← Guides / Practical Tasks

Practical Tasks

What to Do With Passkeys and Biometric Logins After Someone Dies

A practical guide to protecting phones, laptops and account access when passkeys or biometric login stand between you and vital information.

PB

Phil Balderson

14 JULY 2026 · 6 MIN READ

What to Do With Passkeys and Biometric Logins After Someone Dies

If someone who has died used Face ID, Touch ID, Windows Hello or passkeys to sign in, the biggest risk is acting too quickly and locking yourself out forever. The first priority is to preserve the devices and the account ecosystem they were tied to, because passkeys are often stored on a phone, laptop or synced password system rather than written down anywhere.

This is a newer part of bereavement admin, but the principle is simple: protect access before you start closing accounts.

Why passkeys are different from passwords

A password can sometimes be found in a notebook, email, or password manager. A passkey is different.

Passkeys are designed to replace passwords. They are often linked to:

  • a specific phone, tablet or laptop
  • a cloud sync system such as iCloud Keychain, Google Password Manager or another platform account
  • device security such as a PIN, Face ID, fingerprint login or screen lock

That means relatives can hit a wall even when they have the death certificate and legal authority. Technical access and legal authority are not the same thing.

The first 24 hours: what not to do

Do not rush to:

  • factory reset the phone
  • trade in the device
  • remove the SIM or erase the laptop
  • close the Apple, Google or Microsoft account straight away
  • cancel the mobile number before checking what it secures

A passkey may be the only route into:

  • banking or savings apps
  • email accounts used for recovery
  • cloud storage
  • subscription accounts
  • photo or document services
  • two-factor prompts for other platforms

First steps that usually help

1. Secure the physical devices

Put the main phone, laptop, tablet and any hardware security keys somewhere safe. Keep them charged if possible.

2. Work out which ecosystem they used most

Ask:

  • Was the person mainly using Apple devices?
  • Did they rely on Google Chrome / Android?
  • Were key accounts linked to Microsoft?
  • Did they also use a password manager?

This matters because passkeys are often synced inside one ecosystem.

3. Check whether anyone already had authorised access

Look for legitimate pre-arranged access such as:

  • Apple Legacy Contact
  • Google Inactive Account Manager
  • shared family device access
  • a trusted relative already added to a password manager or family account

Pre-arranged access changes everything. No pre-arranged access means the process is usually slower and more limited.

What Apple, Google and Microsoft generally allow

Apple

Apple's Legacy Contact system can help someone access certain Apple Account data after death with the access key and death certificate.

But Apple is also clear about an important limit: iCloud Keychain passwords, payment information and passkeys are not included.

That means even if a family member can get some Apple data, they should not assume that automatically unlocks the deceased person's passkeys.

Google

Google says Inactive Account Manager is the best planning tool. If that was not set up, Google may work with immediate family or representatives in some circumstances, but it says it cannot provide passwords or other login details.

So if the passkey was tied to the person's device and account setup, access may be limited unless there was a pre-existing recovery plan.

Microsoft

Microsoft says it is generally unable to give non-account holders access because of privacy and legal obligations. If the family already knows the credentials, they can manage the account. Without them, Microsoft says accounts will eventually close through inactivity, and obtaining content may require formal legal process.

In short: do not assume the provider will simply hand over a login route because someone has died.

A practical triage approach

PriorityWhy it matters
Keep the phone and laptop safeThey may still hold the working passkeys
Preserve the screen lock information if lawfully availableWithout it, synced passkeys may be unreachable
Identify the main email accountIt is often needed for recovery flows
List the most urgent accountsBanking, bills, utilities and admin come before lower-value accounts
Delay account closureClosure can destroy the recovery path

Biometric logins: what families often misunderstand

Biometric login is usually just the unlock method, not the whole account itself.

For example:

  • Face ID may unlock the phone that contains the passkeys
  • a fingerprint may unlock the password manager or browser
  • Windows Hello may open the laptop that still has active sessions

So the question is not only "Can we use Face ID?" It is also:

  • does anyone lawfully know the device PIN?
  • are sessions already open?
  • is the key account still signed in on a trusted device?
  • are passkeys synced elsewhere on the same person's devices?

If you do have lawful access to a device

Move carefully.

A sensible order is:

  1. Photograph or note the devices present
  2. Check which important accounts are already signed in
  3. Identify recovery email addresses and phone numbers
  4. Export or save critical documents if you are authorised to do so
  5. Change recovery routes only where you have legal authority and a clear reason
  6. Keep a record of what you changed and why

If you do not have access

Be realistic early.

Without the device passcode, pre-arranged digital legacy access, or provider-approved route, some passkey-protected accounts may not be accessible. That is frustrating, but it is a design feature of modern account security rather than a simple customer-service problem.

At that point, focus on:

  • notifying banks, utilities and providers through bereavement teams
  • securing the estate through official routes rather than trying risky workarounds
  • preserving devices in case access becomes possible later
  • getting legal advice if an account contains essential records and there is no other route

Where this fits in the wider digital-estate checklist

Passkeys are not the whole job. They sit alongside:

  • phones and SIMs
  • email accounts
  • authenticator apps
  • password managers
  • cloud storage
  • social and subscription accounts

But they are a high-risk control point because one locked phone can block half a dozen other systems.

Final thought

When someone dies, digital admin often looks simple until you reach the security layer. Passkeys and biometric logins sit right at that layer.

The smartest move is usually the least dramatic one: do not wipe anything, do not close anything too early, and work out where the real control point lives before you act.

If you are using GetPassage to organise the admin after a death, it can help you keep digital-estate tasks separate from banking, probate and funeral tasks so the access-critical steps are handled in the right order.

Passage can do this for you.

A personalised plan for every step — in 2 minutes.

See my plan →
passkeysbiometric logindigital estateonline accountsbereavementaccount recoverypractical tasks

Keep reading

Related guides