Paano Securely Hand Over Work Passwords and Accounts When Leaving a Job

You have put in your two weeks' notice. Now comes a problem nobody warned you about: you have dozens of work logins — admin panels, cloud consoles, company social media accounts, vendor portals, payment dashboards — and kailangan mong hand them all over to your successor.

The temptation is to dump everything into a spreadsheet and email it over, or fire off passwords in a Messenger chat. But every one of those methods leaves credentials permanently exposed. This guide walks you through the secure way to transfer work passwords when you leave a job.

Types of Work Accounts That Need Handover

Before your last day, go through this list and make sure nothing is missed.

Account Type	Examples	Notes
Admin/CMS logins	WordPress admin, internal dashboards	Transfer ownership first if possible
Company social media	Instagram, Facebook Page, YouTube	Disable 2FA tied to your phone
Cloud storage	Google Workspace, AWS console, Dropbox	Risk of data loss if overlooked
SaaS tools	Slack, Notion, Jira, Figma	Most support invite-based transfer
Vendor/partner portals	Supplier B2B sites, logistics platforms	May require formal contact change
Payment/billing systems	Stripe dashboard, invoicing portals	Handle with highest priority
Domain/hosting accounts	Domain registrars, hosting control panels	Missed handover can cause outages

Ano NOT to Do

Don't email a spreadsheet of passwords

This is the most common and most dangerous approach. Email sits in inboxes indefinitely, gets backed up, and if either account is compromised, every password leaks at once.

Don't leave passwords in a shared Google Doc

A shared document with "View" access is one leaked link away from exposing all your company's credentials. And once someone makes a copy, you have lost all control.

Don't text passwords via iMessage or Messenger

Chat messages persist in both parties' history forever. Even after you leave, those credentials remain searchable in the conversation.

Don't share your personal password manager

Giving someone access to your 1Password or LastPass vault exposes your personal accounts alongside work ones. That is never acceptable.

Ang Secure Handover Process: 5 Steps

Hakbang 1

Go through your browser's saved passwords, your password manager, bookmarks, and email for sign-up confirmations. List every work account you have access to. You will probably find more than you expected.

Hakbang 2

For accounts that support it — Google Workspace admin, Slack workspace ownership, GitHub organization roles — transfer ownership directly to your successor. Change the account email to theirs. No password sharing needed.

Hakbang 3

For accounts where maaari kangnot transfer ownership (vendor portals, legacy systems, shared logins), create a password-protected memo on LOCK.PUB with the credentials.

How to do it:

• Create a separate memo for each account with the URL, username, and password
• Set the expiration to 7 days
• Send the memo link to your successor via email
• Share the memo password verbally — by phone or in person

Hakbang 4

Once your successor confirms they have accessed the memo and logged into the accounts, change the passwords together. This makes the information in the memo instantly obsolete, even before it expires.

Hakbang 5

Finally, clean up your own access trail.

• Delete saved work passwords from your browser
• Log out of and uninstall work apps on personal devices
• Remove work accounts from your personal password manager
• Disconnect 2FA authenticator entries tied to work accounts

Handover Checklist

• Listed every work account you manage
• Transferred ownership on accounts that support it
• Created password-protected memos for remaining credentials
• Sent memo links and passwords through separate channels
• Confirmed your successor can access all accounts
• Changed passwords on all handed-over accounts
• Deleted work credentials from your browser and devices
• Disconnected 2FA for work accounts

For Employers: What to Do When an Employee Leaves

As a manager or IT admin, your responsibilities do not end when the departing employee finishes their handover.

Change shared passwords immediately

Any shared account the departing employee knew about should have its password changed on their last day. Every day you delay is a day of exposure.

Revoke SSO and OAuth access

Disable the departing employee's access across all SSO-connected services (Google, Microsoft, Okta) and revoke any OAuth tokens they authorized.

Check for personal accounts used for work

Some employees sign up for work tools with personal Gmail or iCloud accounts. Audit these and migrate them to company-owned accounts.

Audit access logs

Review access logs for critical systems during the week before and after departure. Look for unusual downloads, exports, or access patterns.

Start Your Secure Handover Today

Handing over work passwords does not have to be a security risk. With LOCK.PUB's password-protected memos, credentials are accessible only during the transition period and automatically expire afterward — no passwords lingering in email threads or chat logs.

Create your first handover memo now.

Create a Secret Memo -->