Why You Need a Paper Password Keeper (And Where to Keep It)

There are two kinds of people in the world: those who have been locked out of an important account at the worst possible moment, and those who haven't yet.

If you've ever spent twenty minutes trying to access a family member's account after they were hospitalized — clicking "forgot password," hitting a phone that rings unanswered, realizing the recovery email was an old address nobody uses anymore — you understand the problem in a visceral way. If you haven't experienced this, take the experience on faith: it's genuinely terrible, and it's almost entirely preventable.

The Case for Writing It Down

The advice "never write down your passwords" was reasonable in 1998, when your password was probably taped to your monitor. It's less useful today, when the average person manages 100 or more accounts, each with different requirements, different security questions, and different recovery methods.

Password managers are excellent tools. They're the right choice for most people's day-to-day password handling — encrypted, synced across devices, far more secure than a sticky note. But password managers have a failure mode that almost nobody thinks about until it happens: if you lose access to the password manager itself (forgotten master password, device loss, account lockout, account closure), you may lose access to everything it was protecting.

A paper password keeper is a backup system, not a replacement. It's the thing that exists for the moment when the digital system fails — and for the moment when someone who doesn't share your digital life needs to manage your accounts on your behalf.

When a Paper Backup Actually Matters

Consider a few scenarios:

Your phone is lost or stolen. Your password manager is on your phone. Your backup codes were sent to an email you access on your phone. You're locked out of the email, so you can't get the backup codes, so you can't get into the password manager, so you can't get into anything. A physical password keeper, stored at home, breaks this chain.

A family medical emergency. You're in the hospital. Your spouse or adult child needs to access your banking accounts to handle bills, your health insurance portal to verify coverage, your employer's HR system to submit FMLA paperwork. They don't know your passwords. They don't know your security questions. A physical document with this information, stored somewhere they can find it, makes an already difficult situation manageable.

You die. This one is uncomfortable but true: whoever handles your estate will need access to accounts you've never thought of as "estate assets" — email, cloud storage, subscriptions, loyalty programs, financial accounts, social media. Digital estate planning exists as a field precisely because most people don't prepare for this. A paper password keeper, found with your will or in a known location, gives your family a place to start.

The Right Way to Keep a Paper Password Keeper

The concern about writing passwords down is legitimate, but it's about storage, not the act of writing. A password keeper on your desk or in an unlocked filing cabinet is a security risk. A password keeper in a locked fireproof box, or a home safe, or a bank safety deposit box with a trusted family member's name on it, is not.

The practical guidance:

  • Store it physically locked. A small combination lockbox is $20-30. This is the appropriate container.
  • Tell one trusted person where it is. The point of this document is that someone else can find it. They can't find it if no one knows where to look.
  • Don't store it digitally. Photographing it, scanning it, or keeping a copy on your computer defeats the purpose entirely. If you need the digital version, you have a password manager. This document is for when the digital version isn't accessible.
  • Update it when you change passwords for important accounts. You don't need to update it every time you change a social media password. Focus on the accounts that matter: banking, insurance, primary email, investment accounts, accounts tied to recurring payments.

What to Include

A good password keeper covers more than usernames and passwords. The fields that matter for each account:

  • Website / service name — be specific ("Chase Bank" not "bank")
  • Username or email used to log in
  • Password
  • PIN (for accounts that use PIN-based login or phone verification)
  • Security questions and answers — these are often the actual gatekeepers for account recovery
  • Recovery email — may be different from the login email
  • Phone number on the account — matters if the account uses SMS 2FA
  • Whether two-factor authentication is enabled — a checkbox that reminds you this account needs a code at login

You also want a Quick Reference page for your top accounts — the ten things you'd need access to in an emergency — so whoever is using the document can find the most important entries immediately without reading the entire log.

A Printable That's Designed for Security

The Password & Account Keeper is a 4-page printable PDF with a 24-entry account log, a Quick Reference page for your top accounts, and a security reminders checklist that covers storage guidance, update frequency, and 2FA setup. Every field you need. No fields you don't.

It's $3.99. Print it, fill it in by hand (never digitally), store it somewhere locked, and tell one person where it is.

Then don't think about it again — until the moment it matters. At which point it will matter a great deal.