A daughter is sitting in front of her father’s MacBook three weeks after his funeral. She knows his Apple ID. She knows his password. She has the same Wi-Fi network he used. None of it matters.

The Mac is asking for a six-digit verification code that Apple is sending to a phone number that belonged to her father. That phone has been deactivated since the funeral. The code goes to a SIM card that no longer exists. Without it, she cannot log in. Without logging in, she cannot reach the iCloud account that holds the only copies of his photos from the last fifteen years of his life. Including the photos from her wedding. Including the photos from her son’s first birthday.

She calls Apple Support. The representative is sympathetic. He cannot help. Without a court order naming her as the legal representative of her father’s digital estate, Apple’s policy is to deny access. Federal law (the Stored Communications Act of 1986) makes it a criminal act for Apple to release the contents of a customer’s account to anyone without proper authorization, including a grieving daughter holding her father’s death certificate.

She is going to spend the next four months and about $1,800 in legal fees trying to get the court order. The photos may or may not still be there when she finally gets in. Apple’s data retention policies are not particularly generous about accounts that have been dormant for that long.

The document that would have prevented all of it costs less than one of the photo prints she will eventually pay to recover.

Most people’s digital footprint is now bigger than their physical one. Without the right document, federal law makes it illegal for tech companies to give a family access to any of it, even if the family knows the passwords.

What a Digital Asset Authorization Does

A Digital Asset Authorization is a RUFADAA-compliant document that grants a named fiduciary (usually an executor, successor trustee, or financial POA agent) legal authority to access, manage, or close digital accounts after death or incapacity.

RUFADAA (the Revised Uniform Fiduciary Access to Digital Assets Act) is the law every state has passed, Arizona included. It gives families a legal pathway to digital assets. The Digital Asset Authorization is the document that activates it for a specific person.

Why It Matters

Without this document, federal law (the Stored Communications Act of 1986) makes it criminal for Apple, Google, Microsoft, Meta, and similar companies to disclose the contents of an account to anyone, including a spouse, children, or named executor. Their default response is to lock everything down and require a court order to release anything.

Even with a court order, many platforms still refuse access to content (emails, photos, messages). They will provide account closure or metadata, but not the actual data the family wants.

What Is at Risk Without It

Without proper authorization, a family may permanently lose access to:

• Family photos stored in iCloud, Google Photos, Dropbox, OneDrive

• Email correspondence with sentimental, legal, or financial significance

• Investment and brokerage accounts managed online (especially online-only banks and robo-advisors)

• Cryptocurrency (irretrievable if no one has the private keys or recovery phrases)

• Subscription services that keep charging a credit card

• Loyalty rewards and frequent flyer miles (often worth thousands)

• Business accounts, websites, and domain names if the deceased ran anything online

• Social media accounts, including the ability to memorialize them properly

What the Document Specifies

A complete Digital Asset Authorization covers:

• Who has authority (the fiduciary)

• What they can access (full content, metadata only, or specific platforms)

• When authority activates (death, incapacity, or both)

• Which accounts to preserve (family photos, important emails)

• Which accounts to close (subscriptions, social media)

• Which accounts should NEVER be opened (content the grantor wants destroyed without review)

That last category is one of the most personal sections of any estate plan. Many people have correspondence, photos, journals, or business records they want erased rather than read, even by trusted family members. The Digital Asset Authorization lets the grantor specify that explicitly.

The Password Manager Question

Many people assume that giving a spouse the master password to their password manager solves this. It partially does, for daily use during their lifetime. But:

• Tech companies may still refuse access if they detect a deceased user

• Two-factor authentication often locks out anyone but the original user

• Some platforms terminate the account on death regardless of password access

• The spouse may be technically violating the Terms of Service of every platform they access without the proper authorization

A Digital Asset Authorization paired with a password manager (or written password list in the Legacy Binder) is the strongest combination.

The Cryptocurrency Problem

Cryptocurrency is uniquely vulnerable. If no one has:

• The private key

• The recovery seed phrase

• The exchange account credentials

then the crypto is gone. Permanently. Estimates suggest 20 percent or more of all Bitcoin is already irretrievable because the owners died or lost access without leaving recovery information.

Anyone holding cryptocurrency needs the Digital Asset Authorization paired with a secure record of seed phrases. Without both, the crypto might as well not exist.

Where It Lives

Like other estate planning documents, the Digital Asset Authorization belongs in the Legacy Binder. For more on the binder system, see Understanding Your Legacy Binder.

The actual passwords and account details belong in a separate secure record: a password manager, an encrypted USB, a sealed envelope in a fireproof safe. Referenced by the Digital Asset Authorization but stored separately for security.

Final Thoughts

A complete estate plan from twenty years ago did not need to address digital assets. A complete estate plan today cannot ignore them. For families with cloud-stored photos, online financial accounts, cryptocurrency, or significant subscription footprints, the Digital Asset Authorization is not optional. It is the difference between preserving a digital legacy and watching it disappear.

The daughter with her father’s MacBook eventually got the court order. Most of the photos were still there. Some were not. The seven months between the funeral and the access date were the worst stretch of her grief, partly because she could see her father’s face on the locked screen every time she opened the laptop and could not get past it. She wanted to write him a letter, even though she knew he would never read it, and she could not access the family photos to choose one to print for the frame next to her bed.

She did not need the photos to remember him. She needed them to grieve him.

That was the cost of an unsigned document.

A free 20-minute consultation is available throughout this series. If a specific situation needs to be talked through, the link below opens a calendar booking. No pitch, no pressure.

Book a free consultation →

For readers who already know the building blocks they need, the Starter Pack with add-ons can be configured directly.

Build a plan →

The next article in the series, Understanding Your Legacy Binder, arrives tomorrow morning.