get some of our best ideas from our customers.  We thank you sincerely for your business.

-The Legacy Locker Team