Why you shouldn’t leave your passwords in your Will

So, there’s been much news coverage over the past few days concerning a survey which says 1 in 10 of us plans to leave online passwords in our will, although I’m not sure if that’s actually something which is physically happening or just a nice idea. The reasons include the sheer financial value of films, music and software, as well as the sentimental value of family snaps and videos, all of which are increasingly likely to be stored only online. But as a reader suggests in The Times today, this could be a disastrous thing to do. The letter points out: “Once probate has been granted, the will is open to public inspection” and therefore your passwords would be open to the world.

Now, when I go, I hope that the executors of my will have enough information to clear up my financial affairs. (That reminds me, I really should ensure there’s a way for them to access my online bank accounts and other important documents. If they can’t do so, they’ll have to go through the process of getting a hard copy of my death certificate to the banks, and it could take some time.) But I doubt they’ll do much more. All those hundreds of other online accounts, from GMail down to free memberships of websites I’ll never visit again even while I’m alive, will be allowed to quietly fall into disuse. My executors won’t bother to close them down, even if they could (can you even close and delete a GMail account?).

However, what happens if I publish my passwords in my will? Sure, the bank account details won’t be of use to anyone, because presumably by the time the details are made public, the accounts will have been closed (or let’s hope so). However, the world would have a free run at everything else. I’ve made a good attempt at allocating different passwords to everything I’ve ever subscribed to, but I’ll admit to having used some passwords more than once, and I know some people use the same password for everything. There’s a lot of mischief which might be caused if someone gets into my Twitter account, for example, and masquerades as me to people who don’t know I’m dead. And the thought of what might happen if strangers got into my GMail account, which already has 6Gb and 7 years’ worth of private correspondence in it, doesn’t bear thinking about. There are many examples online of people finding out a seemingly innocuous password belonging to someone else, and using that to get into a series of increasingly important accounts. What we need to do is document our user names and passwords somewhere, safely and separately, for our executors. But that place isn’t in a will.

It’s impossible to expect your executors to delete your online presence after you go. Don’t put their futures in potential difficulty by giving strangers even the slightest ability to exploit your absence.