Dear friends,
Password managers and security tools are designed to be impenetrable fortresses, protecting your most sensitive information with military-grade encryption. This creates a paradox in legacy planning: the very security measures that protect you in life can permanently lock out your loved ones after death unless you plan appropriately.
Your password manager likely contains credentials for dozens or hundreds of accounts, including financial institutions, email accounts, and critical services. Without access to this vault, your family may be unable to manage your digital estate, access important accounts, or even complete basic administrative tasks after your death.
Critical challenges include physical device required to access registered accounts - cannot be remotely accessed, lost hardware key = account lockout unless backup key registered, and most users register only one key per account (no backup). These security layers protect against unauthorized access but can also prevent legitimate access by authorized family members and estate executors.
DeathNote helps you securely document master passwords, recovery keys, 2FA backup codes, and hardware security device PINs. You can provide step-by-step instructions for accessing your password vault while ensuring this information remains encrypted and protected until properly verified death triggers delivery to your designated contacts.
Consider creating a layered access plan: emergency contacts who can access critical accounts immediately, trusted executors who receive full vault access, and detailed documentation of what's stored where. This planning ensures security during life while enabling access when needed.
Platform Overview
Primary Use
Passwordless authentication, two-factor authentication (2FA), hardware-based security for high-value accounts
Account Types
Works with: Google, Microsoft, Apple, Dropbox, GitHub, Coinbase, Kraken, Facebook, Twitter, password managers
Data Types
Physical USB/NFC devices (YubiKey, Titan Security Key, FIDO2 keys), device PINs, backup keys, account registrations
Access Challenges
- Physical device required to access registered accounts - cannot be remotely accessed
- Lost hardware key = account lockout unless backup key registered
- Most users register only ONE key per account (no backup)
- Device PIN may be required for some keys (especially for passwordless)
- Keys stored in unknown locations (desk drawer, keychain, safe)
- Account cannot be accessed if key is lost and no recovery codes saved
- Family must physically locate key after death to access accounts
Inheritance Guidance
Step 1: Register Backup Security Keys Immediately
The #1 rule of hardware keys: ALWAYS register 2+ keys per account. Single key = single point of failure. If lost, stolen, or you die with key on your person, account is locked forever.
Step 2: Document Hardware Key Locations
Hardware keys are useless to your family if they can't find them. Physical location is critical for inheritance.
Step 3: Store Recovery Codes for Key-Protected Accounts
Hardware keys should NEVER be the only 2FA method. Always enable recovery codes as backup. Key loss should not equal permanent lockout.
Step 4: Set Hardware Key PIN (If Supported)
YubiKey 5 series and newer support PIN protection for FIDO2/passwordless login. PIN prevents unauthorized use if key is stolen or found after death.
Step 5: Create Hardware Key Inventory
List every account registered with hardware keys so your family knows which accounts require the physical key for access.
Related Resources
Yubikey Legacy Planning
Specific guidance for YubiKey inheritance and PIN-protected device transfer
2FA Recovery Codes Legacy
Critical backup codes for hardware key-protected accounts
Google Authenticator Transfer
Alternative 2FA method to hardware keys for easier inheritance
Crypto Wallet Legacy
Hardware keys often protect crypto exchange and wallet accounts
How It Works
Learn how DeathNote automates digital legacy delivery including hardware key instructions
Frequently Asked Questions
Can my family access my hardware key-protected accounts if they don't find the physical key?
Only if you stored recovery codes. Hardware keys require physical possession - they cannot be remotely accessed or bypassed. If your family cannot locate the key AND you never saved recovery codes, the account is permanently locked. This is why you must: 1) Register backup keys, 2) Document key locations, and 3) Store recovery codes in password manager. Recovery codes are the critical failsafe for lost hardware keys.
Should I register the same hardware key on multiple accounts or use different keys?
Use the SAME primary key across all accounts for convenience during your life, but register a DIFFERENT backup key stored separately for inheritance. This way: You carry one key daily for all accounts (easy), your family has a backup key in a safe that unlocks all accounts (inheritance-ready), and if your primary key is lost/stolen, you can use the backup to regain access. Always register 2+ keys per account.
What happens if my YubiKey is PIN-protected and my family doesn't know the PIN?
They cannot use the key for passwordless/FIDO2 authentication. However, many accounts allow hardware keys for 2FA without requiring PIN - the key just needs to be tapped. If PIN is required and unknown, your family must use recovery codes instead. Always store your YubiKey PIN in estate documents or password manager. PIN can be reset using YubiKey Manager software, but this requires the old PIN, creating a catch-22.
Is a hardware security key better than an authenticator app for inheritance planning?
Hardware keys are MORE secure during life but HARDER to inherit. Authenticator apps (Authy, Microsoft Authenticator) can be backed up to cloud and accessed via your phone PIN. Hardware keys require physical location knowledge and backup key registration. Best practice: Use hardware keys for highest-security accounts (crypto exchanges, GitHub, admin accounts) WITH recovery codes stored, use authenticator apps for medium-security accounts (easier inheritance).