She found the notebook in the top drawer of her mother’s desk.
Six pages. Every account. Every username. Every password. Recovery questions carefully written beside each one. Her mother had always been organized, and the notebook reflected that.
Then she tried to log in.
The bank account asked for a six-digit verification code sent to her mother’s phone. The phone was locked with biometric security. The email connected to several financial accounts had been created decades earlier through a provider that no longer existed. The recovery phone number on that account was a disconnected landline.
The notebook was complete.
It still wasn’t enough.
As an estate planning attorney, I see this type of situation far more often than people realize. Families do everything they think they’re supposed to do by writing down passwords, only to discover that modern digital security has changed the rules. By the time they realize what’s missing, they’re already trying to navigate the loss of a loved one while locked out of the accounts they need most.
This is one of the most common gaps in estate planning today, and it rarely appears in traditional estate planning documents.
Why the Password Is No Longer Enough
Most online accounts today require more than a password.
After entering the correct password, a second verification step is required. A security code is sent to a trusted phone, email address, or authentication app before access is granted.
This process, known as two-factor authentication (2FA), has become the standard for banks, investment accounts, email providers, cloud storage, healthcare portals, and countless other online services. It is one of the most effective tools available for preventing identity theft and fraud.
Unfortunately, it also creates one of the biggest obstacles for families after someone dies.
The family member or executor may have the correct password, but the verification code is sent to a phone that is locked, a phone number that has been disconnected, or an email account that no longer exists.
The password is correct.
The account is still inaccessible.
It’s also important to understand that simply using someone else’s login credentials after they die is generally not the intended legal process. Most online platforms prohibit it under their terms of service, and in many situations it may not be legally appropriate.
Instead, financial institutions, email providers, and other online platforms typically require the executor or authorized representative to follow their formal deceased account procedures. That often means providing a death certificate, court-issued documentation establishing legal authority, and other supporting documents.
Even then, many companies still rely on the original verification methods connected to the account.
If those recovery methods are outdated or inaccessible, the process can become significantly more complicated.
As part of my estate planning process, I help clients prepare for these situations before they become emergencies by ensuring their digital estate plan addresses not only passwords, but the entire chain of digital access.
The bottom line: Passwords alone are no longer enough. A complete digital estate plan must account for where every verification code is sent and how your executor or trusted decision-maker will gain lawful access when the time comes.
The Old Email Problem
Another issue I see regularly involves outdated recovery information.
Many online accounts were opened years, or even decades, ago using email addresses that people no longer monitor. Phone numbers have changed. Internet providers have disappeared. Authentication apps were installed on devices that no one else can access.
Each online account depends on a chain of connected information.
If even one link in that chain is broken, accessing the account often requires a lengthy recovery process that may involve multiple forms of identification, waiting periods, and platform-specific procedures. Even then, success is not guaranteed.
The same issue affects password managers, cloud storage platforms, photo libraries, cryptocurrency wallets, and many business accounts.
A digital estate plan should be reviewed periodically, just like the rest of your estate plan, to make sure those recovery methods remain current.
The bottom line: Your digital assets are only as accessible as the phone numbers, email addresses, and devices connected to them. If those aren’t current, your digital estate plan is already outdated.
The good news is that these are all issues that can be addressed before they become someone else’s problem.
The Accounts That Cause the Most Problems
When families think about digital assets, they often picture social media accounts.
Those usually aren’t the accounts that create the greatest challenges.
The most significant digital assets are often financial or operational.
These include:
- Online-only bank accounts
- Investment and retirement accounts
- Email accounts containing financial records
- Cloud storage with legal documents or family records
- Online business accounts
- Cryptocurrency holdings
- Digital payment platforms
- Subscription-based businesses
- Intellectual property and licensing accounts
Many of these assets have real financial value. Others contain documents that are essential for settling an estate.
If no one knows the accounts exist—or no one has the legal authority to access them—they may effectively disappear.
This is why I encourage clients to create a complete inventory of their digital assets as part of their overall estate plan.
Your will or trust should also include provisions that authorize your executor or trustee to manage your digital assets in accordance with applicable law.
Without those provisions, your fiduciary may face unnecessary legal obstacles even after being formally appointed.
The bottom line: Digital assets are now an important part of nearly every estate. A complete estate plan should inventory them, identify where they are located, and provide your fiduciary with the legal authority needed to manage them.
What Your Will Cannot Do
One solution people often suggest is including passwords directly in their will.
I strongly advise against that.
A will becomes part of the public court record once it is admitted to probate. Anyone may be able to obtain a copy.
Including usernames, passwords, security answers, or account numbers in a public document creates obvious security concerns.
Instead, your will should do something different.
It should identify the person who has legal authority to manage your digital assets and direct them to a secure location where the access information is stored privately.
That information may be maintained in a password manager, secure digital vault, encrypted document, or another protected system that can be updated whenever your accounts change.
Separating legal authority from sensitive access information provides both flexibility and security.
The bottom line: Your will should name who has authority over your digital assets—not publish the credentials needed to access them.
This isn’t simply an inconvenience.
Families are often trying to access financial accounts needed to pay funeral expenses, mortgage payments, medical bills, taxes, and other immediate obligations. Every unnecessary delay adds stress during an already difficult time.
What a Real Digital Estate Plan Looks Like
A proper digital estate plan is not simply a password list.
It’s a complete system.
As part of the estate planning process, I work with clients to build a digital plan that includes:
- An inventory of important digital assets
- Documentation of how each account is protected
- Current recovery email addresses and phone numbers
- Backup authentication codes where available
- Secure storage of access information
- Clearly designated legal authority for the executor or trustee
- Regular reviews to keep everything current
Whenever phone numbers change, new accounts are opened, or recovery information is updated, the digital plan should be updated as well.
Many states have adopted laws based on the Revised Uniform Fiduciary Access to Digital Assets Act (RUFADAA), which governs how executors, trustees, agents under powers of attorney, and other fiduciaries may access digital assets.
These laws, combined with each company’s own policies, determine what your loved ones can access and how they must request it.
Because every financial institution, technology company, and online platform has its own procedures, a thoughtful digital estate plan accounts for both the legal authority and the practical process needed to access each important account.
This is one of the reasons digital estate planning has become an essential part of the work I do with families today.
The bottom line: A digital estate plan isn’t a document you create once and forget. It’s an organized system that stays current and gives the right people the legal authority and practical tools they need when they need them most.
What You Can Do Right Now
A good place to begin is by creating an inventory of your important digital accounts.
Identify your financial accounts, email addresses, cloud storage platforms, online businesses, and any other digital assets that hold financial, legal, or sentimental value.
Then review where each account sends its two-factor authentication codes. Verify that your recovery email addresses and phone numbers are still current.
Generate backup authentication codes whenever a platform offers them, and store those codes securely offline.
Most importantly, make sure your estate plan gives the right person the legal authority to manage your digital assets when the time comes.
If this feels overwhelming, you’re not alone.
Digital estate planning has become one of the most important parts of modern estate planning because nearly every family now depends on online accounts for their finances, records, and daily life.
When I work with clients, I take the time to understand their specific digital footprint, including the accounts they rely on, the devices they use, and the recovery methods connected to them. Together, we create a comprehensive Life & Legacy Plan that helps ensure the people you trust can access what they need – without unnecessary delays, confusion, or additional stress during an already difficult time.
At Cheever Law, APC, we don’t just draft documents; we ensure you make informed and empowered decisions about life and death for yourself and the people you love, starting with a valuable and educational Life & Legacy Planning Session. The Life & Legacy Planning Session will allow you to get more financially organized and make the best choices for the people you love. If you have already completed your estate plan, we will review that plan at your Life & Legacy Planning Session to ensure that it will work the way you intend and address any holes or gaps that may be present if circumstances have changed since you executed your plan.
To learn more about our one-of-a-kind systems and services, contact us or schedule a 15-minute introductory call today. you love means planning with clarity – not guesswork.