She found the notebook in the top drawer of her mother's desk. Six pages. Every account. Every password. Username, password, recovery question. Her mother had been organized her whole life, and the notebook proved it.

Then she tried to log in.

The bank account asked for a six-digit code sent to her mother's phone. The phone was locked with a fingerprint. The email linked to her financial accounts had been set up decades ago through a provider that had since shut down. The recovery phone number on that account was a landline, disconnected years ago.

The notebook was thorough. It did not help.

This is the digital estate planning gap most families do not see until it is already too late.

This is one of the most common oversights families face today, and it almost never appears in anyone's plan.

Why the Password Is No Longer Enough

Most online accounts now require two steps to log in. The first step is the password. The second step is a verification code sent to a trusted device or phone number at the moment someone tries to access the account.

This is called two-factor authentication, and it has become the standard security requirement for financial accounts, investment platforms, email providers, and cloud storage. It is one of the most effective protections against fraud and identity theft.

It is also one of the most common reasons families cannot access accounts after a death. The person trying to log in has the password. But the verification code goes to a phone that is locked, a number that no longer works, or an email address that no longer exists.

The password is correct. The account is inaccessible.

It is worth clarifying what the right approach actually is. After a death, using someone's login credentials is not the intended path. Most platforms prohibit it in their terms of service, and it may not be legally appropriate. The right approach is to go through each platform's official deceased account process: presenting a death certificate, a copy of the will, and letters establishing legal authority.

Some platforms still require verification through the linked phone or email even during the official process. The platform sends it to the linked phone or email at the moment the account is accessed. If that phone is locked and that email address no longer exists, the code has nowhere to go. The legal authority is in hand. The verification step is still a wall.

This is why a digital estate plan has to account for where each code goes, not just whether the password is correct.

The bottom line: Two-factor authentication blocks access at the second step, after the correct password is entered. A list of passwords does not solve this. A digital estate plan has to account for where each verification code goes and how the person managing your estate can receive it.

The Old Email Problem

Many accounts were created years ago and linked to email addresses people no longer use. At the time, that email was the natural choice. Now it may be deactivated, transferred to a different provider, or simply forgotten.

The phone number linked to an account may have changed several times since the account was opened. The authenticator app installed on a phone may only work on that specific device. If the device is locked, damaged, or simply unavailable to the family, the second factor goes nowhere.

Every account has its own chain of linked access. When one link in that chain is broken, the account becomes unreachable without going through the platform's own recovery process, which can take weeks, requires documentation, and does not always succeed.

The bottom line: Digital accounts are only as accessible as the most current version of every linked email address, phone number, and device. If your estate plan does not track those, it is already out of date before it is ever needed.

The good news is that every one of these gaps can be addressed before they become someone's problem to solve.

The Accounts That Cause the Most Problems

The accounts that create the most practical problems after a death are the ones families depend on every day.

Financial accounts held exclusively online, with no physical branch to visit, require documentation and verification that can be difficult to provide without proper legal authority. Investment platforms and retirement accounts may have named beneficiaries, but accessing and managing those assets still requires going through each platform's process. Email accounts often contain years of financial statements, tax documents, and account recovery information for other platforms. Cloud storage may hold documents, photos, or business records with no backup anywhere else.

There is also a growing category of digital-only assets: cryptocurrency, online business accounts, subscription revenue, and licensing agreements. These can represent real financial value that disappears entirely if no one knows they exist or how to access them.

The bottom line: The most consequential digital assets are often financial or operational, not personal. Any estate plan that does not inventory and address them is incomplete.

A will should include explicit provisions giving your executor authority over digital assets and specifying where the access information is stored. Without those provisions, your executor may face unnecessary legal obstacles even with a valid will in hand.

What Your Will Cannot Do

One approach people take is to put account credentials directly in their will. It feels practical. It is the opposite of secure.

When a will is filed for probate, it becomes a public record. Anyone can request a copy. Listing passwords, usernames, or account numbers in a will is the equivalent of publishing them. 

I specifically advise clients against including any access credentials in the will for exactly this reason.

What belongs in a will is an instruction: who has authority over digital assets, and where to find the access information that has been stored safely and privately elsewhere.

The bottom line: A will is a public document after death. Passwords do not belong in it. The will should name authority. The access information should live somewhere secure.

This is not just an access problem. It is your family, already grieving, locked out of the accounts that hold the money they need to pay for the funeral, the mortgage, the medical bills. That stress is on top of the loss.

What a Real Digital Estate Plan Looks Like

A proper digital estate plan is not a list. It is a system.

It includes an inventory of every account that holds financial, sentimental, or legal value. It documents the two-factor authentication method for each one: which phone number, email address, or app receives the verification code. It includes backup authentication codes, which most platforms allow users to generate and which can be printed and stored offline. And it names a person with explicit legal authority to act on those accounts under applicable law.

It also gets updated. When a phone number changes, the plan reflects it. When a new account is created, it is added. When an old email address is retired, every account linked to it is updated in both the platform and the plan.

In many states, a legal framework called the Revised Uniform Fiduciary Access to Digital Assets Act governs what a fiduciary can access and under what conditions. What a family can reach after a death, and through what process, depends in part on whether proper legal authority was established before it was needed.

Under this framework, a will or trust can include explicit digital estate provisions that name your executor and give them specific legal authority to access, manage, transfer, and close digital assets. Without that language, even a valid will may leave your executor with less authority than they need.

Digital estate laws vary by state, and financial institutions each maintain their own documentation requirements and processes. What one bank requires may differ from what a brokerage, a cloud storage provider, or a cryptocurrency exchange requires. The plan should account for both the legal authority and the platform-specific process for every account that matters.

When I build this with clients, I work through each account, each linked contact, and each point of legal authority, so that the system exists before it is ever needed, not pieced together after a death makes every step harder.

The bottom line: A real digital estate plan is a system, kept current, with named legal authority. A list is not.

What You Can Do Right Now

Start with an inventory. Go through your accounts (financial, email, cloud storage, and any platforms that hold business or legal records) and for each one, write down which phone number, email address, or app receives the two-factor verification code. That chain of linked access is what your family will need, and right now it is probably undocumented.

Check the recovery contacts on your email accounts. Many people have phone numbers or backup email addresses connected to those accounts that they set up years ago and have since stopped using. If those contacts are out of date, the accounts attached to them are already unreachable.

Generate backup codes. Most platforms with two-factor authentication allow users to create a set of one-time backup codes. Print them, store them securely offline, and make sure the person who will manage your estate knows where to find them.

If this feels like more than you want to sort through on your own, that is exactly where I come in. When clients work with me on estate planning, the digital component is now one of the first things I address because I have seen what happens when families are left to figure this out themselves, in the worst week of their lives, one locked account at a time. 

Every family's digital footprint is different. I take the time to understand yours specifically, including the accounts, the devices, and the linked phone numbers and email addresses, so the plan we build actually works for the people who will need to use it.

Schedule a complimentary 15-minute discovery call and let's find out where you stand:

Schedule your FREE 15-minute call by clicking HERE

This article is a service of Bret Christiansen, a Personal Family Lawyer® Firm. We don’t just draft documents; we ensure you make informed and empowered decisions about life and death, for yourself and the people you love. That's why we offer a Life & Legacy Planning® Session, during which you will get more financially organized than you’ve ever been before and make all the best choices for the people you love. You can begin by calling our office today to schedule a Life & Legacy Planning Session.

The content is sourced from Personal Family Lawyer for use by Personal Family Lawyer firms, a source believed to be providing accurate information. This material was created for educational and informational purposes only and is not intended as ERISA, tax, legal, or investment advice. If you are seeking legal advice specific to your needs, such advice services must be obtained on your own, separate from this educational material.

© 2026

‍