We have actually covered this in some detail already on Security SE

• Storing account credentials for spouse/loved one?
• How to prepare for protecting identity after death?
• How to secure identity after someone dies?
• Is there a digital “safety deposit box” equivalent?

These posts go into detail about what you can and can't share - there may be some legal/contractual ramifications if you share logins for banking etc.

So there are some simple technical solutions (Keepass/DropBox etc) and some procedural ones (password for your master password file stored in an envelope with a solicitor or notary)

This may sound harsh, but while you may trust your brother - it is often best to avoid placing them in a position where they have the opportunity to do something malicious, as his circumstances may change in such a way that forces him to. (as an example - gets accidentally in debt to someone with organised crime links - who blackmails him into payment on threat of injury to family) - much better to trust a lawyer, who has a professional and ethical code of conduct which will (hopefully) act as an additional barrier to misconduct.

There are a number of suggestions provided in Jeff Moser's post related to this.

A Proposed Solution

Let’s borrow an ancient yet incredibly useful idea: if it’s really important to get your facts right about something, be sure to have at least two or three witnesses. This is especially true concerning matters of life and death but it also comes up when protecting really valuable things.

By the 20th century, this “two-man rule” was implemented in hardware to protect nuclear missiles from being launched by a lone rogue person without proper authorization. The main vault at Fort Knox is locked by multiple combinations such that no single person is entrusted with all of them. On the Internet, the master key for protecting the new secure domain name system (DNSSEC) is split between among 7 people from 6 different countries such that at least 5 people are needed to reconstruct it in the event of an Internet catastrophe.

If this idea is good enough for protecting nuclear weapons, the Fort Knox vault, and one of the most critical security aspects on the Internet, it’s probably good enough for your password list. Besides, it can make a somewhat uncomfortable process a little more fun.

Let’s start with a simple example. Let’s say that your master password is “1.big.BOOM@thunder.mil”. You could just write it out on a piece of paper and then use scissors to cut it up. This would work if you wanted to split it among 2 people, but it has some notable downsides:

It doesn’t work if you want redundancy (i.e. any 2 of 3 people being able to reconstruct it) Each piece would tell you something about the password and thus has value on its own. Ideally, we’d like the pieces to be worthless unless a threshold of people came together. It doesn’t really work for more complicated scenarios like requiring 5 of 7 people. Fortunately, some clever math can fix these issues and give you this ability for free. I created a program called SecretSplitter to automate all of this to hopefully make the whole process painless.

Here's the link to the SecretSplitter software he created.

You might also be interested in the Dead Man's Switch website.

You never know when you might be hit by a bus. Are you prepared for it? Maybe you want to pass on important information, notify some online acquaintances or apologize to an old friend. Enter DeadMansSwitch.org.

The service is simple. Type an email and optionally attach a few files. Every few days we will send you an email with a link that verifies you are still alive. If something does happen we will send your emails 30 days after we last heard from you. Is 30 days too long? No problem, someone close to you can use an emergency release code to dispatch the emails early.

Your emails and files are encrypted on the server using AES-256 encryption to help protect your data.

The most straightforward way ? Export all urls with the corresponding passwords, together with a short manual where applicable, to print them out and pass to your wife.
If what you said (adopting your ways of digital security not being an option), I can't see any other, more practical way of handing that stuff over.

Either put the printouts in a safe, or integrate them in your will. Obviously, putting those virtual things on paper presents you with a huge security risk.

Edit: updated my answer for future references. As suggested in the comments, there is a possibility to bypass the security risk mentioned above, by using LastPass's one-time password (OTP) service. This way, you only have to keep a single-use master password on file.

Use KeePass and store all your passwords in a KeePass file, encrypting it with a master password. KeePass encrypts the contents of the file with the master password you use.

If you need file mobility, you can put the KeePass file on DropBox (or Google Drive, etc), so that way the file is on all the machines you sync up with your favorite "web drive" tool.

Give this password to your wife, and tell her where she can find the KeePass file. Problem solved (hopefully).

The really nice thing about KeePass is that its truly cross-platform: works on Windows, Mac, Linux, iOS and Android.

UPDATE: in addition to being a file-based and "offline" solution to LastPass, KeePass also has a rich set of security and other features listed here. Here are some that stand out to me in relation to this specific question:

• Strong Security
• Multiple User Keys
• Portable and No Installation Required, Accessibility
• Export To TXT, HTML, XML and CSV Files
• Import From Many File Formats
• Support of Password Groups
• Auto-Type, Global Auto-Type Hot Key and Drag&Drop
• Intuitive and Secure Clipboard Handling
• Searching and Sorting
• Open Source!

If you are able to login to each others email accounts, that solves most of the problems because that is how most online services allow users to change passwords.

If you want to get a little more fancy and if you use gmail, there are ways to generate a list of "one-time passwords". Just print out a list of these one time passwords and give it your spouse.

For the things that really, really matter like bank accounts, there are ways for a spouse to get control of these things. Yes, it might involve a phone call or a visit and some forms might need to be filled out, but its not like the spouse will be locked out of the account.

Generally speaking, password-based authentication is messed up and will be that way for quite some time. The ultimate answer to this will be some form of very robust third party authentication (not Facebook!), that can be used to verify identity/relationships for any and all purposes. Unfortunately, we are probably a decade or more away from that.

Right now, however, I disagree that any elaborate software-based solutions are the way to go to solve this problem. The best thing you can do is to keep things simple, and make sure that each of you knows WHAT assets you own. Getting control of them is not that hard if the spouse knows what they are.

A similar problem is adressed by Cory Doctorow in Context.

I’d split the passphrase in two, and give half of it to my wife, and the other half to my parents’ lawyer in Toronto. The lawyer is out of reach of a British court order, and my wife’s half of the passphrase is useless without the lawyer’s half (and she’s out of reach of a Canadian court order). If a situation arises that demands that my lawyer get his half to my wife, he can dictate it over the phone, or encrypt it with her public key and email it to her, or just fly to London and give it to her.

As simple as this solution is, it leaves a few loose ends: first, what does my wife do to safeguard her half of the key should she perish with me? The answer is to entrust it to a second attorney in the UK (I can return the favour by sending her key to my lawyer in Toronto). Next, how do I transmit the key to the lawyer? I’ve opted for a written sheet of instructions, including the key, that I will print on my next visit to Canada and physically deliver to the lawyer.

When I'm Dead, How Will My Loved Ones Break My Passwords

Of course, if you write your password in this kind of file (or partition), you have to keep it up to date but it's not a problem: the encryption key is fixed but not the data.

While I like lastpass and use keepass at work, I think this is a perfect application for an IronKey.

1. Buy an IronKey.
2. Assign it a password that both you and your wife know.
3. Put links and passwords to web sites on the ironkey in a text file.
4. Lock it up in a fire proof safe.

This won't solve any issues you will have if you use 2-factor fobs, but you can include recover instructions in the text file.

You will derive two benifits from having a physical device;

1. Your wife will know exactly what she needs and where it is.
2. It will be slightly more secure becasue it is "offline". (And if you keep it locked up, more secure than a laptop you may carry around.)

But this is really subjective, and it depends on the best process for you and your wife. I would suggest making it as easy for her as possible while absolutly minimzing the risk of accidental or malcious disclosure.

According to Cirrus Legacy in terms of the United Kingdon (they also have a site for the USA & European Union)

UK Wills don't include digital assets. So unless you've listed the logins, passwords and membership numbers of all this stuff - your digital inheritance - somewhere accessible and sensible, your relatives can't cancel, change or transfer it after your death. Unless you want your Twitter profile haunting everyone forever, it's best to sort things out right now!

Secure your Digital Legacy effectively & save your wife alot of hassle:

http://www.cirruslegacy.com/

(I'm assuming this can be used for emergencies as well as when you pass away. Unless they have a specific clause that the information can only be passed on with presentation of a death certificate.)

There is a free account available, as well as different tiers of paid membership available