Today I am going to ask you to to take a step that will reduce your attack surface online: clean up your digital clutter by identifying and closing unused accounts. Online accounts exist in what I like to call “enemy territory”. The are on hardware that you do not control, owned by companies that make very few promises to you about how they will handle your data, and as public-facing sites, are subject to far greater risk than your home computer. Accounts you no longer use represent nothing but risk.
Difficulty: Easy to intermediate
Active Time: 5-10 minutes per account
What it Protects You From: Data spillage, account takeover/impersonation/online identity theft
Close Unused Online Accounts
We can make our current accounts fairly secure and we have begun to do that by changing their passwords (more to follow later in the series). But those abandoned accounts that we don’t log into any longer – the mothballed email account, that dusty MySpace page, or a long-forgotten bulletin board profile, the e-commerce login you created for a one-time pruchase – are still vulnerable to hackers. Regardless, if we used accurate information in the account it is still out there and still at risk. In fact, these accounts may even be at greater risk since you aren’t logging in regularly, updating to stronger passwords, and monitoring them. Let’s fix that.
Much like the application audit I asked you to perform during earlier in the challenge, you should audit your online accounts.
- Identify your online accounts. There are probably accounts you don’t even remember creating. Searching your old usernames through “Know ’em” can help you identify services that have been setup using that username. It won’t tell you that they belonged to you, but they might help jog your memory.
- Login and change as much accurate information as possible. Change your name, birthday, phone number, and anything else you can change to FALSE information. If the account is compromised it will not leak any real, actionable information about your.
- Finally, close and/or delete the account. Two resources that can help you close unused accounts are Account Killer and Just Delete Me.
If you can’t close and old account, there are still some steps you can take to improve your security. First login and change all the information to false information. Your name, birthday, your hometown – everything EXCEPT your email address (we will deal with that next Tuesday. In the meantime you still want to be notified if a breach occurs or someone attempts to log into your account). If you can delete or unlink content like photos, blog posts, etc., do it. Next, secure the account with a good, strong password, and if possible, two-factor authentication.
Clean Up Your Other “Digital Clutter”
I am borrowing the term “digital clutter” from Drew over at HidingFromTheInternet.com. Drew has an excellent post on cleaning up digital clutter. In it he takes a much more comprehensive view – deleting old emails, cleaning out cloud storage, getting rid of old messages, and more. Go read it HERE.