2. How to create a digital estate plan

Creating a digital estate plan starts with understanding what you have and how it’s stored, so you can decide what to pass on and how to do it securely

Step 1: Take stock of your data

First, you need to know the breadth and depth of your data trove.

Figuring this out can be tricky if your logins are scattered around on sticky notes and spreadsheets. If you use a password manager like 1Password, you can keep everything in one place and protect it all with a single password. Otherwise, you’re going to have to rack your brain and pull everything together the old-fashioned way.

As you go through this process, make a note of the accounts that you consider the most important or valuable. These will probably fall into one of three buckets: money, crucial information, and ways to contact other people. You should end up with a list that covers some or all of the following:

• Banking
• Real estate accounts, inclusive of mortgage and deeds
• Government and tax-related services
• Life insurance 
• Student loans
• Pension and/or retirements savings 
• Cloud storage
• Email
• Social media
• Domain names and websites
• Entertainment services, like Netflix and Spotify
• Productivity apps including 1Password
• Virtual currency and investments, such as Bitcoin or stock trading accounts
• Airline accounts 
• House codes (wifi, alarms, garage codes)

Completing this exercise will give you some perspective on what you’re trying to hand over. It could also reveal some important accounts that you’ve forgotten about or rarely use. You might have a long-abandoned profile on MySpace or Tumblr, for instance. Or racked up some points with an airline that you haven’t contacted or thought about in a while.

Step 2: Consider who will be inheriting your data

What makes sense to you could be confusing for someone else.

A lot of people have never used a password manager, for instance. A relative might not be patient or particularly tech-savvy. Alternatively, you might have a family that is already familiar and on board with using a password manager. Regardless, you should think about the person who will be receiving your data and the type of handover they’ll be able to follow.

Step 3: Decide how to hand over your data

There are many different ways to do this. If you use a password manager, you could explain to your loved ones how to log into your account.

The easiest way is to write some instructions and leave them in a personal safe, alongside your traditional will, or with whoever manages your will, such as an attorney or estate-planning company.

Many password managers also have built-in sharing capabilities. 1Password has vaults, for instance, that work like shareable folders. If you go down this route, you won’t have to share the sensitive credentials required to log into your password manager. It will also give you more control over how much of your personal data is passed on.

1Password also has recovery codes, a unique and secure code used as a backup to help you regain access to your account in case you forget your account password or, in the case of 1Password, also lose your Emergency Kit with your Secret Key. You could opt to keep your recovery code and email account password with your will so your loved ones can use it to regain access to your 1Password account and sensitive data stored within. 

Alternatively, you can export your data. Or, if you don’t have a password manager, create a simple spreadsheet. A word of caution though: you’ll be storing everything in a file format that anyone can read. This option might be attractive if the intended recipient doesn’t have or want a password manager. The downside is that if the wrong person stumbles upon the file, they’ll immediately have access to all your digital accounts. Put the file on a drive or USB stick – preferably encrypted – and keep it somewhere secure, such as a personal safe.

Step 4: Think about two-factor authentication and passkeys

What’s better at keeping your data safe than a long and random password?

A long and random password backed up by two-factor authentication (2FA). The latter is a second line of digital defense, typically through a time-sensitive code from an app or device. 

You may have also started adopting passkeys – login credentials that replace passwords entirely. Passkeys remove the need for one-time codes and are resistant to phishing, making them extremely secure. However, because they’re stored on specific devices or synced accounts, passkeys can be harder to transfer.

Using a password manager solves both problems: you can store 2FA codes and passkeys together, and securely share them with trusted people through shared vaults or recovery options. Not every password manager supports passkeys yet, so confirm that your chosen tool can store and share them safely.

If you don’t like these options, there are some alternatives. One-time passwords can be sent via text message, for instance. We don't recommend this method because text messages can be intercepted using so-called 'sim-swapping' attacks, but it's an easy one for relatives to understand.

There are a bunch of standalone authentication apps, too, such as Duo Mobile and Google Authenticator. Some of these can be set up on multiple devices, meaning you don’t have to worry about whether your loved ones can unlock your phone.

Step 5: Consider the information that you don’t normally keep in a password manager

Password managers are a convenient place to store all kinds of sensitive information.

But most people have at least one or two passwords that they prefer to keep in their brain. The password for your laptop, perhaps, or the code required to unlock your safe. Will your loved ones need this information to inherit your digital estate?

If so, think about the ways you might feel comfortable handing it over. You might want to include them in your physical will, or with the instructions to log into your password manager.

Step 6: Set up inactivity switches and legacy contacts 

Some services can automatically alert trusted people or share your data if your account goes unused for a certain period of time.

Google’s Inactive Account Manager, for example, lets you set a custom length of time and choose who’s notified, with options to share selected files or delete your data entirely. If you don’t log into your account, the timer will eventually run out, and an email will be sent to a list of pre-chosen contacts with whatever you’ve decided to share. Facebook offers a Legacy Contact feature that allows someone you trust to manage or delete your profile after you pass away, while Apple’s Digital Legacy program works in a similar way, letting approved contacts securely access your iCloud data and purchases.

These tools simplify digital handovers without requiring shared passwords or 2FA codes.

Ready for the next step?

Once your plan is in place, make sure it stays useful. Learn how to keep it up to date – and share it safely with the people you trust – in the next section.