Your password manager after death
A password manager is the master key to your digital life: a single encrypted vault holding the logins to your bank, your email, your photos, your subscriptions and almost everything else you sign into. After your death, that same design becomes a single point of failure. The vault is protected by a master password that, by design, nobody else knows and the provider itself cannot recover. If you have not arranged a way in, your family inherits a locked box and no key.
This page explains what happens to a password manager after death, how the major tools handle emergency and legacy access, and how to set it up step by step. It also covers the harder truth underneath: getting into the vault is only the first problem, and the access it grants is not the same as the authority to act, or the person your family has lost.
Why a vault is different from a normal account
It helps to understand why a password manager fails so completely at death, when a bank or an email provider does not. Most accounts you own are held by a custodian who can read them. A bank can verify a death certificate and release funds; an email provider can, in some cases, grant an executor access. The custodian holds the data and can choose to hand it over.
A serious password manager is deliberately built so that no custodian exists. It uses end-to-end encryption keyed to a master password the provider never sees and cannot reset. This is the feature you are paying for while you are alive, because it means a breach of the company's servers exposes nothing usable. After your death it becomes the problem: there is no one with the power to let your family in, because the design specifically removed that power from everyone, including the provider. The only paths in are the ones you set up yourself in advance.
Emergency and legacy access compared
The leading password managers know the master-key problem and most offer a way to nominate someone who can recover your vault. The mechanisms differ in important ways, and the differences matter most at the worst possible moment.
1Password does not have a death switch as such. Instead it gives you an Emergency Kit, a printable document containing your account email, your Secret Key and a space to write your master password. Whoever holds a completed Emergency Kit can sign in fully. For shared and family accounts, a family organiser can also recover another member's account, which is the closest 1Password comes to a true legacy feature. The kit is the model: a physical artefact you store somewhere safe, not an automated handover.
LastPass offers Emergency Access built into the product. You nominate a trusted person who already has a LastPass account, and you set a waiting period. When they request access, you are notified and have the length of that waiting period to decline. If you do nothing, because you have died, access is granted automatically when the timer expires. Bitwarden works on the same model with its own Emergency Access feature: a nominated trustee, a configurable wait time, and either view or takeover rights to the vault once the request matures unprompted.
Apple takes a different route. Apple Passwords has no standalone emergency-access tool, but it sits inside your Apple Account, which supports a Legacy Contact. You nominate people who, after your death, can request access to the data in your account by supplying a death certificate and an access key Apple generates. It is account-wide rather than password-specific, and it is gated by Apple's review rather than a simple timer. The practical lesson across all four is that there is no single standard. Two of them automate access with a timer, one hands you a printed artefact to store yourself, and one folds the question into a wider account-recovery process. Whichever you use, you have to learn its specific rules rather than assume a death switch exists by default.
Every one of these tools is built on the same quiet bet: that the person you nominate is still the right person, and still reachable, on the day it matters.
The waiting-period model, and why it exists
The waiting period is the heart of the automated approach used by LastPass and Bitwarden, and it deserves to be understood rather than just clicked through. The logic is a balance of two risks. If access were instant, a malicious trusted contact could seize your vault while you are alive and well. If access were impossible without you, the feature would be useless at death. The waiting period splits the difference: it gives you, the living account holder, a window to notice the request and refuse it. Silence is read as consent, and after your death silence is all there is.
This is elegant, but it has a sharp edge. The window only protects you if you are alive to see the notification, which means it depends on you still controlling the email or device the alert goes to. It also means the timer, not a human judgement, decides the outcome. There is no executor reviewing the request, no check that this is genuinely the right moment. The same structural gap appears across digital accounts after death: platform tools automate a decision that, in an estate, really wants a person with standing behind it.
How to set up emergency access, step by step
Whichever manager you use, the setup follows a similar shape. The point is to do it deliberately while you are alive and able, and to write down where the recovery path lives so it can actually be found.
Choose the right person. Pick someone you trust completely and who is likely to outlive you, and tell them you have nominated them. A trusted contact who does not know they are one is no help at all.
In LastPass or Bitwarden, open Emergency Access in account settings, add that person by email, and choose view or takeover rights. They will need their own free account to accept the invitation.
Set a waiting period you are comfortable with. Shorter means faster access for your family but less time for you to catch a wrongful request; longer is the reverse. A few days to a week is a common middle ground.
In 1Password, generate and print your Emergency Kit, write in your master password by hand, and store it somewhere physically secure such as a home safe or with your will documents, not in the vault it unlocks.
In Apple Passwords, open your Apple Account settings, add a Legacy Contact, and make sure they receive and keep the access key Apple provides. Without that key, the death certificate alone is not enough.
Record where the recovery path lives. In a single private note kept with your estate documents, list which password manager you use and how access is meant to be granted, so your executor knows the door exists and where the handle is.
That last step is the one most people miss. An emergency-access feature that nobody knows you configured is functionally invisible, and your family cannot use a mechanism they never learn about.
The limits: access is not authority, and authority is not identity
Set all of this up well and your family can get into your vault. That is necessary, and it is not sufficient. There are two further gaps that no password manager closes, and they are worth naming plainly.
First, access is not authority. Holding your logins lets someone open your accounts; it does not give them the legal standing to administer your estate, close accounts, move money or make decisions in your name. A trusted contact with your master password and an executor with a grant of probate are different roles, and conflating them creates exactly the kind of dispute a good plan is meant to prevent. This is why serious planning routes vault access through a named digital executor rather than simply handing the keys to whoever is closest. The same separation matters for financial accounts: the recovery story for what happens to your PayPal when you die, or for what happens to your crypto when you die, turns on authority, not just a password.
Second, authority is not identity. Even a perfectly executed handover, where the right person gets in at the right moment with the right standing, transfers your accounts. It does not transfer you. The vault holds your credentials; it does not hold the way you thought, the things you believed, or the voice your family will miss. That part of you is not recoverable from a password, no matter how well it is stored.
These two gaps compound. A trusted contact who can open your vault but has no legal authority is in an awkward and exposed position, acting on accounts they have no formal standing to touch. And even once both access and authority are settled, the family is left with the strange experience of holding everything a person used and nothing of the person themselves. A well-organised digital estate solves the first problem completely and leaves the second one entirely untouched, which is why it cannot be the whole of the plan.
A password manager protects the key. It was never designed to protect the person.
From access to a real estate plan
Emergency access is a feature; an estate plan is a system. The difference is governance: not just whether someone can get in, but who decides that the moment has come, in what order access is granted, and on what authority. A scatter of nominated contacts across four different apps, each with its own timer and its own rules, is not a plan. It is several loose threads, any one of which can break without anyone noticing until it is too late.
This is the gap Executor Lock™ is built to close. Rather than leaving each account to its own ad-hoc recovery switch, it puts a single governing structure over the whole picture: a three-tier model of recipients, a trusted contact with access rights at your death, and an executor who can report your passing and trigger the handover. The executor has the final word, and every action is recorded in a permanent, append-only audit trail. It is the difference between hoping a timer expires correctly and having a named person with the authority to act when the moment is real.
Password access is one chapter of the broader discipline of digital estate planning: deciding, while you are alive and able, who can reach what you leave behind and under what authority. Your password manager belongs inside that plan, not standing in for it.
The part of you that no vault holds
So configure emergency access properly. Nominate someone you trust, set a sensible waiting period, print the Emergency Kit, name your Legacy Contact, and tell your executor where the recovery path lives. Done well, this work means your family is not locked out of your digital life at the moment they are least able to fight a master password they will never guess.
Then do the separate, more lasting work. The accounts are recoverable with a plan; the person behind them is only preserved if you choose to preserve them. That is what building a Persona is for: a governed, consent-first representation of who you are, made while you are alive and then locked so it cannot be altered or commercialised after your death. The password manager keeps the key. The Persona keeps the person. You need both, and only one of them expires the moment the vault is opened. Build Once. Live Twice.™