How to Securely Hand Over Work Passwords and Accounts When Leaving a Job
A practical guide to safely transferring dozens of work account credentials to your successor when you resign, with step-by-step instructions and checklists.
How to Securely Hand Over Work Passwords and Accounts When Leaving a Job
You have put in your two weeks' notice. Now comes a problem nobody warned you about: you have dozens of work logins — admin panels, cloud consoles, company social media accounts, vendor portals, payment dashboards — and you need to hand them all over to your successor.
The temptation is to dump everything into a spreadsheet and email it over, or fire off passwords in a Messenger chat. But every one of those methods leaves credentials permanently exposed. This guide walks you through the secure way to transfer work passwords when you leave a job.
Types of Work Accounts That Need Handover
Before your last day, go through this list and make sure nothing is missed.
| Account Type | Examples | Notes |
|---|---|---|
| Admin/CMS logins | WordPress admin, internal dashboards | Transfer ownership first if possible |
| Company social media | Instagram, Facebook Page, YouTube | Disable 2FA tied to your phone |
| Cloud storage | Google Workspace, AWS console, Dropbox | Risk of data loss if overlooked |
| SaaS tools | Slack, Notion, Jira, Figma | Most support invite-based transfer |
| Vendor/partner portals | Supplier B2B sites, logistics platforms | May require formal contact change |
| Payment/billing systems | Stripe dashboard, invoicing portals | Handle with highest priority |
| Domain/hosting accounts | Domain registrars, hosting control panels | Missed handover can cause outages |
What NOT to Do
Don't email a spreadsheet of passwords
This is the most common and most dangerous approach. Email sits in inboxes indefinitely, gets backed up, and if either account is compromised, every password leaks at once.
Don't leave passwords in a shared Google Doc
A shared document with "View" access is one leaked link away from exposing all your company's credentials. And once someone makes a copy, you have lost all control.
Don't text passwords via iMessage or Messenger
Chat messages persist in both parties' history forever. Even after you leave, those credentials remain searchable in the conversation.
Don't share your personal password manager
Giving someone access to your 1Password or LastPass vault exposes your personal accounts alongside work ones. That is never acceptable.
The Secure Handover Process: 5 Steps
Step 1: Build a complete account inventory
Go through your browser's saved passwords, your password manager, bookmarks, and email for sign-up confirmations. List every work account you have access to. You will probably find more than you expected.
Step 2: Transfer ownership where possible
For accounts that support it — Google Workspace admin, Slack workspace ownership, GitHub organization roles — transfer ownership directly to your successor. Change the account email to theirs. No password sharing needed.
Step 3: Use password-protected memos for the rest
For accounts where you cannot transfer ownership (vendor portals, legacy systems, shared logins), create a password-protected memo on LOCK.PUB with the credentials.
How to do it:
- Create a separate memo for each account with the URL, username, and password
- Set the expiration to 7 days
- Send the memo link to your successor via email
- Share the memo password verbally — by phone or in person
Step 4: Change passwords after confirmation
Once your successor confirms they have accessed the memo and logged into the accounts, change the passwords together. This makes the information in the memo instantly obsolete, even before it expires.
Step 5: Revoke your own access
Finally, clean up your own access trail.
- Delete saved work passwords from your browser
- Log out of and uninstall work apps on personal devices
- Remove work accounts from your personal password manager
- Disconnect 2FA authenticator entries tied to work accounts
Handover Checklist
- Listed every work account you manage
- Transferred ownership on accounts that support it
- Created password-protected memos for remaining credentials
- Sent memo links and passwords through separate channels
- Confirmed your successor can access all accounts
- Changed passwords on all handed-over accounts
- Deleted work credentials from your browser and devices
- Disconnected 2FA for work accounts
For Employers: What to Do When an Employee Leaves
As a manager or IT admin, your responsibilities do not end when the departing employee finishes their handover.
Change shared passwords immediately
Any shared account the departing employee knew about should have its password changed on their last day. Every day you delay is a day of exposure.
Revoke SSO and OAuth access
Disable the departing employee's access across all SSO-connected services (Google, Microsoft, Okta) and revoke any OAuth tokens they authorized.
Check for personal accounts used for work
Some employees sign up for work tools with personal Gmail or iCloud accounts. Audit these and migrate them to company-owned accounts.
Audit access logs
Review access logs for critical systems during the week before and after departure. Look for unusual downloads, exports, or access patterns.
Start Your Secure Handover Today
Handing over work passwords does not have to be a security risk. With LOCK.PUB's password-protected memos, credentials are accessible only during the transition period and automatically expire afterward — no passwords lingering in email threads or chat logs.
Create your first handover memo now.
Keywords
You might also like
How to Chat Anonymously Without Installing an App
Compare the best ways to have anonymous, encrypted conversations without downloading anything or creating an account. Start a password-protected secret chat room in your browser.
How to Securely Share SSH Keys and Certificates with Your Team
SSH keys grant full server access. Learn why sharing them via Slack or email is dangerous, and how to use expiring secret memos for secure one-time key transfers.
How to Send Self-Destructing Messages: The Complete Guide
Learn every method for sending messages that automatically disappear after being read. Compare Signal, Telegram, WhatsApp, and dedicated services like LOCK.PUB to find the best option for your needs.
Create your password-protected link now
Create password-protected links, secret memos, and encrypted chats for free.
Get Started Free