Why You Shouldn't Put Passwords in Your Will (And What to Do Instead)

It sounds like a responsible thing to do: add your passwords to your will so your family can access your accounts after you die. Estate planning attorneys hear this request constantly. Some even recommend it.

It's a terrible idea. Here's why — and what you should do instead.

The public record problem

In the United States, a will becomes a public document once it enters probate. Anyone who walks into the county courthouse — or in many states, searches an online portal — can read it. That includes every password you listed.

Even if probate takes weeks, the moment your will is filed, your credentials are exposed. A list of usernames and passwords in a probated will is a gift to identity thieves. They can access your bank accounts, email, social media, and anything else you helpfully documented in a legal filing.

This isn't a theoretical risk. Court records are routinely scraped by bad actors looking for exactly this kind of information.

The update problem

How often do your passwords change? Between security breaches, mandatory resets, and new accounts, most people update at least a few passwords every year. Some services force password changes every 90 days.

Updating a will every time a password changes is impractical and expensive. An attorney typically charges $200-$500 for a will amendment. If you're changing passwords quarterly, the cost adds up fast — and the will is perpetually out of date between changes.

By the time someone actually needs the passwords listed in your will, many of them will be wrong.

The 2FA problem

Even if the passwords in your will are current, they're only half the story. Most important accounts — email, banking, social media — now require two-factor authentication (2FA). That means a password alone won't get your family in.

The second factor is usually a code sent to your phone or generated by an authenticator app. If your family doesn't have access to your phone (or doesn't know your phone's passcode), the correct password is useless. Your will can't solve this because the 2FA codes change every 30 seconds.

This is one of the most common — and most frustrating — situations families face. They have the password from the will, they type it in, and then they're blocked by a code sent to a device they can't unlock.

The timing problem

Wills are not read the day someone dies. Probate can take weeks, months, or even years depending on the estate's complexity and the state's requirements. During that entire period, your digital accounts are in limbo.

But digital accounts don't wait for probate. Subscriptions keep charging. Emails keep arriving (some containing sensitive information). Social media profiles can be targeted by scammers. Cloud storage providers may start deleting data if storage payments lapse.

The gap between death and probate is exactly when your family needs access most — and it's exactly when a will can't help them.

What to do instead

The solution isn't to stop planning for digital assets. It's to use the right tools instead of the wrong one.

Use a digital asset memorandum

A memorandum (sometimes called a "letter of wishes") is a separate document referenced by your will but not included in the probate filing. In most states, you can legally reference an external document in your will and update it without needing to amend the will itself.

The memorandum contains your account inventory, credentials, and instructions. Because it's not filed with the court, it stays private. And because it's a separate document, you can update it whenever your passwords change without involving an attorney.

Not every state recognizes memoranda, and they're generally not legally binding in the same way a will is. But they solve the privacy problem and the update problem simultaneously.

Set up platform legacy tools

The major tech platforms have built their own succession tools, and they work better than any will-based approach:

• Google: Inactive Account Manager lets you designate trusted contacts who receive access after a period of inactivity
• Apple: Legacy Contact designates someone to access your iCloud data with a death certificate and access key
• Facebook: Legacy Contact designates someone to manage your memorialized profile

These tools are free, take minutes to set up, and are legally recognized under RUFADAA (the Revised Uniform Fiduciary Access to Digital Assets Act) in most US states. Under RUFADAA's hierarchy of consent, instructions set through a platform's own tools take legal priority over anything in a will.

Create a secure account inventory

Rather than putting passwords in your will, create a comprehensive inventory of all your digital accounts and store it securely — either in a password manager with emergency access features, or in a printed document kept in a safe or safe deposit box.

The inventory should include:

• Every account (email, banking, social media, subscriptions, cloud storage)
• The username and password for each
• Whether 2FA is enabled and how it's configured
• What you want done with each account (keep, close, memorialize, transfer)
• Where to find your phone's passcode and any authenticator apps

This inventory is the single most useful document your family can have. It's what turns weeks of detective work into a structured process.

Name a digital executor

Whether or not your state recognizes a formal "digital executor" role, you should designate someone — in writing — to handle your digital affairs. This might be the same person as your estate executor, or it might be a more tech-savvy family member who can navigate the platform-specific processes.

Tell this person where to find the account inventory. Walk them through the basics. Make sure they know about the platform legacy tools you've set up.

The will still matters — just not for passwords

Your will should absolutely mention digital assets. It should state that your executor has authority to access, manage, and close your digital accounts. It should reference the memorandum or letter of wishes that contains the actual details.

What it should not contain is a list of passwords in plain text.

Think of it this way: the will establishes the authority to manage your digital estate. The memorandum and platform tools provide the access. One is a legal document. The other is an operational document. They work together, but they serve different purposes.

Getting started

If you're reading this because you're trying to organize your parents' digital life — or your own — the Digital Legacy Kit includes the account inventory worksheets, memorandum templates, and step-by-step instructions for setting up every major platform's legacy tools. It's designed to turn this entire process into a structured weekend project rather than an open-ended source of anxiety.