The One Access Decision Most Families Get Wrong

A message from Boomer:

Some of you may have noticed, I stepped away for two weeks this past month. For those who haven’t seen the news at home, I’ll say it plainly: my son passed away. I’m writing this not to ask for anything, but because the experience taught me something that sits squarely at the center of the work I do at Blackink IT, and I’d be doing that work poorly if I kept it to myself.

I have spent my career telling people to lock things down: use strong passcodes, biometrics, two-factor everything. Always assume the device will be lost or stolen and make it useless to whoever finds it. That advice is correct, and I’m not retracting a word of it.

But there is a second half to that lesson that almost no one plans for, and I learned it in the worst possible classroom.

We were able to retrieve some of my son’s personal effects from the coroner within eight hours of his passing. Among them was his phone, however, we did not know his screen lock code.

We stared at that phone for hours. We believed we had only ten attempts to guess the code before the device would lock us out for good ₍₁₎, and so we were afraid to spend even one. Every guess felt like it might be the one that closed the door forever.

After a family discussion and a good deal of deliberation, we decided to use one of those attempts on a code we thought might be it. It was our first guess, but make no mistake, it was still a guess. Thankfully, we were right, and his phone opened.

We were fortunate, but not everyone is.

What that single moment gave us is hard to overstate. We found contact information for his friends, including people we had never met, so we could reach them directly rather than hoping word traveled. We found a record of his days. And we found photographs, thousands of them, that we will treasure for the rest of our lives.

I have since spent time, the way a security person does, understanding what the alternative would have been. The major platforms do have formal programs for this. Apple offers a “Legacy Contact” you can designate in advance; Google has its “Inactive Account Manager.” These are good tools and everyone should set them up. But they share two limitations that became very real to me. First, they grant access to cloud account data, not to the device in your hand, and not to everything on it. Second, they run through a review process. You submit documentation, including a death certificate, and you wait for approval. That can take days or longer, and a death certificate itself often takes a week or more to obtain.

I cannot imagine waiting days or weeks for that approval in the state we were in. The device, unlocked, was immediate, complete, and ours.

Here is the part I want every parent, spouse, and adult child to hear, and the reason I’m willing to write something this personal on a company blog.

The most durable key to a person’s digital life is not their fingerprint or their face. Those die with them and cannot be handed down. It is the passcode, a piece of knowledge that one person can choose, while they are alive and well, to share with someone they trust. We are trained to treat that secret as something to guard from everyone. We rarely stop to ask whether there is exactly one person, or two, who should have it for the day none of us wants to think about.

However, I want to be careful about what I am and am not suggesting. This is not an argument for monitoring your children or reading your spouse’s messages. It’s the opposite. It’s an argument for a deliberate, mutual, consensual decision, made in advance, oriented entirely toward catastrophe and not toward daily oversight. And it isn’t right for every family; relationships marked by coercion or estrangement are a different and harder situation. But for most families, the conversation is worth having on purpose rather than discovering, too late, that no one ever had it.

If you want to act on this, a few practical notes from someone who now thinks about it constantly:

• Designate digital legacy contacts now. Apple’s Legacy Contact and Google’s Inactive Account Manager take a few minutes each. Set them up for the cloud layer.
• Decide who should know the device passcode. Whether that means sharing it directly or writing it down and storing it where the right people can find it, with your estate documents, in a home safe, or in a password manager with an emergency-access feature, but choose deliberately.
• Remember that passcodes change. A shared code that goes stale is the silent failure mode. Build in a way to keep it current.
• Biometrics are not a plan. Face ID and Touch ID protect you while you’re alive. They do nothing for the people you leave behind.

To our clients, partners, vendors and friends across the country who wondered where I’d gone: thank you for your patience in those two weeks. I’m back, and I’m grateful for the work. If my circumstances have given me anything to offer, it’s this, I’d rather you act on it now than learn it the way I did.

John Boomershine
Partner, Vice President – Security & Compliance
Blackink IT

‍

₍₁₎ What actually happens depends on the device and its settings. On iPhone and iPad, repeated wrong entries trigger escalating time-delay lockouts that begin around the fifth attempt and grow to roughly an hour; repeating the same wrong code does not count toward the limit. If the “Erase Data” option is enabled, the device erases all content after ten consecutive wrong attempts. If it is not enabled, the device does not wipe, but after the tenth failed attempt it enters a permanent “Security Lockout” and can be reused only by erasing and resetting it — so the data on the device is effectively lost either way unless a backup exists. Android has no single rule: stock Android (for example, Google Pixel) imposes escalating lockout timers but does not erase by default, while some manufacturers such as Samsung offer an optional “auto factory reset” setting (commonly after 15 failed attempts) that must be switched on. In every case the data stays encrypted, and a reset typically triggers Factory Reset Protection, which requires the original account credentials to reactivate the device.