Final Capsule
Get Started
Guide · 9 min read

How to make sure your passwords survive you

The logins you use every day are worthless to the people you love if they can't reach them. Here is a calm, practical way to make sure they can, without turning anyone into a hacker.

Why passwords are the silent part of a digital legacy

When we think about leaving things behind, most of us picture letters, photos, maybe a will at the notary. We rarely picture the twenty or thirty logins that quietly run our entire adult life: the email account that receives every single password reset, the cloud storage that holds twenty years of photos, the bank app, the tax portal, the health records, the subscriptions.

If the person you love cannot get into your email, they cannot get into almost anything else. That single account is the master key to half of modern life, and it is usually protected by a password nobody else knows and a second factor on a phone nobody else can unlock.

Step 1. Use a password manager, and only one

If you don't already use a password manager, stop reading and install one. 1Password, Bitwarden, Proton Pass and Dashlane are all reasonable choices. The details matter less than the decision: you need a single, encrypted vault that holds everything, with one master password you never reuse anywhere else.

The magic isn't the software. The magic is that from now on, passing on one master password gives the right person access to everything in a clear, browsable list.

Step 2. Write down what you want them to know

A password manager vault without context is overwhelming. Your heir will open it, see four hundred entries, and have no idea which ones matter. So write a short document, one page is enough, that answers:

  • Which email account is the primary one (the one that receives password resets)
  • Which accounts they should close, which ones they should keep running, which ones they should memorialise
  • Where any recurring payments are, so they can stop the ones that no longer make sense
  • Any accounts that hold real value — not just money, but memories: cloud photos, drafts, drive folders

Step 3. Handle two-factor authentication early

Most people's 2FA lives on a single phone, protected by a single face or fingerprint. If that phone is locked forever, the master password alone is not enough. You must either:

  • Store 2FA recovery codes inside the password manager itself (most services give you 8–10 one-time codes when you enable 2FA — print them, save them to your vault)
  • Or use an authenticator that syncs to your password manager (1Password, Bitwarden and Proton Pass can all generate TOTP codes themselves)

The worst case is not a forgotten password. The worst case is a password manager successfully unlocked, and every important account inside it demanding a six-digit code from a phone nobody can reach.

Step 4. Deliver the master password safely

This is the hard part. You cannot write the master password on a piece of paper in a drawer — if anyone finds it early, the entire vault is compromised. You cannot put it in a will — wills become public in probate, and probate can take months. You cannot email it to yourself — your email is the exact thing you're trying to unlock.

What works is a time-locked, verification-gated, end-to-end encrypted delivery: the password is encrypted on your device before it ever leaves it, stored unreadable on our servers, and released only after a system has confirmed through multiple independent signals that you are no longer able to access it yourself.

This is exactly what Final Capsule does. You write your master password into a capsule — in clear, because the encryption is the whole point — name one or two trusted Confidants plus one SafeGuard (a person whose only job is to vouch, in the worst case, that delivery should happen), and the system handles the rest. The capsule is end-to-end encrypted; it is released to the named heir only once verification succeeds, never before, never to anyone else.

The special case: hardware wallets and recovery phrases

A growing number of readers of this guide have a category of “password” that does not live in a vault: the seed phrase of a hardware wallet — 12 or 24 words that, together, reconstruct a cryptocurrency wallet from scratch. These words are not stored by any company. They exist only on the piece of paper or metal plate you wrote them on. If your family does not know where it is, the wallet is effectively burned.

Most guides tell you to “hide the paper somewhere safe”. In practice that is exactly where the problem starts: paper can be stolen, burned in a house fire, ruined by a flood, or simply found too early by the wrong person. A steel plate survives fire but not a curious visitor. Splitting the words across locations sounds clever until your heirs have no idea that a second fragment even exists.

The cleanest method today is to put the phrase itself into an end-to-end encrypted capsule. The 12 or 24 words are typed in once, encrypted on the client, stored unreadable on our servers, and released only to the heir you named, only after multi-phase verification confirms you are no longer able to access the wallet yourself. No paper to lose. No drawer to forget. No relative rummaging through your home before the time is right.

Three rules for a safe setup:

  • Put the words themselves inside the capsule, in clear. Type the 12 or 24 words directly. The encryption is what protects them — not obfuscation, not a half-written hint. A half-written clue is useless to your heir and does not make a thief's job any harder.
  • Write plain-language instructions next to the words. “Open the Ledger Live app, plug in the device marked ‘BTC’, choose ‘Restore from recovery phrase’, and enter the 24 words below one by one” is worth more than any diagram. A non-technical heir needs sentences, not a tutorial.
  • Keep the device and the capsule on separate trust paths. The hardware wallet lives in the physical world (a drawer, a safe). The phrase lives inside an encrypted capsule, addressed to the heir. Neither alone is enough to move funds — together, in the right hands, recovery takes ten minutes.

If you hold a meaningful amount of crypto, consider splitting the phrase into Shamir shares or using a multisig setup — but only if your heirs can realistically reconstruct it. A recovery plan too complex for a non-technical heir is not a recovery plan. For most holders, a single encrypted capsule with the full phrase and clear instructions is the highest reliability you can get.

A short checklist you can copy today

  1. Install a password manager if you don't have one
  2. Audit your accounts, delete the ones you don't use
  3. Store 2FA recovery codes inside the vault
  4. Write a one-page “map” explaining which accounts matter and why
  5. For any seed phrase or recovery document: type the words directly into an end-to-end encrypted capsule with plain-language instructions — no paper, no drawer, no map to draw
  6. Put the master password (and any seed phrase) into a capsule addressed to the right heir
  7. Tell at least one Confidant the capsule exists

Prepare your capsule now

Free forever for text-only messages. Lifetime plan for everything else.

Start for free

Related: The files your family won't find without a map · FAQ