FREE NEWSLETTER
Go to main Forum page »
This is a thought exercise…
Suppose you are the son or daughter of a reasonably tech competent older person. They have asked you to step in to act on their behalf should they be unable to do so on their own. The would name you as primary on their Durable Power of Attorney. You have agreed and are in the process of trying to understand how your parent deals with their finances now.
In your research you have discovered the following information:
1) Your parent uses a variety of tech equipment to deal with finances. This equipment includes a Windows 11 PC, an Apple IPhone, and an Apple IPad.
2) These devices all have a PW manager installed. The PW manager automatically synchronizes data across all devices.
3) The IPhone uses facial recognition in addition to a numerical access code. The IPad uses fingerprint data for access in addition to a numerical access code. The Windows PC only uses a numerical access code.
4) The parent has 2 bank accounts, 5 credit card accounts of which only 2 are really used, and 4 brokerage accounts (1 broker).
5) There is a bill pay service at one of the banks which is used to pay any bills which are not set up to be paid automatically via direct debits, or credit card debits. The credit cars are auto pay through the bill pay service.
6) The parent uses Quicken to record all financial transactions for all accounts and has done so for 25 years.
7) Most bills are delivered via your parent’s primary email address. Exceptions are property taxes and HOA fees and a cell phone bill.
8) The parent does their own taxes using TurboTax desktop and stores all the returns and data in Dropbox.
You quickly determine that you need to have both the phone and the PC as a minimum if you are to step into your parent’s shoes financially. BUT, even if you have the devices, there are some catch-22 issues; you cannot satisfy the existing biometric requirements. So, you need the numerical access codes for all devices. You also need the PW manager’s PW, because on the phone and IPad, the alternate to using the PW is biometric. The PC uses the same numeric code for access to the PW manager as to the device. So, you think you can just use the PC and skip the phone. Unfortunately, the primary brokerage/bank access requires use of an authentication APP which resides only on the phone. Dropbox access, like many other providers, uses 2factor authentication through text messages to the IPhone. Fortunately, the IPhone allows addition of a second face/fingerprint for access, provided you have the parent present to show their face as authentication for adding another face. This might be hard to do unless done before need arose.
Because you live in another state, you think that you should setup email access to the parent’s primary email address so that you can see bills that arrive by email. You quickly find out that Gmail requires a passcode which comes from the parent’s phone for you to sign into the email account. Boy, you think, nothing about this is easy!
Thought exercises are useful because they help us realize that everything in the modern world is much more complicated than we realize. There is obviously more involved in effectively setting up someone to act on your behalf than just naming them in a legal document. And this exercise didn’t cover things like the need to communicate your investment philosophy, budget, financial goals, things that you might have begun, like a home improvement. It just dealt with what you would have to do from a tech point of view to allow another person to act for you. I am writing this because I just spent the last 3 days with one of my sons trying to figure out what he would need to really do this for me. Your own tech situation will be different from mine; different gear etc.
If reading through the latest ins and outs of authentication & passkey set-up (see Doug C’s comment below) makes my head hurt, it will make my Luddite husband’s head explode. I would love to bolster our digital security but still waiting for a simple silver bullet. Maybe it’ll be passkeys? Still not sure how facial recognition or fingerprint fits into everything, particularly if you need to access someone else’s devices.
For now, I’ll just keep following HD threads like this, looking for that silver bullet.
It’s rare that a post will make you slap your forehead and say, “Of course! How could I not have thought of that?”
This one did.
10 out of 10. Thank you.
Thanks for a reminder! Had forgotten to list my wife’s and my cell phone opening codes in my master password list.
in my case I think the phone is the kingpin to account access so my ‘death instructions’ letter to my kids begins with the password for obtaining access to my phone and instructing the executor to convert the biometrics to their own.
Authentication with all of its extra protections is definitely a complex issue for setting up just for one’s self, let alone allowing for multiple people to handle. Thanks for so clearly documenting this challenge.
I mitigate the phone issue when a texting 2FA solution is required by using a Google Voice number (it supports texts). When using Google voice, you can allow multiple people to access that account via the web to view the text message, and/or have text messages forwarded to multiple email accounts.
For Time-based One-Time Passwords (TOTP) for 2FA (using an application that generates 6 digit codes that change every 1 minute), there are apps (I use 2FAS) that allow the app to run on multiple devices and any additions to entries are synchronized. Alternatively, you can also share the TOTP “Secret Key” if you save it when first setting it up.
Then there are passkeys. The generated private keys can be stored in standalone apps or web based synchronized password managers, as well as on physical keys (Yubico, etc). I guess a nice thing here is if you wanted you can usually generate more than one of these passkeys for each target (website) enabling sharing more easily.
It’s not the securest solution because everything is in one spot, but certain synchronized password managers (like Bitwarden) allow you to store and synchronize all three 2FA methods (passwords, TOTP, and passkeys). And access to this password manager account can be shared in a number of ways.
=====
I have done my best to set this all up so it is available for my wife to use if I pass before her, but honestly I think she’d never get it all (she has no interest in technology and this was my profession in the past so I enjoy it).
My son would be able to handle it all fine, but I have not yet felt the need to turn over the keys to him. But I hope that I have documented enough so that he could take it over (via my wife’s access initially) to gain access to all that is needed.
But it is definitely a major chore to be able to access all of these technical resources needed for authentication to all of our web based financial resources.
Regarding email, I did step into my parents financial world, and simply added my parents email account to the email app on my phone and IPad. I toggle between email accounts on each device to view email without having to relogin.
Its certainly a journey to manage a loved ones finances, but with the proper POA in place, it can be done somewhat easily.
The 2FA is a problem. Some outfits give you the option of an email instead of a text.
Of course if your trusted person lives nearby it’s much easier. They just need access to your phone and the PIN for the phone to bypass the face-ID. With the phone open they can use the authentication code app to get the 2-factor codes as needed. I’ve also shared the master password for my password manager with my son, which he keeps in his password manager.
I also have a shared Google doc with instructions about accounts, bill-paying process, where to locate important items, etc. that I update periodically. Hopefully that’ll do it.
This is a fantastic post, I thought for sure that you would end it by saying, “asking for a friend”.
I have absolutely everything laid out for my daughter to take over when the time comes. At least I thought I did before reading this post. Access to email, yep. Access to my password manager, you bet.
How about that code that Fidelity texts to my phone? NOPE, that escaped my well laid plan.
You have given me much to consider. I need to do a little more fine tuning. Thank you.