Mac 911 has received a sadly unsurprising number of emails over the past four years from people whose loved ones have passed away and who are left with computers, mobile devices and cloud accounts that contain mementos, legal documents and much more.
Here’s what you need to know to prepare before your (or someone else’s) death and how to handle things when someone is gone.
Make a plan before it’s too late
Most of us feel macabre talking about death, but tackling the nitpicking details ahead of time can solve endless problems later. It’s especially true with digital assets, as big tech companies (including Apple) may not answer your questions when someone leaves.
What secrets do you need to have at your disposal?
Device passcode and macOS account password. Apple now locks down all of its devices with an account passcode or password that the company can’t provide or break. If you don’t leave this information, the data on your devices can never actually be recovered. Related: If you use iCloud Keychain, only a device passcode or Mac account password can provide access to passwords, second factor codes, and passkeys.
Apple ID account name and password.
Passwords for important accounts, primarily your primary email login. Without these, someone may not be able to access email accounts to manage invoices or reset passwords for other services.
Hardware security keys. If you use hardware security keys to sign in to your Apple ID or accounts on other sites and services, you need a plan to allow access for your successors. This may be the only physical item you need to be sure someone gets their hands on it.
Try to find a way with living relatives, partners, and the like to store their passwords and device passcodes so you can gain access if they die or are incapacitated. If you trust another person enough, you can trade secrets safely. My wife and I use 1Passwords and use its shared vault feature to store the critical information each of us needs in the event of an emergency or the other’s death. For hardware security keys, you’ll need to tell them where to find the keys, such as in a safe or even a desk drawer.
You could also hire an attorney or enlist a loved one, business associate, or other person you have a connection to. An attorney can draw up a simple document that allows him to hold passwords in escrow for another party and only release them under special circumstances. (It is vital that you share this with other people so they know how to contact this lawyer or law firm). of incapacity or death. (Apple requires you to add two more hardware security keys to an Apple ID, so you could take an extra key and file it with an attorney or other party.)
You can even go a step further and encrypt the information you provide to the attorney, only providing the password to authorized parties. This prevents access to your data if a company had an unreliable employee or your files were stolen.
(An easy way to encrypt is to create an encrypted disk image to put your files on. Use Disk Utility: File > New Image > Blank Image, set a disk name and size, choose “AES 256-bit Encryption” from the Encryption pop-up menu, then enter and record a password. Only Macs can decrypt and mount such a disk image.)
Even a trusted party could fill that intermediary role instead of an attorney, if there is someone you can rely on to release the encrypted information with the same restrictions.
Enable digital legacy
While Apple’s Digital Legacy Service (added to its operating systems in 2021) doesn’t fix all the problems, it does provide a simplified and empowered method for legally selected representatives of an estate to gain access to most of a person’s iCloud-linked information.
Before you or someone else dies, both need to add legacy contacts to their Apple ID account. (See “How to set up a legacy contact for your iCloud account.”) Apple offers a list of all data that a legacy contact will and will not be able to access.
As a further step, you or that person should specifically authorize one or more people to handle the legal affairs for your estate. Macworld doesn’t provide legal advice, so ask a lawyer you use to draw up a will about what that language should be. This provides additional help in case something goes wrong with access through Digital Legacy.
When someone dies and the Digital Legacy service is invoked for their Apple ID, that Apple ID can no longer be used with any devices for iCloud and other services. Any connected devices that had Where is enabled and, therefore, Activation Lock turned on, will have Activation Lock removed.
Apple notes that such devices must be reset to factory settings after that point to be signed in with a new Apple ID instead of simply signing in with a new Apple ID.
If you’ve relied on the Apple ID account of a partner or other person you know for purchases and media, enabling Digital Legacy erases all purchases. This is a good reminder that we license digital media: we don’t buy or own it.
If you share an Apple ID with someone else, you should plan to continue using the account. Apple intends the accounts to be used by a single person, but there is little oversight of shared uses of a single account unless the account is registered in that other person’s name and Apple directly receives information about their disappearance .
What if someone didn’t plan ahead?
Without an Apple ID-enabled legacy contact and password and passcode, there’s little you can do.
Apple’s Digital Legacy offers an option to regain access to hardware but not data. You can follow a procedure on the digital legacy site If you don’t have a legacy contact access key, part of the process of adding someone as a legacy contact, you can click “I don’t have an access key” and follow a series of steps.
The end result is that the Apple ID account is deleted along with all data, and all associated devices are erased and Activation Lock is removed, allowing them to be factory reset and used again.
This Mac 911 article is in response to a question asked by Macworld reader Ian.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently, along with answers and column links: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Send yours to [email protected], including screenshots if applicable, and whether you want your full name to be used. Not all questions will be answered, we do not respond to emails and cannot provide direct troubleshooting advice.