How Families Lose Access To Important Digital Accounts

It happens more often than you might think. A parent dies, a spouse is rushed to hospital, or someone suffers a sudden accident, and the family quickly discovers they cannot get into the accounts that matter most. The online banking portal. The email account that every other account is linked to. The insurance portal that holds the policy details they urgently need. The cloud storage full of irreplaceable family photos.

This is not a problem that only affects people who are disorganised or who did not care about their family. It affects careful, responsible people who simply did not think about this specific issue. Because the tools we use every day, password managers, two-factor authentication, biometric logins, are designed to keep other people out. And when something happens to the account holder, those same security measures keep the family out too.

Understanding why this happens is the first step toward preventing it. So here are the real reasons families get locked out, and what you can do about each one.

The Password Problem: Only One Person Knows

Modern password advice is to use a unique, complex password for every account. Most people who follow this advice use a password manager to store them. The password manager is protected by a master password that only they know. And sometimes, biometric authentication on a single device.

This is excellent security. But from the family's perspective, it creates a single point of failure. If the account holder is gone, and nobody else knows the master password, the entire vault is sealed. The family might know which password manager was used. They might even have access to the device. But without the master password, they cannot get in.

Even people who write passwords down often do it in a way that only makes sense to them. A notebook with partial entries. A note on the phone, locked behind a PIN nobody knows. A spreadsheet in a folder buried inside another folder. The intention was good but the execution did not account for what would happen when they were no longer around to explain it.

Two-Factor Authentication: A Security Feature That Locks Families Out

Two-factor authentication, or 2FA, is one of the most effective security tools available. The National Cyber Security Centre recommends 2FA for all important accounts, and rightly so. It stops unauthorised access even when a password has been stolen. But it creates a serious problem for family emergency access.

Here is how it plays out. A family member knows the email password. They enter it. Then a verification code is requested, sent to the account holder's phone. That phone is locked with a PIN or fingerprint. Or it has been lost. Or the number has been disconnected because the bill was not paid after the account holder died. So the family cannot get the code, and they cannot log in.

The same thing happens with authenticator apps. An app like Google Authenticator or Authy generates time-based codes on a specific device. If nobody has access to that device, those codes are inaccessible. And unlike SMS codes, there is no phone number to transfer or reconnect.

Even phone network providers are limited in what they can do to help. Transferring a number to a new SIM after a death requires significant documentation, takes time, and may still not solve the 2FA problem if the original number is no longer active.

2FA recovery codes exist precisely for situations like this. They are backup codes that can bypass the normal 2FA process. But most people never save them. And of those who do, very few store them anywhere that a family member could find.

Platform Terms of Service: The Legal Barrier

Even when a family has a password and can get past 2FA, they may discover that logging into a deceased person's account technically violates the platform's terms of service. Most platforms state that accounts are personal and non-transferable. They are licensed to the individual user, not owned by them.

This creates a strange situation. A legal heir may have a right to the financial value of assets stored in an account, but no legal right to access the account itself. Platforms can and do refuse access, even with a death certificate and grant of probate. They might offer a data export instead. They might allow the account to be memorialised or deleted. But direct login access is often refused.

The UK government's guidance on wills and probate covers physical and financial assets thoroughly but is still catching up with the realities of digital inheritance. The law is evolving, but slowly. Right now, practical planning is far more reliable than relying on legal routes after the fact.

Nobody Knows What Accounts Exist

This is surprisingly common. Families often have no idea what accounts a person held. Most people sign up for things over decades, forget about some of them, use others only occasionally. After a death, the family is left to piece together the full picture from bank statements, old emails, and whatever they can find.

Some accounts come to light quickly because they are actively used. Others surface only when a charge appears on a bank statement. Some are never found at all. And the most important ones, the ones that hold money, documents, or access to other accounts, may be exactly the ones nobody knew about.

Even when families discover that an account exists, they still face the problem of accessing it without credentials. Finding out there is an investment account is not the same as being able to log in and start the transfer process.

The Two-Factor Recovery Code Gap

Recovery codes are the intended solution to the 2FA problem. When you set up two-factor authentication, most platforms give you a set of one-time backup codes you can use if your primary 2FA method is unavailable. They look something like this: a list of ten eight-digit codes, meant to be printed or stored somewhere safe.

Very few people actually do this. And fewer still store recovery codes somewhere their family could find them in a crisis. The codes are generated once, at the moment 2FA is set up, and then effectively forgotten. When a family needs them, they are nowhere to be found.

Including 2FA recovery codes alongside account credentials in a family emergency vault completely solves this problem. It is not complicated. It just requires being deliberate about it.

The Accounts That Cause the Most Immediate Problems

Not all locked accounts are equally urgent. Some can wait weeks or months to resolve. Others cause immediate, practical crises. Here are the accounts that families most often struggle to access, roughly in order of urgency.

• Primary email account: Used to reset every other account. If this is inaccessible, everything else becomes harder.
• Online banking: Bills need paying, subscriptions need cancelling, money needs managing. Frozen accounts cause real financial stress for surviving family members.
• Insurance portals: Policies need to be found and claims may need to be made quickly, especially for life insurance or critical illness cover.
• Pension and investment platforms: Part of the estate, requiring formal processing, but first requiring access to even begin the process.
• Cloud storage: Photos and documents that may be urgently needed, or that risk being lost if accounts go inactive.
• Government service accounts: HMRC, pension service, benefits. These all need notifying and managing as part of estate administration.
• Cryptocurrency wallets: If private keys or seed phrases are not accessible, the funds are permanently lost.

What Actually Works: Emergency Family Access

The only solution that consistently works is planning done before the emergency. Not a written list on paper. Not telling one person verbally. A structured, secure, encrypted system that gives the right people access to the right information, activated at the right time.

This is the core purpose of Williation. You store the credentials, documents, and recovery codes that your family would need. You designate which family members should have access and at what level. You set up an inactivity alert so that if you stop checking in, your family is automatically notified, without needing to make difficult judgment calls about when to start looking.

The result is that when something happens, whether that is a sudden death, a serious illness, or any other emergency, your family has a clear path forward. They know where to look, they can get in, and they have instructions alongside each item explaining what to do.

What to Tell Your Family Right Now

You do not need to have everything set up perfectly before you talk to your family about this. The most important thing is to make sure they know:

• That you have a digital emergency plan in place, or are working on one
• Where they can find it and how to access it in an emergency
• Who the vault provider is, so they know where to go
• That they are named as emergency contacts with access

Even a conversation that lasts five minutes is infinitely better than leaving your family with nothing. And once you have a proper system in place, you can point them to it and know that everything they need is there.

If you want to understand what to put in your emergency plan, read our guide on what to include in a digital emergency plan. And to learn more about setting up family access correctly, take a look at our article on emergency access for family accounts.