Skip to main content

Estate Planning: How To Keep Track of Passwords, Access Keys, and PINs

Written by: A. Hollyn Scott, Esq. , Contributing Author
Reviewed by: Ally Marshall, Esq. , Managing Editor
Last updated March 06, 2024
Person entering a credit card on their computer

Still not sure what estate planning tools you need?

If you were to pass away unexpectedly — would a family member or a trusted friend be able to access important electronic records? Can they find emails, bank accounts, or social media accounts? Can someone stop online services from billing your credit card? Who can close your online accounts?

Table of Contents

Online Safety in a Digital Age

Security-conscious consumers now have access to military-grade cryptography. While hackers are still a big problem, a far more common challenge — and one few people think about — is the difficulty that online security practices pose after a person’s death.

Take some time today to create a digital estate plan to protect your digital assets and sensitive information while ensuring a responsible person can manage or close down your online accounts.

Create a Plan for Storing Passwords Securely

Establishing a secure way to track, store, and share logins, log-in passwords, access keys, and personal identification numbers (PINs) is the first step in securing your digital legacy. There is no standardized way to keep track of important account information, and many people have not received any education on the subject. It’s left up to the individual to muddle through.

Here are some options for keeping track of your passwords:

  • Password Managers: Password protection software is a solution millions of people use to protect sensitive information. There are dozens of online services and password manager apps that you can use to secure passwords and other log-in information, as well as generate strong passwords. Services like LastPass, 1password, and Keeper provide peace of mind. An added benefit, you can access your passwords when you need to from home or on the go with mobile devices such as an iPhone or Android cell phone. All information stored online or in the cloud has some exposure to hackers. Password manager users are placing their trust in the digital security professionals who work at these companies. The risk of hacking may be low, but it’s not zero. And remember, someone needs to know the master password for the password protection service.
  • Master Passwords and Password Splitting: Some people favor a password splitting scheme, where half of a master password is given to one party (e.g., a spouse), and the other half is given to another trusted person, perhaps a lawyer. The benefit here is that no one has access to your information while you are alive, not even your spouse. If you and your spouse were to die at the same time, your spouse’s half of the password would also need to be held by a second person, perhaps a second lawyer with instructions to contact the first lawyer. The biggest pitfall to this approach is that some may find it too complex. If you change your master password at any time, you will need to remember to inform everyone of the change.
  • Using a Safe at Home: This is probably the easiest method for the storage of a master password or a password list. After you’ve compiled a list of passwords, PINs, and security questions and answers, store this document in a waterproof, fire-proof home safe. The combination for the safe can be stored with your attorney. Again, because passwords and PINs sometimes change, be sure to update this important document on a regular schedule.
  • Do Not Use a Safe Deposit Box at Your Bank: A safe deposit box is a great place to store expensive jewelry, the deed to your home, or a passport. It’s not a good place to store your original estate planning documents or your digital estate plan. Most banks will not allow anyone to access the safe deposit box after the death of the owner until an executor has been appointed by the probate court. If the will is in the safe deposit box, it may take a court order to get it. That takes time. While digital assets may not be the first priority after a death has occurred, they are important to many people and you may not want the delay.
  • Don’t Get Too Creative: Come up with a scheme that works for you and your family. Don’t get so creative that your loved ones can follow through with the plan when they need to.

Make a List of Each Service and Its Access Information

Once you have a strategy for storing account logins and access information, make a list of equipment and services that use access information (logins, passwords, access keys, PINs, etc.). Here are some examples of information to include on your list:

  • Computers, cell phones, and other electronic devices
  • Email accounts
  • Financial accounts, retirement accounts, investment accounts, credit card accounts, and other financial institutions
  • Online services and memberships (i.e., music and photo storage, computer backup services, recurring purchases, and recurring charitable giving to nonprofits)
  • Important contact information, including contact information for those whom you have listed as inactive account managers (see below)
  • Locations and access information to safes, safe deposit boxes, alarms, etc.

Include a description next to each item on the list. For instance, you may want to include a description of the assets held in an account, or the types of documents found in an online storage location. Now you are ready to put this information into storage.

Don’t forget to also periodically update your information.

Digital Legacy Contacts

Many of us live a significant part of our lives online. How will these accounts be managed, or deleted? Be aware of how the online accounts you use handle the death of one of their users. Consider the following features used by some of the major tech companies when drafting your digital estate plan:

  • Google lets users name an “inactive account manager.” This person is granted access to your account if it has not been used for a certain amount of time. You are given the option of setting a waiting period of 3, 6, 12, or 18 months. After that time, your account is automatically turned over to the designated person.
  • Facebook allows users two options for the management of their account after death. You can choose to have your Facebook account permanently deleted. Someone will need to notify Facebook to initiate this process. The second option is to create a memorialized account, with or without a legacy contact. If you assign a person as a legacy contact, they can manage tributes and posts on your Facebook profile page, can update your profile picture, respond to friend requests, and can ask to have your account removed. They cannot post as you or see your messages.
  • TikTok and SnapChat do not allow anyone else to access an account. They will delete the account if provided with a copy of the death certificate. Twitter will work with the executor of the estate or an immediate family member to deactivate the account.

Password protection companies, unsurprisingly, have also planned for the death of their user.

  • 1password, for example, has users create an emergency kit when they sign up. This provides information that would allow someone to log into the account. It can be printed out or placed on a USB drive and stored in a safe or at a lawyer’s office.
  • LastPass and DashLane allow you to designate an emergency recipient, along with a waiting period for access or immediate access. That recipient could be the executor of your estate or a spouse.

The Challenge of Two-Factor Authentication

What if you use two-factor authentication (2FA) with face or fingerprint recognition to access your accounts? Even if you log in with the correct email and password, you still need the secondary code that is sent to your phone.

On an Apple iPhone, it’s possible to add a second person’s fingerprint or face into your phone settings. That person will also need to know your passcode so they can restart the phone if it has been inactive. Android phones vary. Look for information on your manufacturer’s website.

Another option is to create a backup code for accounts that use 2FA and provide the option of a backup code. The backup code can be stored in the password manager but should also be stored somewhere physically.

Ready to Make Your Digital Estate Plan?

Choosing a password storage system, creating a list of your various log-in credentials, appointing someone to manage your online accounts, and considering how to prevent two-factor authentication problems are all essential steps to creating a rock-solid digital estate plan, but it is also important that you coordinate the details of your digital estate plan with your formal will. To avoid confusion, your will should refer to your digital estate plan and appoint a personal representative to manage your digital accounts and assets after your death.

Using FindLaw’s do-it-yourself estate planning tools to draft a will may help you implement your digital estate plan so that there are no discrepancies between it and your traditional will. If you have a particularly comprehensive digital estate and still have questions, consider contacting an experienced estate planning attorney in your area.

Ready to begin your estate plan?

Create my estate plan


View videos on these media platforms:

Need help?

  • Find a lawyer
  • Search legal topics
Enter your legal issue
Enter your location