Why this matters
Every guide on this site points the same way: hold your own keys, depend on no company, keep your secrets to yourself. It raises one fair objection. If only you can get in, what happens when you cannot?
A hospital stay, an accident, or worse, and suddenly the strength of good security becomes a wall around your own family. The password manager they cannot open. The phone they cannot unlock. The savings, the photos, the crypto, all sealed behind protections doing exactly what you asked of them. Many people answer this by quietly weakening their security, or by never starting at all.
There is a better answer, and it is one document. A handover is a short, sealed plan that lets one trusted person reach what they need, when they need to, and gives nothing away before then. It does not loosen a single lock today. It makes sure the keys are not lost with you.
One sealed plan that points a trusted person to your accounts and keys, kept so it is useless to anyone else until the day it is needed.
What goes in it
A handover is mostly a map, not a pile of passwords. Its job is to tell the right person where everything is and how to open it, with the actual secrets sealed away rather than typed into the list.
The map names the things that matter and where they live:
- The accounts that count. Your main email first, since it can reset the others, then banks, and anything tied to money or identity.
- The password manager. Where almost everything else lives, and how to get into it, through its emergency access or a sealed master password.
- The second factors. Where your two-factor recovery codes are kept, and where any hardware security keys physically are.
- The backups. Where your encrypted backups sit and the passphrase that opens them.
- Self-custody crypto. The seed phrase, sealed, with plain instructions for using it.
- Your wishes. What to do with each account: close it, memorialise it, or pass it on.
The rule that keeps this safe is the split. The list above is the map, and it can be fairly open. The secrets it points to are the keys, and they are sealed and stored separately. Someone who finds the map alone learns where the safe is, not how to open it.
Where the secrets live
The keys, the actual master password, recovery codes and seed phrase, need somewhere that the right person can reach and no one else can browse. There are three sound homes, and one place to avoid.
The place to avoid is the will. A will becomes public record when it passes through probate, so a password written into it is a password published. The will should name that a sealed handover exists and where to find it, and stop there.
A sealed letter is the simplest home: the keys on paper, in a fireproof safe at home, with your lawyer, or in a safe-deposit box. The will and your trusted person refer to it by location, never by content. A password manager’s emergency access is the digital version, letting a named person request entry after a delay you set. Many people use both, a sealed letter as the backstop to the app.
The map and the keys should never sit together. If the document that lists your accounts also holds the passwords, then losing that one document loses everything. Kept apart, a thief who finds one half still has nothing that opens.
The built-in handovers
Some of this is already built into the services you use, waiting to be switched on. Turn these on, and they do part of the job automatically.
Your password manager
Most managers can hand over the vault on your terms. Bitwarden’s emergency access lets you name a trusted contact who can request entry, granted after a waiting period you choose so you can refuse it while you are well, in either a read-only or a full-takeover form. 1Password instead gives you a printed Emergency Kit to seal in a safe. Either way, the vault is the centre of the handover.
Apple and Google
Apple’s Legacy Contact lets you name someone who, with an access key and your death certificate, can reach your photos, messages, notes and files. It pointedly does not include your iCloud Keychain, so your saved passwords, passkeys and payment details stay out, and still need the sealed letter. Google’s Inactive Account Manager takes a different route: set how long of inactivity should count, and up to ten named people are sent a message and the data you chose to share.
These take ten minutes each and cover the largest accounts most people have. Switching them on is the fastest part of this guide, and it does a surprising amount of the work before you write a single sealed page.
Put it together
Five steps turn this from a worry into a finished, sealed plan.
List where everything lives
Write the inventory: the accounts that matter, the password manager, the backups, the safe. Record where each thing is and how it is opened, not the secrets themselves. This part can be a plain document, because on its own it gives nothing away.
Put the secrets on paper, sealed
Write the master password, two-factor recovery codes, the location of any hardware keys, and any crypto seed phrase. Seal them, and store them in a fireproof safe, with a lawyer, or in a safe-deposit box. Keep them apart from the map.
Set up the automatic handovers
Turn on your password manager’s emergency access, Apple’s Legacy Contact and Google’s Inactive Account Manager. These carry the biggest accounts on their own.
Choose them, and tell them
Pick someone you trust who could act calmly under pressure. Tell them the plan exists and where to find the sealed part, so it is not a surprise on the worst day. Tell them where it is, not what is in it.
Keep it from going stale
Put a recurring note in your calendar to review it once a year. Accounts close, phones change, banks move. A handover is only as good as the last time you checked it.
Keep it safe and current
A handover has one test, and it pulls in two directions at once. It must be reachable by the right person at the right time, and useless to anyone else until then.
The split between map and keys is what holds both ends. The map can be findable, because it only points. The keys are sealed and physical, because they open. Your trusted person knows the plan exists and where it lives, and learns the rest only when they need to.
The other half of keeping it good is keeping it current. The plan you write today drifts out of date as life moves: a new phone with a new lock, a bank you switched, a password manager you replaced. A yearly review, and a quick update after any big change, is the difference between a handover that works and a sealed envelope full of dead passwords. This pairs naturally with the password vault, which is the thing your handover most often points to.
Quick reference
| Piece | Do |
|---|---|
| The map | List accounts, password manager, backups and safe. Locations, not secrets. |
| The keys | Seal the master password, recovery codes and seed phrase. Store them apart. |
| The will | Point to the handover. Never write a password into it. |
| Password manager | Turn on emergency access, or print and seal the Emergency Kit. |
| Apple and Google | Set a Legacy Contact and Inactive Account Manager. |
| The person | Name someone you trust. Tell them where, not what. |
| Upkeep | Review once a year and after any big change. |
Common questions
The questions people put off, along with the plan itself, until something prompts them.
Isn't this the same as a will?
No. A will says who inherits what, and it becomes public record when it goes through probate, so anything written in it is exposed. The handover is a separate, private plan for access, not ownership. Your will can point to it without ever containing it.
Where should I keep the secrets?
Sealed and physical: a letter in a fireproof safe at home, with a lawyer, or in a safe-deposit box, or behind a password manager's emergency access. Never inside the will itself, and never as a plain file sitting on your computer.
Won't writing this down make me less safe now?
Only if you do it carelessly. Keep the map, which is where things are, apart from the keys, which are the secrets. Seal the keys, and tell your trusted person where the plan is rather than what it holds. No single leak should be enough to open anything.
What is a password manager's emergency access?
A feature that lets someone you name request access to your vault, granted only after a delay you set, so you can refuse it while you are fine. Bitwarden offers this with a wait time you choose, and 1Password gives you a printed Emergency Kit to store in a safe.
Does Apple's Legacy Contact include my passwords?
No. A Legacy Contact, using the access key and your death certificate, can reach your photos, messages, notes and files, but not your iCloud Keychain passwords, passkeys or payment details. Those still need the sealed handover.
What about my crypto?
Self-custody crypto is the clearest case for a handover. If the seed phrase lives only in your head, it dies with you and the coins are gone for good. Write it once, seal it with the rest of your keys, and leave plain instructions for how to use it.
Who should I choose?
Someone you trust completely who could act calmly in a crisis, which is not always the closest relative. Tell them in advance so it is not a shock, and make sure they could reach the sealed plan when the time comes.
How often should I update it?
Once a year, and after any big change: a new phone, a house move, a new bank, a new password manager. An out-of-date handover is the one that fails at the moment it is finally needed.