Skip to Content

Do You Have a Plan to Transfer Your Login Information in Case of Incapacity or Death?

  • Do you have a plan to transfer your login information in the event of incapacity or death?

TL;DR:

Our digital lives (emails, social media, photos, subscriptions, cryptocurrencies, etc.) are now part of our estate, yet they are almost never covered by a will.

Without a plan, your loved ones risk:

  • - being unable to unlock your phone or your accounts (Big Tech companies never hand over passwords).
  • - losing emails, photos, subscriptions, online banking access, etc.
  • - facing time-consuming procedures, often just to... close accounts.

The major services (Google, Apple, Meta, Microsoft, etc.):

  • - protect the privacy of the deceased → no password is given, access is extremely limited, often only allowing deletion or memorialization of the account;
  • - require death certificates and legal proof, handling requests on a case-by-case basis;
  • - sometimes offer legacy tools (Google''s “Inactive Account Manager,” Apple’s “legacy contact,” Facebook/Instagram’s “legacy contact”), but you must enable them while you’re alive.

Quick recommendations:

  • - Don''t disconnect the mobile line too quickly after a death: two-factor authentication (2FA) text messages are often essential for recovering accounts.
  • - For each major service (Google, Apple, Facebook/Instagram, LinkedIn, X, etc.), configure legacy or delegate contact options.

Recommended strategy: a “digital vault”

  • - Centralize all your credentials in an encrypted password manager (e.g., self-hosted Bitwarden/Vaultwarden).
  • - Designate one or more emergency contacts in the manager: they can request access if you don’t respond within a set timeframe.
  • - Protect the master password (make it very strong, keep it in a safe place—possibly with a notary) and ensure you have backups of the vault.

Concrete action plan:

  • - Make an inventory of your accounts and important data.
  • - Enter them into a secure manager (not a text file or unencrypted notes).
  • - Activate emergency access (in the manager) and legacy options (for Google, Apple, Meta, etc.).
  • - Prepare a short paper document telling your loved one where to find the master password and the steps to follow.
  • - Clearly inform your “digital executor” of their role and update this information regularly.

In short: planning your digital inheritance takes a little effort now to avoid a major headache for your loved ones later, all while respecting your privacy.

In today’s all-digital world, our online lives (email accounts, social networks, subscriptions, photos in the cloud, etc.) have become part of our estate. A 2024 Harris/CNIL survey even found that one in three French people had already encountered content from someone’s account after their death. To prevent your loved ones from being powerless in the face of account closures or data loss, it’s essential to prepare a “digital inheritance.” Have you thought about what to do with your usernames and passwords if you become incapacitated (due to illness or accident) or die? This article explains why a simple will is not enough, what the major online services provide (or don’t), and how you can organize the transfer of your access yourself—particularly through tools like password managers (for example, Vaultwarden) and the designation of emergency contacts. We also offer quick recommendations for social networks.

Why should you plan ahead for passing on your digital access?

After a sudden death or hospitalization, many loved ones find themselves in the critical situation described by witnesses: ''All of her account information (usernames and passwords) was saved in Madam’s iCloud account. When she died, her husband didn’t know how many accounts she had or their passwords. He asked Apple for access, but Apple refused, considering this information personal.'' This concrete case illustrates a general problem. Even if you’ve written a will, it will almost never include your digital keys. Without them, neither the executor nor the person holding a future protection mandate will be able to access your online accounts. As the quoted article points out, ''the tech giants won’t give them access.'' In short, a traditional estate does not cover your online access, and no authority—not even a court—will automatically allow your password to be retrieved. Without precautions on your part, your phone will stay locked, your emails inaccessible, and your social accounts a ''black box'' for your loved ones.

Moreover, your phone and two-factor authentication play a crucial role: don’t immediately disconnect a deceased person’s phone line. Most accounts send a code via SMS to validate password changes. CHIP Computer Club, which helps Quebec seniors, explicitly advises keeping the phone active for ''a few months'' after death so loved ones can receive recovery codes. Without this, even if someone knows an account’s original password, it will be impossible to complete the login.

Finally, the legal framework encourages you to take the initiative. French law (the 2016 “Digital Law”) recognizes your right to give instructions regarding your data after your death—you can designate a trusted third party or write specific directives. In practice, this means you can decide whether to pass on or delete an account, but only if you organize it yourself, because each service has its own specific process (if it exists at all). If there are no directives, the law only allows heirs to act ''as necessary'' for the estate, for example to identify and close accounts. They must provide proof of family ties and a death certificate, and the service in question must have a process in place (which isn’t always easy to find).

In summary, without a prior plan, your loved ones risk losing access to your digital assets (emails, photos, subscriptions, online financial data, bitcoins, etc.) and experiencing considerable administrative stress. A true digital will involves listing your accounts and passwords in a secure vault, notifying a loved one, and using the emergency access features provided by certain tools.

The limitations of online services (Big Tech)

The major web players (Google, Apple, Facebook/Meta, Amazon, Microsoft, etc.) prioritize user privacy—both for the living and the deceased—and never arbitrarily open a account without strict rules.

For example, Google does not have a ''deceased account'' procedure: if nothing is done, your Google services (Gmail, Photos, Drive, etc.) remain active for up to 24 months of inactivity and then are simply deleted for inactivity. In other words, without advance planning or an official request, your data can be erased without notice. Only those who have set up Google’s ''Inactive Account Manager'' will allow a designated contact to receive specified items. Otherwise, even family members cannot obtain anything: Google reviews each request on a case-by-case basis, requiring a death certificate and legal documentation, and it will never provide the password or full access. Recovering a deceased person’s password or private messages is forbidden. At best, Google will provide certain specific content (photos, contacts, etc.) or delete the account at the request of loved ones, but even then they must prove their connection to the deceased.

Similarly, Apple offers a ''legacy contact'' tool (Digital Legacy) in its settings, but access requires a recovery key created while you are alive. Without this private key, any family request runs into the same wall: they must provide a complete file (death certificate, birth certificate/copy of the will, etc.) to request deletion or recovery of iCloud data. As the real case above illustrates, Apple treats passwords as protected personal data and refuses to share them. Other storage services (Dropbox, OneDrive) apply comparable policies: no direct sharing, only a strict legal procedure.

As for social networks and online platforms, their policies vary greatly, but none allow the account to be accessed as if the person were alive. Facebook/Instagram, for example, let you designate a legacy contact in advance who can ''memorialize'' the profile (locking it as a tribute) or delete it upon death. If you haven’t appointed such a contact, your loved ones will have to report the death to Facebook by providing a death certificate, and Facebook will convert the account into a commemorative page or delete it. LinkedIn offers a similar form to close an account. Twitter (X) allows a loved one to request account deactivation, after which the account is deleted after 30 days. Every service emphasizes the ''privacy of the deceased'': without explicit instructions from you, they will not ''hand over the keys'' to heirs and instead prefer to close or make the account inaccessible.

In short, you can’t count on Big Tech to make things easier if you haven’t planned ahead. Sure, in Europe the French Data Protection Act (augmented by the GDPR) recognizes each person’s post-mortem rights, and the CNIL notes that some services (Apple, Facebook, Google) let you designate a legacy contact. But it’s up to you to enable these options—most people don’t even know they exist. In practice, the typical situation is the one described above: the tech giants require a death certificate and close the accounts without giving out passwords. An heir must provide legal proof—a family record book, will, court order—go through a support process that’s often very lengthy, and can rarely expect anything more than an account closure.

Quick recommendations for social networks and online services

To limit the headache, here are a few key tips to share while you’re still alive. A little bit of configuration in each service can help immensely:

  • - Facebook/Instagram: In your account settings, name a legacy contact (digital heir). This person can switch your account to memorial mode (a frozen profile) or request its deletion after your death. Without this designation, your loved ones will have to send Meta a death certificate to request deletion or memorialization. In practice, the legacy contact cannot read your private messages or ''take over'' your account; they can only manage the profile (photo, memorial post, etc.).
  • - Google (Gmail, Photos, Drive): Activate the Inactive Account Manager in your security settings. This tool lets you designate a trusted contact who, after a period of inactivity you choose, will receive access to all or part of your data. If you don’t configure this manager, your heirs will have to use Google’s official form to ''request access or deletion on behalf of a deceased person.'' Even then, Google will never provide the password or open your account fully. It can only deliver certain content (photos, contacts, documents) or close the account.
  • - Apple (iCloud, iPhone, Mac): Enable the Legacy Contact feature in your Apple ID settings. Without this contact and the associated recovery key, your loved ones will have to go through Apple Support with a complete file (death certificate, proof of mandate, etc.), and Apple handles these requests case by case. Note that even if designated, the legacy contact doesn’t directly see your passwords; they only authorize access to the content after unlocking.
  • - LinkedIn, Twitter (X): LinkedIn has a form to report a member’s death and delete their profile. Twitter (X) doesn’t offer a legacy feature, but a loved one can contact their support to deactivate the account; it will then be automatically deleted after 30 days. On all these services, private content (messages, etc.) isn’t recovered, only closure or disconnection of the account.
  • - Other services: Each platform has its own process: TikTok and Snapchat require an online help procedure; platforms like Reddit or Pinterest let you request deletion after death with supporting documents. If you use other important sites (forums, blogs, special-interest sites), check their terms or contact support to learn the post-mortem procedure.

Finally, keep your mobile phone line active for at least a few months after any serious incident. Many accounts require a code sent via SMS to validate a password change. If your line is disconnected, even knowing the credentials won’t allow your loved ones to reset access.

Centralize your access in a secure digital vault

The best way to simplify this problem is to centralize all your credentials in an encrypted password manager and set up an emergency access mechanism. Here’s how:

  • - Take inventory of your accounts (email, social networks, banking, online shopping, various subscriptions, cloud, etc.) and record the current usernames and passwords. This can be on paper initially (a private notebook), but the safest method is to transfer it all into a secure, encrypted digital vault.
  • - Use a password manager. Among the available solutions, Bitwarden is a well-known free, cross-platform tool. Even better, its self-hosted version, Vaultwarden (open source), lets you keep full control of your data without subscription fees. A password manager works like this: you only remember one master password, and it encrypts all your other passwords. All your information stays encrypted on your device and is decrypted only with your master key.
  • - Declare an emergency contact in the manager. Modern managers (Bitwarden/Vaultwarden, Keeper, LastPass, etc.) offer an “emergency contact” or “emergency access” function. For example, Bitwarden lets you designate a trusted emergency contact who, upon your death or if you don’t respond to a request, can obtain access to your vault. Vaultwarden implements the same function for free. In practice, you send an invitation to your loved one (they create a Bitwarden account if they don’t have one), and you confirm them as your emergency contact. If one day you lose access (due to illness, accident, or death), this contact can submit an ''emergency access request'' in the app. You’ll get a notification and can approve the request. If you don’t respond within a set timeframe, the system will then grant them access as agreed. The emergency contact can either simply view your credentials or temporarily take control by creating a new master password for your vault. In any case, thanks to this mechanism, your loved ones can recover your passwords without ever seeing the other sensitive data in the vault. This ''zero-knowledge'' security guarantees that they unlock the vault only with your agreement or after the specified waiting period.
  • - Protect the master key. Your manager’s master password must be strong and known only to you. There is no ''forgot password'' function for these vaults—if you misplace it, your data will be irretrievably lost. To minimize this risk, it’s recommended to keep a copy of the master password in a very safe place (bank safe, with a notary, personal safe), or to entrust it securely to another trusted person.
  • - Make backups. Ensure your vault is backed up to an external medium regularly (for example, an encrypted copy on a USB drive or another server). If the server hosting Vaultwarden fails, you’ll be able to restore your data from the backup.
  • - Consider alternative solutions for non-digital information. If certain access codes can’t be placed in a manager (for example, a hard drive decryption key, house codes, the internet box password), write them down in a separate, highly protected document. Some recommend drafting a ''digital will'' and depositing it with a notary or including it in your future protection mandate. The main thing is to give your proxy or executor a clear path to find your data, so they don’t have to ''figure it out'' with Big Tech support.

Concrete steps to follow

To summarize, here’s a practical action plan:

  • - List your accounts and data (email, social networks, online purchases, subscriptions, cloud, crypto assets, etc.). For each one, note the username, password and any useful details (security question, recovery phone number, etc.).
  • - Put this information into a secure manager. Install Bitwarden/Vaultwarden, then import or enter all your logins into this encrypted vault. Don’t use a simple unencrypted text file or an unsecured notes app.
  • - Enable emergency access in the manager. Designate one or more loved ones as trusted contacts. Explain to them how to proceed: once the invitation has been accepted and confirmed, they will be able to request access to your vault if needed.
  • - Configure legacy rights on your major accounts. For example, on Facebook/Instagram add the legacy contact and specify whether you want to keep or delete the account. On Google, set up a contact in the Inactive Account Manager. On Apple, enable a legacy contact. On LinkedIn/Twitter, fill out the relevant forms. Even if you store these details in the vault, it’s best to have them set up within each service.
  • - Keep a paper backup plan. Write a small document (paper or a printed PDF) that tells the designated loved one where to find the master password for your vault (for example, where Vaultwarden is concerned) and explains the procedure. Put it in a secure location (a safe) and tell your loved one how to access it (e.g., ''the key to the safe is held by our notary'').
  • - Update regularly. Each time you create a new account or change an important password, add it immediately to your vault. If your designated person changes (for example, marriage or death), remember to update the emergency contact.
  • - Inform your loved ones. Don’t keep this plan a secret in your head. Tell your trusted contact that they are your digital executor and explain where to find the master password (without revealing it). They need to know they should use the emergency function in Vaultwarden/Bitwarden if something goes wrong.

Planning your digital legacy is first and foremost about taking the time to list your accounts and clearly explaining how you want them handled after your death. Heirs will then be able to close unnecessary accounts, recover what needs to be recovered (photos, documents, online bank accounts), and spare loved ones the ordeal of calling customer service one by one in tears.

Conclusion

In practice, organizing the transfer of your login details only requires a bit of method and foresight. The tools exist (password managers, legacy functions, emergency contacts) and are often free or inexpensive. They ensure that only the loved ones you choose will have access to your accounts, without violating your privacy while you’re alive. Conversely, without planning, your usernames and passwords will remain “in memoriam” forgotten by an online service, and your heirs will face categorical refusals from Big Tech.

Ultimately, planning your ''digital inheritance'' is an act of consideration for those who will remain. By inventorying your data, centralizing it in an encrypted vault, and designating an emergency contact, you protect the memory of your digital life and make things much easier for your loved ones. Don’t let your accounts and passwords become a posthumous headache: plan today, and let your family know how you want things handled.

Blue Fox can help you set up a password vault! It''s easy and simple, and we can take care of everything for you!

Sources: official guidance and advice from the CNIL (cnil.fr), testimonials from specialists and Francophone blogs (cimbcc.org, moncarnet.com, memomori.fr), documentation for Bitwarden/Vaultwarden (linuxfr.org, reseau-fluor.fr). These references describe the actual procedures and recommendations for managing accounts after death.

Why back up your Google Workspace and Microsoft 365 data
(Le cloud, c'est juste un ordinateur, mais pas le vĂ´tre...)