Playbook
Email — Any Provider (Outlook, Proton, Yahoo, Fastmail…)
Platform claims verified July 9, 2026
What this mechanism is
Your primary email is the single most powerful account you own, because almost every other account resets through it. Whoever controls the inbox can reset passwords, receive verification codes, and take over the rest of your digital life. For your survivors that cuts both ways: with access to your email, most recovery gets dramatically easier; without it, they are locked out of the accounts that depend on it.
This card is for an email account that isn’t already covered by a dedicated playbook. If your main email is Gmail, use the Google playbook; if it’s iCloud Mail, use the Apple playbook. For everything else — Outlook / Microsoft, Proton, Yahoo, Fastmail, a work-adjacent personal address, or your own domain — this is the one.
Most non-Google, non-Apple providers do not have a purpose-built “legacy contact” tool, so the reliable plan is to escrow the master password (and a way past two-factor) into your Layer 2 vault, and to make sure the account is kept alive long enough to do the resets.
Set it up now
- Check whether your provider has any native legacy or trusted-access feature. A few do; most don’t. If yours does, set it up and record it on this card (mechanism + who you designated). If it doesn’t, rely on the vault escrow below.
- Escrow the password into your vault. Add a Layer 2 secret to this card (kind: master password) with the current email password. Update it whenever you change it. This is what lets a survivor actually sign in.
- Escrow a way past two-factor. If the account has 2FA (it should), a password alone won’t get anyone in. Save the recovery codes, or note where the authenticator/security key lives, as a second Layer 2 secret. Remember that texted 2FA codes go to your phone number — keep that alive (see the phone-carrier playbook).
- Write the executor instruction: in what order to use this, and the blunt warning that this inbox is the key to the others, so it must be secured first and not casually forwarded or deleted.
What AmberKey stores
- Layer 1 (this card): the provider, the address, whether a native feature exists, and your executor instructions. No password here.
- Layer 2 (in the encrypted vault): the email password and the two-factor bypass (recovery codes or where the authenticator lives). These live only inside your encrypted bundle, never readable by AmberKey.
What your survivors do
- Open this card and read the instructions first.
- Retrieve the password and 2FA bypass from the vault after recovery.
- Sign in. If a code is texted, it goes to the deceased’s phone number — which is why the standing rule is do not cancel the phone line yet.
- Secure the inbox: change the recovery phone/email to one the estate controls, so the account can’t be reset out from under them.
- Use the inbox to work through the other accounts’ resets in the order the packet lays out.
Required documents
To reset or access the email directly with the provider, expect to need the death certificate and proof you’re the estate representative (letters testamentary or similar). With the escrowed password and 2FA in hand, survivors usually won’t need the provider’s formal process at all — which is the point of escrowing it.
Expected timeline
With the password and 2FA escrowed: minutes. Through a provider’s formal deceased-user process (where one exists): weeks, and often only after documents are reviewed. Some providers will simply refuse and point to a court order.
Gotchas
- The phone-number dependency. Texted 2FA codes are useless if the number is dead. Keep the line active until the email (and everything downstream of it) is settled.
- A stale escrowed password locks everyone out. If you change the email password and forget to update the vault secret, your survivors have the old one. Re-export your bundle after any password change.
- Provider policies vary wildly and change. Some have a legacy tool, some have a deceased-user request, some have neither. Treat any specific menu path as a hint and confirm the current option in your provider’s account-help pages.
- Aliases and forwarding. If this address forwards to or from others, note it — survivors need to understand the whole web, not just one inbox.