Help Desk: Digital life after death, passwords on Post-Its and a new Comcast nightmare
I love hearing about your digital nightmares.
Perhaps love isn't the word for it. I read every message I receive from readers about computer problems, upgrade dilemmas, exploding phones, security breaches and terrible, awful no-good experiences with tech companies.
I'm here to help you take back control. No, I can't come to your house and fix your printer. But I am collecting and answering some of your most frequent and thorniest questions in a new feature called Help Desk.
You can reach me via email on geoffrey.fowler@washpost.com, on Twitter @geoffreyfowler and via the form below.
Your questions can help others, turn our tech reporting team onto important investigations, and maybe - as you'll see in the Comcast nightmare below - lead to fixing a nasty problem.
What happens to your iCloud when you die?
"Do they just disappear once you stop paying rental? Does the stash go into your will?" asks reader Jerome McDonald in Brookeville, Md.
Death is now a tech problem, too. As I recently wrote, storing your photos and other digital stuff in the cloud can make tidying up easier. Passing on a photo collection in the cloud has the potential to be less of a burden on heirs than a basement full of albums and old papers. But your digital life can also pose challenges for the people you leave behind, if you don't plan in advance.
The problem: States have very different ways of recognizing online accounts and data. Some treat digital assets as property like a car or a savings account. Others treat digital assets as private data that shouldn't be accessed by anyone else. In general, tech companies won't turn over your data without your express consent, though some make exceptions for heirs.
At least your data won't immediately disappear: If you stop paying for storage or your credit card bounces, Google says it won't delete your stuff - but the account won't be able to upload anything new over the free storage limit. Apple doesn't say how long it holds onto iCloud data if you don't pay, but reserves the right to remove an account with 30 days' notice.
You can take a few steps now to avoid problems for your family and friends. It starts with talking to a lawyer or estate planner about making stipulations for digital assets in your will. A few tech companies allow you to identify an online heir, which Google calls an "inactive account manager" and Facebook calls a "legacy contact." Apple has no formal process to pre-identify a digital heir (even if you share a family iCloud account), but Apple support can provide help that might vary by the state you live in.
Another way to make this easier: Plan a way for loved ones to access your logins and passwords after you're gone. Some password managers offer this as a service: You identify an emergency contact who can open your up-to-date info after a waiting period that you specify.
Is it safe to write down passwords?
"I have a small, petite Rolodex file of cards, with written passwords ... I feel this is 'better than' an electronic password manager and feel it is very secure," writes reader Lawrence Klein.
People get passionate about password management - and with good reason! The single most important thing you can do to protect yourself from hackers is to use strong and different passwords on every different app, site and service.
I'm an evangelist for password manager apps, despite a security flaw recently found in many of them.
Some people use notebooks, others rely on a sea of sticky Post-it notes. What's the problem with that? It comes with risks: Your house could get burgled or destroyed in a fire. I also think physically writing them down doesn't make as much sense in the world many folks now inhabit: We have to access hundreds of accounts on lots of different kinds of devices - a phone, a home computer, a tablet, a work laptop and more. Do you carry that little notebook around with you everywhere? Your strong passwords should be available on all of your devices and that's what a password manager does for you.
Do the new iPhone XS and XR or Samsung Galaxy S10 work with 5G networks?
"Upgrading now to a model not 5G compatible seems a waste," writes reader Jim Caskey in Rockville, Maryland.
He's right that you can't buy a phone from Apple or Samsung today that will support the next-generation, or 5G, networks that are coming to the U.S. in the months and years ahead. Those networks promise download speeds that are as fast as a home broadband account - or maybe even faster.
That's a bummer, I know, because phones have gotten extremely expensive and many of us want to hold on to one for three, four or more years. A phone you buy today will still work in the future, it just won't be state of the art. (To make matters more confusing, AT&T is already changing the icon for its network to "5GE" in some areas, even on devices that don't support real 5G network speeds.)
So when can you get a 5G phone? Samsung has announced a special - and likely expensive - 5G version of its Galaxy S10 phone will arrive in the first half of the year. Apple doesn't disclose its plans ahead of big fall launch events, and Bloomberg has reported Apple doesn't plan to bring 5G to the iPhone until 2020.
There may also be reason to hold off on this first generation of 5G phones. This network technology is new, and likely a huge battery drain. Also, it might take a few years for 5G speed to actually reach your neighborhood, and when it does it might be pricey.
Tell me a tech horror story.
"This is a security hole large enough to drive a truck through," reader Larry Whitted in Lodi, California, wrote last week.
As a customer of Comcast's Xfinity Mobile phone service, Whitted says someone was able to hijack his phone number, port it to a new account on another network and commit identity fraud. The fraudster loaded Samsung Pay onto the new phone with Whitted's credit card - and went to the Apple Store in Atlanta and bought a computer, he said.
The core of the problem: Comcast doesn't protect its mobile accounts with a unique PIN. (Comcast's help site for switching carriers suggests this is to make things easier: "We don't require you to create an account PIN, so you don't need to provide that information to your new carrier.") The default it uses instead is ... 0000.
Closely guarding your telephone account is becoming increasingly important for security. All kinds of online and financial services use text messages and calls to a phone number to verify identity, or as a second factor in addition to passwords. Other Xfinity Mobile customers have also reported having their numbers hijacked.
After I contacted Comcast, it said it was making a fix. "We're aware of a very small number of customers impacted by this issue, but even having one customer impacted by this is one too many," a spokeswoman said in a statement. New measures that make it harder to steal phone numbers took effect shortly before I published this column. Comcast said it is also "working aggressively towards a PIN-based solution."
How can customers protect themselves? Comcast said that a fraudster still needs several pieces of customer information to port a number, including the obscure Xfinity Mobile account number that it usually requires a password to access. "We believe this has only affected customers whose passwords might have been included in previous, non-Comcast related breaches," the spokeswoman said. (I know I'm a broken record, but this is why it's important to not reuse passwords.)
But this is also Comcast's fault. PIN security should have been in place since it launched the Xfinity Mobile phone service nearly two years ago. "This reminds me of when Kanye West was in the Oval Office and people could see that his password was 000000," said Whitted. "Except that this is an entire large telecom company."