How to pass on your passwords when you die

Tech companies let you set up digital-legacy contacts who can, upon your demise, gain access to your accounts, password managers and other data.

  • By Dalvin Brown,
  • The Wall Street Journal
  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print

Just as you set up a living will or a power of attorney, it’s a good idea to set up your online accounts so that someone else can access them after you’ve passed on.

It’s no fun to think about a day when we’re no longer here, but facing reality can save work and heartache for relatives and heirs. If you haven’t set up digital-legacy contacts or other means to share accounts after your death, your heirs typically have to go through a lengthy process to gain access to your data. In some cases, such as with some password managers, there may be no way for heirs to gain access unless you take steps in advance.

“When you don’t personally set up who has access to your accounts, you’ll be leaving behind a big mess and a lot of stress for your family,” said Bill Gaggos, an estate-planning attorney in Troy, Mich.

Mr. Gaggos, who helps clients store their valuable documents online, says he saw the problem become more common during the pandemic, as people fell ill and died suddenly without granting anyone access to their online accounts.

Apple (AAPL), Google (GOOG) and Facebook parent Meta Platforms (META) are among the tech companies that provide digital-legacy tools to let users bequeath account access to others. They work by letting you designate who can download your data or access your profiles after your death. The legacy-contact tools typically don’t require you to share your passwords with your heirs, but you can also set up password managers to share your account credentials, and other private information, upon your death.

The catch is that you must enable the tools before you’re gone. You can set them up in your app and device settings, which we will walk you through. Here is how to ensure your loved ones have access to all the necessary accounts after your death.

Legacy contacts

Apple, Google and Facebook users can set up legacy contacts in account settings. Such a designation doesn’t give heirs your passwords, but can grant them access to text messages, photos and other data in the event of your death. While making someone your legacy contact doesn’t automatically give them any access to your accounts while you’re alive and active, it’s always important to choose your designees wisely.

Meta provides a couple of options for Facebook accounts after death. You can select a legacy contact to look after your “memorialized” account, or choose to have your profile deleted after someone informs the company of your death. In both cases, the fastest way to notify Facebook is with a death certificate that your heirs upload. (You can’t set a legacy contact in Instagram to ensure your account is memorialized; your loved ones must upload a copy of your death certificate to the service to memorialize your profile.)

To add a legacy contact on Facebook’s mobile app, go to: Settings & privacy > Settings > Personal and account information > Account ownership and control > Memorialization settings > Choose Legacy Contact.

Google’s Inactive Account Manager setting lets you decide what happens to your data after you have stopped using your account for a certain period. You decide how long that is, such as three months or 18 months, and you choose up to 10 people that Google will email when your account reaches that inactive time limit. You also decide what data those people get access to, such as YouTube videos, photos, emails and other documents. They won’t be able to send emails from your account.

To set up the Inactive Account Manager, go to myaccount.google.com, scroll to More options > Make a plan for your digital legacy. If you don’t do this, your loved ones must upload a death certificate to close the account and receive any of its content.

Apple also has an option to add people as legacy contacts, who would be able to request access to most of what’s in your iCloud account.

You can set up legacy contacts on an iPhone by going to Settings, tap your name at the top then Password & Security > Legacy Contact. People you add are given an access key. After you die, they can go to digital-legacy.apple.com, log in with their iCloud account or provide other contact information and upload a death certificate. Once Apple’s staff reviews it and accepts the request, the contact can log in online or on an Apple device to view your call history, health data, Notes and iCloud backups. Legacy contacts won’t have access to passwords stored in your iCloud Keychain.

If you don’t designate a legacy contact, Apple requires a court order to give someone access to your Apple ID and data.

Password managers

1Password, LastPass and some other password managers—which store your current logins and can generate unique, complex passwords for all accounts you link to the service—let you designate digital heirs who can access your account information.

1Password’s “shared vaults” are like shareable folders that only friends or family members with granted access can view. The service also lets users print out an Emergency Kit document with space for login information and a QR code that sends your heirs to 1Password’s website where they can sign into your account. Share it with your heirs or save it in a place where they can find it. On LastPass, you designate a list of people you trust and invite them to create an account. If something happens to you, your trusted contacts can request emergency access to your vault. You set a wait time, during which you can deny access to your emergency contacts if you’re still alive and capable of accessing your account. No death certificate is necessary. There is a wait time during which you can cancel false-alarm requests from your loved ones.

No matter the password-storage method you use, experts say you shouldn’t make it too difficult for your trusted contacts to know what accounts you have, and how to log in. It’s also important to share your phone passcode, because many accounts are now protected by two-factor authentication, often a code generated in apps or sent via text message. If you use a hardware security key such as Yubico’s Yubikey or Google’s Titan Key, make sure it’s in an accessible place.

Passkeys

Millions of people are poised to change how they log into accounts over the coming years as Apple, Google and Microsoft (MSFT) begin to replace long, complex strings of characters with fingerprints, face scans or on-device passcodes. Such password-free technology is designed to be faster, easier and more secure than traditional passwords.

But those passkeys aren’t set up yet for sharing with heirs or next of kin. That limitation is part of the reason why password-free technology won’t become ubiquitous overnight, said Andrew Shikiar, executive director at FIDO (aka the Fast Identity Online Alliance), an industry organization working with Apple, Google and about 250 others to create password-free online authentication.

“Not only do consumers need to learn and embrace new behaviors, but their service providers also need to contemplate new back end identity and authentication policies,” he said. Such policies, including digital legacy, are outside of FIDO’s purview, Mr. Shikiar added.

Companies have some latitude in how they implement FIDO sign-ins. In the future, they could allow users to designate emergency contacts who can access your accounts through their own unique passkeys after verifying their identity. Alternatively, apps and websites may let you keep a traditional password as a backup.

And there’s still the old-fashioned approach. Jotting down a list of your accounts and passwords on a piece of paper and storing that in a fireproof safe—or even the freezer—with other important documents is one way to do it.

“Tell them to look for that little black box if anything were to happen to you,” Mr. Gaggos said.

  • Facebook.
  • Twitter.
  • LinkedIn.
  • Print

For more news you can use to help guide your financial life, visit our Insights page.


Copyright © 2022 Dow Jones & Company, Inc. All Rights Reserved.
close
Please enter a valid e-mail address
Please enter a valid e-mail address
Important legal information about the e-mail you will be sending. By using this service, you agree to input your real e-mail address and only send it to people you know. It is a violation of law in some jurisdictions to falsely identify yourself in an e-mail. All information you provide will be used by Fidelity solely for the purpose of sending the e-mail on your behalf.The subject line of the e-mail you send will be "Fidelity.com: "

Your e-mail has been sent.
close

Your e-mail has been sent.