When was the last time you deleted an old account?
We often use throwaway accounts and don't think much about them.
Like that time a couple of years ago when your boss created an account for you for a website so you could do that one task for them.
When they asked you to do the task and gave you your login details, was your first thought to go straight to the site's security settings page and check everything over?
If it was, then well done!
However, if you're a typical human being then the chances are it wasn't the first thing you did. You wanted to get the task done and then get back to whatever it was you were doing before. You may have had every intention of doing it "later" but as we know, later turns into tomorrow which turns into next week which turns into never.
And let's be honest, this won't just be the case for accounts that were set up on our behalf, the same thing sometimes happens with accounts we create for ourselves too, both work and personal. When was the last time you deactivated an account for a platform you no longer use? Myspace anyone?
Unfortunately, without a systematic approach, these "ghost sites" soon build up. They are created, then forgotten and before you know it you've got more than a few accounts that are not monitored or even set up with the appropriate security settings, specifically multi-factor authentication.
That's where an account security spring clean comes in.
There will be many ways to do this, but this blog post will give you a starting point so you can come up with your own system.
Let's start with identifying the accounts themselves. Hopefully they are all comfortably sitting in a password manager. Oh, they're not? Well not to worry, now is also the best time to set yourself up with a password manager too.
Gather all your accounts together, the ones in the spreadsheet you used to use, the others that are written down in the back of a notebook, and anywhere else you may have stored them, and add them to the password manager. Time to delete that spreadsheet; they're now saved in a much safer place.
Next, make a note of the accounts you use often and if you know for sure they have all the up-to-date security setting in place you can exclude them from the following steps (though it won't hurt to double check them as settings and available tools can change over time).
For the accounts that you rarely or never use (or don't even remember setting up at all), you may want to simply delete your account.
But, if not, log in and go to the account security page and the personal information page and check all the settings, particularly the following:
Are your email addresses up to date?
Are your passwords strong and unique (not used on any other accounts)?
Are the accounts storing more personal information than you need them to, such as physical address, phone numbers, date of birth? If the site doesn't need that information to function, you may want to remove it.
Don't forget that you don't have to give accurate answers to these things, unless it's a requirement by law such as a government site. Create a new birthday for yourself and use that instead of your actual one. Same for memorable names and pets etc. This stops criminals finding that information online and guessing security answers to your accounts.
Lastly, and the main reason for this blog post:
Is two-factor authentication / multi-factor authentication available and turned on? Multi factor authentication (MFA) may not have been available when the account was created but may have been introduced since then.
It only takes two minutes
I won't oversell it and tell you how fun and exciting it's going to be to check all your old accounts.
But it is an important task that very often gets forgotten, and it only takes two or three minutes at most for each account. Setting up MFA and having it enabled is the single most effective step we can take to keep our accounts secure. While no system is 100% secure, having a double-layer of security keeps out all but the most targeted attempts to gain access to your accounts.
And, you know that satisfied feeling you get after a spring clean of your house? Get ready to feel the same after a security spring clean of your accounts (except, with this, you don't have to move from the comfort of your chair!).
To be the first to receive our blog posts, sign up to our mailing list.