Password lists don’t work in the era of 2FA.
Even with the perfect estate plan and documents in place, your agents and fiduciaries are still going to need to be able to get into your accounts. The documents we provide will help them, but if you plan to rely solely on those documents, it could be a process full of frustration and delays.
We used to recommend password books, but in the era of 2FA or two-factor authentication (those little codes sent to your text and email, even after you enter the right password), we are updating our advice. We don’t want your agent to struggle through reading your handwriting, an updated password not being recorded, or your agent not being able to get past the 2FA prompts.
How to help your Agents
1. Make one master inventory of what exists.
List accounts by category only. No passwords on this list. You can store this in DropBox, Google Drive, or a similar service, and invite your agent as a viewer (not editor). You can also print it, date it and keep it in your estate planning binder. Review every spring and fall.
2. Choose an email account for Two-Factor Authentication (2FA) on accounts your agent may need:
Banks, your primary email, and cloud storage. Edit security settings so codes go to your primary email, not only to text. Assume that in an emergency, your agent may not have access to your phone.
(If you don’t want your agents to have access to your entire email history, consider making an email account just for this 2FA purpose that you don’t use to send and receive communications.)
3. Use a password manager for all logins.
Create one strong master password, store security answers and any backup codes in secure notes, and retire paper lists. If you’re unfamiliar, these are a cloud-based vault where your passwords are stored and updated across devices. Your phone or computer is merely the tool you use to connect to it.
Nothing is stored locally on these devices, so if your phone is destroyed, there’s no worries. If your phone is stolen, a thief will still need a master password or facial recognition to get into your vault. So there’s no worries there, either.
There are at least a dozen out there and it would be worth your time to research them. Look for simple setup, and the ability to share one set of logins with your health care surrogate and a different set with another agent. Each has free and monthly subscription versions.
4. Create safe “break-glass” access.
Turn on your password manager’s emergency access or place instructions in your home safe or estate planning binder where the password manager vault is and how your agent reaches your 2FA email.
5. Simplify autopay.
If possible, pick one checking account as the “bills hub,” move autopays there, and list each with amount and due date in your inventory. Add annual renewals and cancellation windows to the notes in your account inventory.