Today many people access most of their accounts - bank accounts, credit card accounts, investment accounts, mortgage accounts, and more - online via password access. Many professionals advise that in planning for incapacity or death, folks should keep a list of passwords to share with their loved ones or trusted agents who will need to access these accounts. I do not advise clients to share their passwords for many reasons, but the most concerning one is that, seemingly as a direct result of the popularity of the estate planning advice, “share your passwords,” I see a trend in people neglecting key parts of the legal post-death administration process.

It’s an old adage that probate proceedings and trust accountings never include cash or guns. We are rapidly getting to the point that we can add “accounts accessed by password” to the list of things that the general public will not be consulting their attorneys about when a loved one dies.

Consider a meeting with a family member after a loved one’s death. It matters very little whether the client might be the named executor or trustee or is seeking help with an intestate matter. During the meeting, you review an inventory of what the decedent owned or kept at the time of death. Then you walk the client through the various processes they need to follow to close accounts, transfer title of assets, clear title of assets, seek advice to keep assets productive, etc. During this part of the meeting, people are pretty accepting of the fact that to transfer or clear title to real estate requires filing documents with the county or that vehicles need to be processed through the DMV. However, there is often disbelief or hesitance in following the advice that someone needs to go through a formal procedure (with paper and signatures!) to transfer an account, be it credit card, bank or investment, when they have in their possession the “log-in” information to access that account online. This is especially confusing when they see a list of passwords kept seemingly as part of the estate plan.

Most, if not all, websites’ Terms of Service prohibit users from sharing their password with others. Though enforcing this is difficult and often not the highest priority for companies, if your client has violated the terms, you will not be in the best position to negotiate with that company in the future. In a post-death access or transfer situation, the company will be able to see all access after the date of death, which you will be providing to them. Unless you are claiming that one hundred percent of the account access post-death is fraudulent, you will be facing an uphill battle if you ever need to defend an account against fraud. It is truly difficult to watch a client with a legal claim to an asset unable to defend an account against fraud because they have simply taken over a loved one’s login credentials instead of taking the time to ask for assistance to legally transfer ownership of the asset.

Though I have not seen it yet, I worry about the separate property accessed with a password by a surviving spouse who doesn’t bother to notify a bank or check a beneficiary designation only to find out a child of the deceased spouse, or non-family third party has claim to that money.

To help avoid such a situation, here are a few practitioner tips:

  • During estate planning, have clients work up inventories including the accounts they hold and access by password, but note there is more risk than advantage to leaving lists of passwords around. Most everyone I know can accomplish a lot with an inventory and do less harm without the passwords.
  • During planning, encourage talking about and making notes of beneficiary designations, which can encourage conversation around the decedent’s wishes and the legal reasons for transferring title of accounts, which may not be specifically addressed in a will or trust.
  • After someone’s death, ask clients specifically how they are accessing accounts and planning to clear or transfer title of accounts that their loved one primarily accessed online.
  • After death, encourage clients to notify banks and financial institutions of their loved one’s death, even if they have access to them online.
  • After death, as a matter of fraud prevention, advise clients to close most online accounts that hold and present personal information even if there is no monetary value.