Design for this in advance.
For Web site management and similar, ideally have two administrator accounts held by different people. Or, if unavoidable, have two different people hold the administrator password. These people should be unrelated and unlikely to leave at the same time.
For personal accounts, set up the recovery addresses and other measures in case of lost passwords. Choose recovery email addresses that are unlikely to change (as far as feasible).
Obviously, passwords in a password manager, and make sure that its file is stored somewhere secure.
Cookies generally hold no information of interest, as said up-thread. They don't need to. All they need hold is a unique identifier of you, or of your session on the service, that is otherwise meaningless. The real information is stored on the service's computers; the code in the cookie is just used to look it up. Even the service won't have your password though, unless it's really badly designed. Your password isn't stored anywhere. Instead, your password is encrypted, and the result is stored. When you sign in, the password that you submit is also encrypted, and the result is compared with the stored one. So, even breaking into the system, an attacker should not be able to get your password, unless that attacker can reverse the encryption.