← Guides / Practical Tasks

Practical Tasks

What to Do With Authenticator Apps After Someone Dies

Authenticator apps can lock you out of email, cloud storage and financial accounts after a death. Here’s how to preserve access before you wipe or cancel anything.

PB

Phil Balderson

13 JULY 2026 · 7 MIN READ

What to Do With Authenticator Apps After Someone Dies

If someone dies and their phone contained an authenticator app, do not rush to reset the device, throw away the SIM or close the mobile account. Authenticator apps can be the key to email, cloud storage, bills, subscriptions and memorial account requests, so the safest first step is to preserve access before you tidy anything up.

This is one of those digital-admin tasks that sounds small until it blocks everything else. If you lose the second factor too early, recovering other accounts can become slower, more expensive and sometimes impossible.

Why authenticator apps matter so much

Many people now use an app rather than text messages to approve logins. That means the app on the phone may hold the rotating codes needed for:

  • email accounts
  • cloud storage
  • password managers
  • social media
  • shopping accounts
  • work tools
  • banking or investment logins
  • subscription and device accounts

In other words, the authenticator app may not hold sentimental content itself, but it often controls the route into accounts that do.

The first rule: preserve the device

Before you do anything else, keep together:

  • the phone
  • the charger
  • the SIM card
  • any tablet the person used for backups
  • any written recovery codes or emergency kits
  • any notebook where they kept login hints

Do not factory-reset the phone. Do not swap it in at the network shop. Do not cancel the mobile number immediately if that number is also used for account recovery.

This matters because account recovery often depends on a chain of access: email account, phone number, password manager, authenticator app, then the target account itself. Break one link too early and the rest can fall apart.

Work out what type of authenticator setup you are dealing with

Not all apps work the same way.

Google Authenticator

Google now allows code sync across devices if the user signed in to a Google Account inside the app. It also supports manual transfer from an old phone to a new one using Transfer accounts and Export accounts.

That means your first question is: was the app synced, or was everything stored only on the device? If it was device-only and the phone is lost or wiped, you may need to recover each linked account one by one.

Microsoft Authenticator

Microsoft supports backup and restore, but there is an important limitation: backup and restore work only on the same device type. Even when a restore works, some accounts still need you to sign in again before they are usable.

That means “the backup exists” does not always mean “everything is instantly accessible.”

Apple accounts and passwords

Apple’s Legacy Contact feature can help a family request access to data in an Apple Account. But it does not automatically solve every password or two-factor problem, and it does not simply hand over every secret stored on a device.

So if the deceased used an authenticator app, passkeys or iCloud Keychain, do not assume Apple access alone will unlock the wider digital estate.

A practical step-by-step plan

1. Identify the most important accounts first

Start with the accounts that control other accounts:

  1. primary email
  2. Apple, Google or Microsoft account
  3. password manager
  4. mobile provider account
  5. banking and bills
  6. cloud storage and photo libraries

You are not trying to close everything on day one. You are trying to stop accidental lockout.

2. Check whether recovery material already exists

Look for:

  • printed backup codes
  • an emergency kit from a password manager
  • a trusted contact or emergency access setting
  • a second device already signed in
  • another family member who was deliberately given shared access

These are often far more valuable than trying random passwords.

Being able to open an account and having the legal right to manage it are not always the same thing. Some services will only deal with the executor, administrator or next of kin through their formal bereavement process.

So your goal is not to impersonate the person who died. It is to preserve evidence, prevent avoidable lockout and then use each provider’s proper route where needed.

4. Use the phone to map the account landscape before changing anything

If you can lawfully access the device, make a simple list of:

  • which authenticator app is installed
  • which high-priority accounts appear to rely on it
  • whether the email app is still signed in
  • whether text messages are still arriving
  • whether there is a password manager present

This list will help you decide what can be recovered quickly and what needs a provider request.

5. Move urgent access first, emotional cleanup later

The order matters. Urgent first:

  • email access
  • billing accounts
  • cloud storage with important documents
  • phone-number retention
  • memorial or deletion requests for major platforms

Less urgent later:

  • old shopping accounts
  • unused subscriptions
  • duplicate app logins
  • cosmetic account tidy-up

Common mistakes to avoid

Resetting the phone too early

A clean device is useless if the old device was the only place the codes existed.

Cancelling the number before recovery is complete

Even when an authenticator app is in use, many services still fall back to text or phone verification.

Assuming one platform unlocks everything

Access to Apple data, a Google account or a Microsoft account does not automatically unlock every third-party service linked to it.

Treating the authenticator as “just another app”

It is often an access-control layer, not a content app. That makes it more important than it first appears.

When you may need provider-by-provider recovery

Sometimes there is no neat transfer path. If the device is locked, destroyed or wiped, you may need to recover accounts individually through each provider’s bereavement or account recovery process.

That is slow, but it is still better to know that early than to waste days assuming the codes will reappear.

A simple emergency checklist

ActionWhy it matters
Keep the phone, charger and SIM togetherPrevent accidental loss of the second factor
Do not wipe the deviceLocal codes may be stored only there
Keep the phone number active for nowIt may still be needed for account recovery
Identify email and password manager firstThey unlock other accounts
Look for backup codes and trusted contactsThey can save days of recovery work
Use formal bereavement routes where neededTechnical access does not replace legal process

Final thought

Authenticator apps are not the place to start with emotion. They are the place to start with order. Preserve first, map the important accounts, recover what matters most, and only then think about closure.

If you are managing a wider list of digital and practical tasks at the same time, GetPassage can help keep track of who has been notified and what still needs doing, so one missed login does not derail everything else.

Passage can do this for you.

A personalised plan for every step — in 2 minutes.

See my plan →
digital estateauthenticator appstwo-factor authenticationonline accountsbereavementaccount recoverypractical tasks

Keep reading

Related guides