How to Pass On Passwords and Accounts When You Die: A Guide for Expats
In brief: Your passwords are the keys to your digital estate. If your heirs cannot access your accounts, they cannot manage, close, or inherit what's inside them. This guide explains how to pass on passwords and account access safely — without creating a security risk today.
The Problem Nobody Talks About
Your will covers your apartment. Your notary covers your bank accounts. But who gets your passwords?
Nobody — unless you plan for it.
This matters more than most people realise. Your email account is the master key to everything: password resets, bank notifications, pension correspondence, tax documents. Your password manager contains credentials for every financial account you hold. Your crypto exchange account may hold assets worth thousands of euros. Your cloud storage contains the only copies of 20 years of family photographs.
None of this is addressed in a will. None of it appears in Spanish probate records. None of it is visible to a notary.
For expats in Europe, the problem is amplified. You likely have accounts across multiple countries — a UK pension dashboard, a Belgian investment platform, a Spanish digital certificate, a French tax account. When you die, your heirs face these systems without the credentials to enter them, often from another country, in another language.
The question is not whether to pass on this information. The question is how to do it safely.
Why You Cannot Simply Write Down Your Passwords
The instinct is understandable: write your passwords in a document, put it in a safe, leave it with your will.
The problem is that this approach creates serious security risks while you are still alive — and often fails your heirs after you die.
Security risk during your lifetime: A list of passwords, once written, is a fixed document. As soon as you change any password (for security reasons, after a data breach, or when switching platforms), the list is out of date. If the document is ever accessed by the wrong person — a burglary, a domestic dispute, an untrusted person discovering the safe — your entire digital life is compromised immediately.
Practical failure after death: A static password list stored with your will may not be accessible to your heirs for months, while probate proceeds. By the time they have it, accounts may have been locked due to inactivity or the platform's death detection process. The passwords themselves may have changed since you wrote the list.
Legal problem: In many jurisdictions, a will becomes a public document once it enters probate. Passwords left in a will are, in effect, published.
The solution is not to abandon the goal — it is to use the right tools.
The Four Approaches (and Their Trade-offs)
1. The password manager approach
A password manager (Bitwarden, 1Password, Dashlane, KeePass) stores all your credentials in an encrypted vault, accessible with a single master password. This solves the maintenance problem: as you update passwords, the vault updates automatically.
For inheritance purposes, the challenge shifts from "maintain a list of every password" to "ensure your heirs can access the vault."
How to pass on a password manager:
- Document the master password and recovery key in a sealed envelope
- Store the envelope with your notary, in a physical safe, or through a secure digital vault service like Sucesio
- Ensure your heirs know which password manager you use and where to find the app
- If the vault is cloud-synced (1Password, Bitwarden), ensure your heirs also have access to the registered email account — which may be needed for device verification
The master password should never be stored in the password manager itself (circular), in any cloud document, or in plain text anywhere accessible online.
2. The platform tools approach
Major platforms have built death management tools that allow you to designate someone to access or close your account after death — without sharing any password today.
Google — Inactive Account Manager Accessible at accounts.google.com → Data & Privacy → Make a plan for your account. You designate a trusted contact and choose what they receive access to (Gmail, Drive, Photos, etc.) after a defined period of inactivity (3, 6, 12, or 18 months). Google notifies you before triggering. Your designated contact receives a link to download your data.
Apple — Digital Legacy Available since iOS 15.2 / macOS 12.1. Go to Settings → [Your Name] → Password & Security → Legacy Contact. You designate one or more people and generate an access key. After your death, they present the key with a death certificate to Apple to request access to your account.
Facebook / Instagram — Legacy Contact Settings → Memorialisation Settings. You designate someone to manage a memorialised version of your profile, or you can request that your account be deleted. The Legacy Contact cannot log in as you but can manage certain aspects of the memorialised account.
Limitation: These tools only work if you set them up in advance. Without setup, the platform's default applies — which typically means the account is locked until a court order is obtained, or deleted after a period of inactivity.
3. The digital vault approach
Services like Sucesio allow you to store account information, access hints, and personal messages in a secure encrypted vault, with a structured transmission process triggered by your death.
The key difference from a static document: the vault is encrypted, access-controlled, and only transmitted to your designated recipients after your death is confirmed — through a combination of life verification failure and confirmation from a trusted contact.
This approach combines the security of a password manager (encrypted, not a static document) with the structured transmission of a will (only released at the right time, to the right people).
4. The trusted person approach
Some expats prefer to give a single trusted person — a spouse, a close friend, a professional adviser — direct access to all their credentials while alive.
Advantages: Simple, immediate, no technical setup required.
Disadvantages: Creates a permanent security vulnerability. If the relationship changes — divorce, estrangement, the trusted person's own death — the exposure cannot be undone. It also places an unfair burden on the trusted person, who becomes responsible for information they may not want to hold.
This approach is not recommended as a primary strategy, though it may be appropriate as a backup for a specific account (e.g., giving a spouse access to a shared email account).
What Information to Document
For each significant account, your heirs need the following — at minimum:
| Information | Required | Notes |
|---|---|---|
| Platform name | Yes | Include the URL |
| Email address used to register | Yes | This is the recovery key for most platforms |
| Whether 2FA is active | Yes | If yes, which device or app holds the 2FA codes |
| Approximate contents / value | Yes | Enough to know whether to pursue access |
| Instructions for what to do | Yes | Close, transfer, preserve, or leave |
| Password or secure hint | Optional | Only if using a vault or sealed envelope — never in plain text online |
Two-factor authentication (2FA) is a specific problem. If you use an authenticator app (Google Authenticator, Authy, Microsoft Authenticator) and your heirs cannot access your phone, they cannot complete login even if they have the password. Document which accounts use 2FA and which device holds the codes. Authy supports cloud backup; Google Authenticator can be transferred to a new device if the original is accessible.
A Practical Hierarchy for Expats
Given the complexity of a multi-country digital life, the most effective approach is layered:
Layer 1 — Password manager (covers the majority of accounts automatically) Set up Bitwarden or 1Password. Use it for all accounts. Document the master password and recovery key in a sealed physical location.
Layer 2 — Platform death tools (covers the largest accounts that need specific handling) Set up Google Inactive Account Manager, Apple Digital Legacy, and Facebook Legacy Contact. These handle your most-used accounts through official channels.
Layer 3 — Digital vault (covers the transmission gap and personal legacy) Use Sucesio to document everything that doesn't fit the above: crypto wallet hints, account inventory, instructions for less common platforms, and personal messages to your heirs.
Layer 4 — Notary (covers the legal framework) Ensure your will references the existence of a digital estate and the location of your digital legacy documentation. Do not put credentials in the will — just a pointer to where they can be found.
Special Considerations for Crypto
Cryptocurrency is the highest-stakes category. The rules are unforgiving:
Exchange-held crypto: Your heirs need to know the exchange name, the registered email, and ideally have access to that email. The exchange can then process an estate claim. Most major exchanges (Coinbase, Kraken, Binance) have documented processes for this.
Self-custodied crypto (hardware/software wallet): The seed phrase (12 or 24 words) is the only recovery mechanism. If your heirs do not have it, the funds are permanently inaccessible. The seed phrase must be stored physically (not digitally), securely, and in a location your heirs know about.
Never store a seed phrase in a password manager (if the password manager is inaccessible, you lose everything). Never store it in cloud storage. A physical backup — stored in a fireproof safe or with a notary — is appropriate, combined with a hint stored in your digital vault.
How Sucesio Solves the Transmission Problem
The core challenge with passwords and account access is the timing paradox: you need the information protected while you are alive, but accessible to the right people immediately after your death.
Sucesio is built around this problem.
With Sucesio, you build an encrypted inventory of your accounts, access hints, and instructions. Nothing is shared while you are alive. Monthly life verification check-ins confirm you are active. When you stop responding, your designated trusted contact is notified and can confirm your death — triggering the transmission of exactly what you chose to leave, to exactly the people you designated.
Your heirs receive a complete map of your digital life: which accounts exist, how to access them, what to do with each, and any personal messages you left for them.
No passwords stored in plain text. No documents left in a drawer. No guesswork.
Frequently Asked Questions
Is it safe to store my passwords in a digital vault service? A reputable vault service uses end-to-end encryption, meaning even the service provider cannot read your data. Sucesio encrypts all data with AES-256 at rest and in transit, hosted in Europe under GDPR. You are not storing raw passwords — you are storing hints and instructions that only become accessible to your heirs after your death is confirmed.
What if my heirs are abroad when they need to access my accounts? Most account access — including estate claim processes — can be initiated remotely. Your heirs will need certified copies of your death certificate (obtainable through the Spanish civil registry or consulate) and proof of their relationship to you. Having your account inventory and contact information already documented removes the most difficult part: knowing what accounts exist.
My spouse knows my main passwords already. Is that enough? For shared household accounts, possibly. For the full picture of your digital estate — especially accounts in your name only, crypto holdings, and work-related accounts — almost certainly not. Even partners who share passwords often discover significant gaps after a death.
Should I include my passwords in my will? No. A will may become a public document in probate. It is also inflexible — as you update passwords, the will becomes outdated. Reference the existence of a digital legacy plan in your will, but store the actual access information separately in a secure vault.
How do I handle accounts with two-factor authentication? Document which accounts use 2FA and which device or app holds the codes. If possible, use an authenticator app that supports cloud backup (Authy). Consider leaving a note in your digital vault explaining how to access the authenticator app — or use backup codes (generated by most 2FA-protected services) stored securely alongside your account information.
Related Articles
- Digital assets inheritance in Europe
- Digital legacy for expats in Spain
- Crypto inheritance for expats in Europe
- Estate planning checklist for expats in Spain
This article is provided for informational purposes only and does not constitute legal, financial, or security advice. For succession planning specific to your situation, consult a qualified notary or solicitor. Sucesio complements — but does not replace — a legally valid will and professional advice.