The point is that lax enforcement doesn't matter to lawyers when questioning the legal basis for something. If you are going to start encouraging every lawyer to start contemplating adding passwords to wills and trusts, they start to ask a lot of questions if that is something that can even legally be put in a will or entrusted to an estate.
We don't have good legal protections for that at all. Consider that some Terms of Service agreements, sharing a password at all, no matter the reason, is itself a breach of Terms of Service. That most services may not enforce such ToS clauses today doesn't imply that they won't start enforcing them tomorrow.
(Multi-factor is another land mine mess in digital asset rights. We barely understand how biometric locks should affect things like privacy laws, let alone has anyone really started talking about how you deal with a dead relative's thumbprint or "face ID" in their absence. Passwords are at least physically transferable, a lot of MFA, especially biometrics, is not.)
They told me that they wouldn't pay for a service to securely provide passwords to heirs without the legal issues addressed first. There's a difference between "my client intended to include this bit of secret information to their heir and what the heir chooses to do with it is their responsibility" and "I'm going to encourage my client to work with me to sign up and pay for this service in order to entrust their passwords to future heirs" in terms of good old fashioned CYA [Cover Your Rear].
Which is a big part of why it needs to be a political lobby or working group: lawyers don't think anything about the ad hoc cases ("give this password to my heirs") because it is isn't their responsibility at that point other than storage and it isn't distinct from the rest of wills/trust documents. Then there is the problem that it isn't yet common enough for them to abstract it into a "class" and/or yet think to ask every client of theirs for passwords for continuity of digital estates/digital asset planning. As soon as they do start to consider the repercussions of the latter is when they do start to get antsy about their responsibilities (is it legal for every service, the answer to which is currently "no" [the discussion above], and then increasingly complicated follow ups such as can you "split an account among multiple heirs" and "what's the retail value if it needs to be auctioned" and so on and so forth). Lawyers at that point want the comfort of laws to back them up in any such responsibilities, at which time it looks necessary to start a political lobby to build digital assets rights into laws.
We don't have good legal protections for that at all. Consider that some Terms of Service agreements, sharing a password at all, no matter the reason, is itself a breach of Terms of Service. That most services may not enforce such ToS clauses today doesn't imply that they won't start enforcing them tomorrow.
(Multi-factor is another land mine mess in digital asset rights. We barely understand how biometric locks should affect things like privacy laws, let alone has anyone really started talking about how you deal with a dead relative's thumbprint or "face ID" in their absence. Passwords are at least physically transferable, a lot of MFA, especially biometrics, is not.)