One of the most practical challenges in digital legacy planning is also one of the most awkward: how do you give your loved ones access to your online accounts after your death without creating a security vulnerability during your lifetime?
There's no perfect solution — but there are several good approaches, and the right one depends on your situation.
Option 1: Password Manager with Emergency Access
This is the recommended approach for most people. Several password managers offer an "emergency access" feature that allows a designated person to request access to your vault after a waiting period.
How it works:
- You set up a trusted contact in your password manager
- After your death, they submit an emergency access request
- You receive a notification; if you don't respond within a set waiting period (typically 24 hours to 7 days), they gain access to your vault
This approach is both secure (the waiting period prevents unauthorized access during your lifetime) and practical for heirs.
Password managers with this feature include: 1Password (Emergency Kit and emergency contacts), Bitwarden (Emergency Access), and Dashlane (Emergency Contact). Note: LastPass removed emergency access features.
What you need to do: Set up the emergency access feature and make sure your trusted contact knows it exists and how to use it.
Option 2: A Sealed "Master Password" Document
If you use a password manager, your heirs only need access to one master password to access everything. You can write this password down (or your device PIN, which unlocks your password manager on your phone) and store it securely:
- In a sealed envelope with your executor
- In a fireproof safe at home (with your executor informed of the combination)
- In a safe deposit box (with your executor named as co-signer)
The risk: the master password document must be protected during your lifetime. Don't store it somewhere easily accessible to others.
Option 3: A Printed Account List
For people who don't use a password manager, a printed list of accounts and passwords (or a list of accounts with instructions for how to request access) stored securely is a reasonable alternative. The same security principles apply: store it in a secure location and tell your executor where it is.
Important: This document should be updated regularly and kept very secure. Never store it digitally in an unencrypted file or email it to yourself.
What NOT to Do
- Don't email passwords to yourself or store them in a cloud document without encryption
- Don't include passwords in your will — wills become public court documents during probate
- Don't give heirs your passwords while you're still living (unless you're comfortable with their access now)
- Don't assume family members can figure it out — without specific credentials, most online accounts are effectively inaccessible
Platform-Specific Legacy Tools
For major platforms, use their built-in tools instead of (or in addition to) password sharing:
For a comprehensive overview of digital legacy planning, see our complete guide to managing your digital legacy.