PIN Lock

Add a PIN to lock your vault on this device

PIN lock not enabled

Your vault is encrypted on our servers, but a PIN adds a second layer of protection that only you hold. Without it, anyone who can log in to your account can read your vault contents. With a PIN set, only someone with both your account password and your PIN can open the vault.

Tip: Enable OS full-disk encryption

For maximum protection, enable FileVault (macOS) or BitLocker (Windows) on this device. This protects all data — including browser files — if the device is lost or stolen, and works alongside the vault's own encryption.

How your executor accesses the vault

Your executor will need up to two credentials to access the vault online:

1.Login password — your YourEstateVault account password, entered on the login screen with your email address.⚠ Do not put your password in the DMS email itself — that email is sent in plain text. Instead, record it offline: a sealed envelope with your solicitor, a shared password manager, or a written note stored with your Will. Use your Dead Man's Switch message to tell your executor where to find it, not what it is.
2.Vault PIN (only if you set one below) — a short numeric code entered after login. Like the password, record its location in your DMS message rather than the PIN value itself.

Tip: The safest approach is to store credentials with a solicitor or in a sealed envelope alongside your Will, and use the DMS notification message only to say where they are kept. The Executor Pack passphrase (for the offline HTML file) should be stored separately from the login password.

Vault PIN

Locks the vault on this device after login

Not set
Setting a PIN adds a second layer of protection. Anyone who logs in with your email and password will also need this PIN to open the vault. Record it alongside your login password so your executor can access the vault.

The PIN is hashed with SHA-256 + a random salt. No plaintext PIN is ever stored on this device.
When the PIN is enabled, all vault data is encrypted at rest using AES-256-GCM (PBKDF2, 310,000 iterations).

Last updated: 21 April 2026 — Your data is AES-256 encrypted in your browser before being transmitted to our servers.