My dad did all of his banking and other business online. When he died, he left a wacky list of password hints behind for my mother to decipher. Not passwords, mind you, but cryptic hints my mom would need to decode in order to figure out the actual password. One of them, for example, was “Name of street we lived on in Bowie” plus “Prefix to our phone number in Charleston.” So putting those hints together, she might come up with “Penn612.” My mom is less than tech savvy to begin with, so having to break the enigma code before she could pay her credit card balance wasn’t a task she relished. But clunky as it was, at least he left her something to go on.

What would your family do if you died without leaving them a list of passwords? If passwords die with you, not only will your family be unable to access your email, bank accounts, etc., but your social media (including your photo manager) will become inaccessible to them. A quick check of social media policies shows that many still require the family or an authorized representative to be able to access the account in order to close it. If your family doesn’t know your passwords, you’re SOL. The account will just sit there until…what? Tumblr will flag a blog as inactive if there’s been no activity on it for a year. At that point, the URL is released for someone else to use. No word on what, exactly, happens to the content that had been parked at that URL. Flickr, on the other hand, will let untouched content sit around indefinitely without removing it or closing the user’s account.

Despite all the buzz on this topic in the past year or so, most social media and blog sites still have no policy in place allowing users to establish legacy contacts to handle their respective accounts in the event of death. As a result, it’s more the rule than the exception for a user’s account to end up in limbo. As usual, Facebook was and is ahead of the curve on this issue, having established a clear, sensible policy for designating a legacy contact and for memorializing a deceased user’s account. The legacy contact can, for example, change the departed user’s profile photo—after all, pouty fish lips may be fine on a Tuesday, but they look pretty silly as the permanent face of your memorial page. Your legacy contact can, if you so choose (ahead of time, that is), remove certain posts and accept friend requests on your behalf (presumably explaining to each of them that you’re now dead). One thing the legacy contact can’t do is post on your behalf.

So what are some best practices for avoiding situations in which your loved ones can’t access your social media and pictures? Or worse, that they can access posts and chat logs you never intended for them to see?

Cover your tracks

Better yet, just don’t do stuff that requires sneaking around. But if you do, keep in mind that you could die at any time. Years ago, a reader sent a letter to Dear Abby in which she explained that when she cleaned out her husband’s office after his sudden death, she found clear evidence that he’d been having an affair for years. The woman was devastated and admonished other readers to be less careless about keeping mementos that their families might discover under similar circumstances. If you’ve been hanging on to those steamy Facebook Messenger exchanges with your old high school boyfriend, now’s the time to hit Delete. Follow this poor lady’s advice. And in the future, use an app (like Confide or Signal) that automatically disappears your chat logs.

Become familiar with the legacy policies of your social media sites

If a site allows you to pick a legacy contact, do it. With Facebook, you don’t even have to tell the person that he or she has been selected. I’ve chosen someone, but to avoid an awkward conversation, I’ve decided not not to inform her that she’s my legacy contact (because avoiding conflict is just how I roll…hey, no one’s perfect).

Use a password manager

A password manager like LastPass securely encrypts and stores your passwords for you. All you need to remember is a single master password. It also generates and fills random, secure passwords when you need new ones. You can even apply certain rules. For example, you can specify that you want a password containing both lower case and capital letters and numbers, but no special characters. You can also decide which sites the password manager should autofill for you and which ones should require a master password re-prompt. Password managers are a great tool everyone should use for reasons of both security and convenience.

Click to download the infographic Plan Your Digital Afterlife. It summarizes the legacy policies of all the social media sites shown. (Nifty social media icons courtesy Elisa Riva/Pixabay. Infographic created by me in Adobe Illustrator, based on this fantastic tutorial by Terry White.)