Sign in Subscribe
Digital Presence & Online Policies

Digital Asset Estate Planning Checklist: How to Make Online Accounts Accessible After Death or Incapacity

Promise Legal Staff, Asha Geire

6 min read
Abstract fresco: prismatic vault in navy/teal with copper lattice, right-side negative space.
Loading the Elevenlabs Text to Speech AudioNative Player...

Today, a huge portion of your life — and often your money — sits behind usernames, passwords, and two-factor authentication: bank portals, email, photo libraries, subscriptions, and even crypto wallets. When someone dies or becomes incapacitated without a plan, loved ones can be locked out of critical accounts, exposed to fraud attempts, and unable to recover irreplaceable photos, messages, or documents.

This practical checklist walks you through three core steps: (1) inventory your digital assets, (2) give the right person clear legal authority to act, and (3) store access instructions in a secure, usable way. It’s written for individuals and families, as well as executors, agents under powers of attorney, and trustees.

Because rules vary by state and by platform, treat this as general information — not legal advice. If you’re already thinking about continuity planning, our succession planning framework reflects the same mindset: reduce disruption by planning for the handoff before there’s an emergency.

Start by outlining what counts as a “digital asset” (and why value isn’t just financial)

In estate planning, digital assets are the information and rights associated with electronic records (think: what you can access, control, or transfer online). A digital account is the relationship with a provider under its terms of service (your login at a bank, email provider, or social platform). A device (phone, laptop, hardware key) isn’t the asset itself — but it’s often the gateway to it.

Also you may assign access/control rights to various actors: an agent under a durable power of attorney helps during incapacity; an executor/personal representative acts after death; a trustee manages digital assets titled in a trust. Consider these categories of accounts and assets:

  • Online banking and investment accounts
  • Cryptocurrency and digital wallets
  • Email and electronic communications
  • Social media and online profiles
  • Cloud storage (photos/documents) and memberships
  • Subscriptions and recurring charges
  • Websites, blogs, domains, and online business assets

Example: A family can’t access a photo library, while app-store subscriptions keep billing. Usually nothing “mystical” happened — there’s no inventory, no authority, and no recovery instructions. Start with a list, then pair it with authorization and secure storage (and stay alert to phishing and password attacks during the scramble; see types of cyber attacks a law firm might face for common tactics that also target families).

Create a digital asset inventory your fiduciary can actually use (without creating a security disaster)

Your inventory should be actionable: detailed enough that a fiduciary can find the right account and follow the right process, but not a spreadsheet of raw passwords circulating by email.

  • Provider + URL/app (for example: “Vanguard – vanguard.com”)
  • Purpose (financial / sentimental / business)
  • Associated email/phone used for login and recovery
  • 2FA method (authenticator app, SMS number, hardware key) and where it lives
  • Where credentials are stored (password manager vault name, safe location)
  • Recovery instructions (backup codes location; trusted contacts; avoid listing security-question answers)
  • Subscriptions: renewal date, card used, and cancellation steps

Don’t put passwords or seed phrases in your will. Wills may become public in probate, creating an identity-theft and theft-of-funds risk.

Safer storage options: a password manager with emergency/legacy access; an offline sealed letter in a home safe (and a plan to ensure the right person can reach it); or an encrypted file with a clear key-handling plan. Basic hygiene matters — see building a culture of cybersecurity for your firm for practical habits that translate well to families.

Example: An executor has authority but can’t pass 2FA. Fix it by documenting which device/app generates codes, where any hardware key is stored, and which recovery contacts/backups are set up.

The hard truth: having the password isn’t the same as having authority. Logging in as someone else can violate a platform’s terms, and custodians often won’t disclose content (especially email/messages) without formal proof that a fiduciary is authorized to act.

Align your core documents so the right person can step in:

  • Durable power of attorney (incapacity): authorizes your agent to manage accounts and request access.
  • Will (death): appoints an executor/personal representative and can grant digital-asset powers.
  • Trust: helps with continuity (especially business accounts and domains) by keeping management in the trustee’s hands.
  • HIPAA authorization (if relevant): helps with patient portals and health-related communications.

State law matters. Many states use a framework based on RUFADAA, which often gives priority to a platform’s built-in “online tool” (for example, a legacy contact or inactivity setting) over contrary directions in a will or POA.

Example: An adult child has a parent’s email password, but the provider won’t release email contents. The fix is a three-part match: clear POA/will language, the platform’s online-tool settings, and the provider’s required request process — without cutting corners that invite account lockouts or fraud.

Handle crypto and digital wallets with a separate, higher-security plan

Crypto needs its own playbook because there’s often no “password reset”: whoever controls the private key/seed phrase controls the asset. If keys are lost, access can be permanently lost; if they’re shared casually, theft risk spikes.

  • Inventory: list each exchange and wallet type (exchange, software wallet, hardware wallet), what assets are held, and where keys/seed phrases or recovery methods live.
  • Choose custody intentionally: exchange custody (simpler, but subject to the platform’s processes), self-custody (more control, more responsibility), multisig, or professional custody.
  • Design access: document how a fiduciary finds devices, 2FA/hardware keys, and any step-by-step process — without giving them the seed phrase in advance.
  • Tax/records hygiene: keep transaction history and cost basis records. Remember the IRS treats digital assets as property and requires reporting of taxable dispositions; see IRS guidance on digital assets and our overview of the Form 1040 digital asset question.

Avoid: seed phrases in a will, emailing keys, or storing plaintext in cloud notes.

Example: A spouse finds an exchange account but can’t pass identity checks. The fix: name beneficiaries where available, keep identity documents accessible, leave clear executor instructions for the provider’s process, and coordinate those steps with your estate documents.

Plan for sentimental and personal data (photos, messages, social accounts) so it doesn’t disappear

Not every digital asset is about money. Often, the most important items are photos, videos, messages, and social accounts — and they’re also the most likely to be lost if nobody can access the right device, recovery method, or “legacy” setting.

  • Common sentimental assets: iCloud/Google Photos libraries, shared albums, message and email archives, social media accounts and DMs.
  • Decide what you want done: preserve/download and share; memorialize; delete; or grant limited access (specific folders/exports) versus full inbox/account access.
  • Use platform tools where available: Apple lets you name a Legacy Contact to access certain Apple Account data after death, and Google’s Inactive Account Manager can share selected data after a chosen inactivity period.

Privacy tip: minimize overbroad access. Consider a separate “personal data wishes” memo that names a trusted person and gives limited-purpose instructions for sensitive communications.

Example: Siblings fight over whether to read private messages. A short memo — separate from the will — can direct preservation of photos while restricting message review unless necessary for administration.

Don’t forget recurring charges and “small” accounts that create big headaches

The accounts with the lowest dollar value often cause the most cleanup. After a death or incapacity, families may miss auto-renewing subscriptions, lose access to app-store billing, or overlook a domain renewal until it’s too late.

  • Subscriptions/memberships to list: streaming services, software/SaaS, gaming accounts, newsletters, professional dues, and anything billed through Apple App Store/Google Play.
  • For each recurring charge: where it renews, which card/bank it hits, cancellation steps, and the login/recovery email tied to the account.

If you have any online business presence, treat it like an operational asset:

  • Web infrastructure: domain registrar, DNS, hosting, website/CMS logins, analytics, ad accounts.
  • Revenue streams: affiliate programs, ads, digital products, payment processors.
  • Continuity plan: who can post updates, who can shut it down, and where revenue should flow.

Example: A domain expires, a bad actor registers it, and a phishing site damages the family or business brand. The fix is simple but time-sensitive: calendar renewals, ensure the registrar account is in the inventory with recovery access, and designate a business-capable manager. For a refresher on common tactics, see types of cyber attacks a law firm might face (many apply to personal websites too).

Put it all together: appoint a “digital asset manager” and keep your plan updated

Pick one person to be your point person for digital assets. The best choice is trustworthy, reasonably tech-competent, and willing to follow your instructions. If your executor isn’t the right fit (or you have an online business), consider separating roles: an executor handles legal administration, while a digital manager or business operator handles day-to-day access and continuity.

  • Digital inventory (accounts, devices, 2FA methods, where credentials are stored).
  • Authority documents (POA, will, relevant trust excerpts).
  • Access essentials: device locations, hardware keys, backup codes.
  • Contact list: key institutions, IT support, and your attorney.

Set a maintenance cadence: a quarterly quick scan (new accounts? new phone number?) and an annual full update, plus updates after major life or account changes. Treat it like succession planning: reduce disruption by designing the handoff in advance (see Promise Legal Succession and Your Options as a New Attorney for the underlying continuity mindset).

Finally, keep security front and center when sharing any access instructions — phishing and password attacks often spike during stressful transitions (see types of cyber attacks a law firm might face and building a culture of cybersecurity for your firm).

CTA: Want help tailoring authority language to your state and coordinating it with your broader estate plan? Ask about a Digital Asset Estate Plan Review or a Digital Asset Inventory Checklist.