
Many important parts of our lives can only be accessed with a password. This includes email accounts, smartphones, cloud storage, social media, subscriptions and online financial services.
After you die, your loved ones may need access to these accounts to find important information, cancel subscriptions or preserve personal files. However, simply writing all your passwords on a piece of paper or sending them directly to someone is usually not a safe solution.
How can you make sure your loved ones can access what they need without putting your digital security at risk during your lifetime?
Why access to your accounts can be important
Your loved ones will not always need direct access to your accounts. In some situations, it may be better to close an account through the platform’s official process.
There are still situations in which access or additional information can be helpful, such as:
- Finding important documents.
- Viewing and preserving photos and videos.
- Cancelling paid subscriptions.
- Managing or deleting social media accounts.
- Identifying ongoing contracts and services.
- Unlocking a phone, computer or external hard drive.
- Finding contact details or personal instructions.
Without preparation, loved ones must determine which accounts you had and how they can access them. This can take a great deal of time and create additional uncertainty during an already difficult period.
Do not simply share all your passwords
Creating a document containing all your usernames and passwords may seem like an easy solution. However, it also creates serious security risks.
Anyone who can access this document during your lifetime could potentially sign in to all your accounts. The document could also be exposed through a data breach, a compromised email account or an unsecured device.
Passwords also change regularly. A list created today may already be outdated within a few months.
It is therefore better to think not only about which passwords you leave behind, but especially about how access can be arranged securely.
Use a password manager
A password manager is a secure digital vault in which you can store your passwords. This means you usually only need to remember one master password.
Some password managers allow a trusted person to request access after a waiting period or verification process. This is often known as emergency access.
One benefit is that your passwords are not spread across separate documents, notes and emails. When you update a password, the information in the password manager is updated immediately.
When choosing a password manager, check:
- Whether emergency access is supported.
- How the trusted person’s identity is verified.
- Whether you can choose the waiting period.
- Whether you can reject an access request during your lifetime.
- Which information the trusted person will eventually be able to access.
Not every password manager works in the same way. Make sure you understand exactly how its emergency procedure works.
Do not store the master password in the same digital vault
A password manager is only useful when your loved ones know how to request access or where the master password can eventually be found.
Do not store the master password in an unsecured note on your phone, and do not send it through email or a messaging app. Doing so removes a large part of the protection offered by the password manager.
You could store sealed instructions:
- In a physical safe.
- With your important documents.
- With a notary or legal professional.
- In another secure location that is only opened when necessary.
These instructions do not need to contain your complete password list. They may simply explain which password manager you use, who may access it and where additional information can be found.
Separate your accounts into categories
Not every account is equally important. It can help to divide your accounts into different categories.
Essential accounts
These accounts provide access to other services or important personal information, such as:
- Your primary email address.
- Your password manager.
- Your Apple, Google or Microsoft account.
- Your smartphone and computer.
- Your cloud storage.
- Government and identity services.
Special rules may apply to some of these services. Personal identity accounts generally cannot simply be used by someone else. Loved ones may need to follow an official procedure instead.
Financial accounts
These can include:
- Bank accounts.
- Investment accounts.
- Online payment services.
- Online shops with saved payment details.
- Cryptocurrency wallets and exchanges.
For traditional banks and financial institutions, loved ones should generally use the official bereavement process. Do not casually share bank security codes, PINs or other personal authentication information.
Cryptocurrency can require a different approach. Without the correct recovery phrase or private keys, access may be permanently lost. This information must therefore be stored extremely carefully, preferably offline.
Social media and personal accounts
Many social platforms allow you to decide in advance what should happen to your account. Depending on the platform, you may be able to select a legacy contact, arrange account deletion or enable an inactive account process.
Decide whether each account should be:
- Deleted.
- Preserved.
- Turned into a memorial account.
- Managed by a designated person.
- Downloaded or exported first.
Subscriptions and practical services
Loved ones often do not need the complete password to cancel a subscription. A list containing the service name, the email address used and the payment method may already be enough.
Examples include:
- Streaming services.
- Software subscriptions.
- Cloud storage.
- Domain names and web hosting.
- Phone and internet subscriptions.
- Online newspapers and magazines.
- Recurring donations.
- Delivery services and memberships.
Do not forget two-factor authentication
An increasing number of accounts use two-factor authentication. In addition to the password, a second code is required through an authenticator app, text message or physical security key.
This means that even if loved ones know your password, they may still be unable to access the account.
Check:
- Which device contains your authenticator app.
- Whether you have stored backup or recovery codes.
- Where physical security keys are kept.
- Which phone number is used for verification.
- Whether a recovery contact or alternative recovery method is configured.
Recovery codes should ideally be stored offline in a secure location. Do not leave them unsecured inside the same account they are intended to recover.
Make sure important devices can be accessed
Important information is not only stored in online accounts. It may also be stored locally on your smartphone, laptop, tablet or external hard drive.
Create an overview of:
- The devices you use.
- Where those devices are located.
- Which devices are encrypted.
- Where access instructions can be found.
- Which files should be preserved.
- Which devices may be completely erased.
A phone passcode may be useful, but it can also provide access to private conversations, photos and files. Carefully consider who you trust with this access.
Leave instructions, not only passwords
A long list of login details is not particularly helpful without any explanation.
For each important account, briefly record:
- What the account is.
- What you use it for.
- What should happen to it.
- Who may access it.
- Whether data should be downloaded first.
- Whether the account may be deleted afterwards.
- Which official procedure should be followed.
For example:
My Google account contains personal photos and documents. My partner may download the photos. The account may then be closed through Google’s official bereavement process.
This is much clearer than leaving behind only an email address and password.
Choose a trusted contact
Select one or more people who know that you have prepared your digital legacy. Consider not only who you trust, but also what this person will need to carry out your wishes later. Read more about what families need from a digital legacy tool.
They do not need immediate access to all your accounts during your lifetime. It is more important that they know:
- That instructions exist.
- Where those instructions are stored.
- Which password manager you use.
- Which accounts have priority.
- Who else should be involved.
- What your wishes are.
Choose someone you trust and who is digitally confident enough to follow your instructions carefully.
Keep your overview up to date
An overview of your accounts and access instructions is only useful when it remains current.
Review it once or twice a year and check:
- Whether all important accounts still exist.
- Whether your trusted contacts are still correct.
- Whether your password manager remains accessible.
- Whether your recovery codes are still valid.
- Whether your devices or telephone numbers have changed.
- Whether you have added new subscriptions.
- Whether your wishes are still the same.
When using a password manager, you do not need to manually verify every password during each review. You should still check that your access instructions remain accurate.
What should you avoid?
Avoid the following situations:
- Storing all passwords in an unsecured Word document or text file.
- Emailing passwords to yourself or someone else.
- Sharing bank security codes or PINs.
- Storing the password manager’s master password inside the same vault.
- Keeping recovery codes only on your phone.
- Giving one person complete access to every account during your lifetime without a clear reason.
- Leaving your overview unchanged for years.
Preparing safely means finding a balance between accessibility for your loved ones and security during your lifetime.
Add passwords to your digital legacy checklist
You do not need to store your actual passwords in MemoryVault to make them part of your digital legacy planning.
In MemoryVault’s built-in digital legacy checklist, you can record:
- Which important accounts you have.
- Which password manager you use.
- Where secure access instructions are stored.
- Who your trusted contact is.
- Which devices and recovery methods exist.
- What should happen to your accounts.
- Which tasks still need to be completed.
This gives you a clear overview without unnecessarily storing sensitive passwords in multiple locations.
Open your checklist in MemoryVault
Complete the checklist step by step, save your progress and immediately see which parts of your digital legacy still need your attention.
Start with the most important access points
You do not need to document every online account immediately. Start with the accounts that provide access to other parts of your digital life:
- Your primary email address.
- Your smartphone and computer.
- Your password manager.
- Your cloud storage.
- Financial and administrative accounts.
- Social media.
- Subscriptions and other services.
By documenting this information step by step, you can make things much easier for your loved ones later.
A secure digital legacy is not about sharing every password without restrictions. It is about leaving clear instructions, arranging secure access and carefully choosing who may see what.