March is right around the corner, and for many that means a little digital spring cleaning. This year we’re going to focus on those relics from your digital life that you don’t use and give your passwords a once-over.
Unlike physical Spring cleaning, digital Spring cleaning can help protect your identity, your finances, and any accounts you’re still using online.
#1 Check the breach status of accounts: It’s important to know how many of your accounts have been compromised in earlier data breaches, because they make you vulnerable. Hackers don’t even need to be tech-savvy at this point, they can simply check your email and password against the billions of compromised account credentials available to them, and if you’re still using an old one, they have what amounts to a skeleton key for your accounts.
The website haveibeenpwned.com is a great resource for your digital spring cleaning. The site lets you check both email addresses and passwords to see how and when they were breached.
It may be tempting to try to go to the source itself and locate the recent COMB leak, containing billions of login and password combinations, but resist the urge. You may receive malware with your enlightenment.
Google Chrome and Firefox will now alert users to compromised passwords, but in either case, they’re limited to passwords your browser autofills. The accounts from 2009 (or earlier!!!) when you were using Internet Explorer (or searching for business hours at Blockbuster Video) won’t show up there.
#2 Close zombie accounts: Just because you haven’t logged into MySpace, Friendster, or Words with Friends in over a decade doesn’t mean the personal information you provided those sites isn’t still gettable and–worse–useable by hackers. Stored passwords, personal information, security questions and more may be sitting on poorly-secured servers waiting to be breached (if they haven’t already).
Take a stroll down memory lane. Log on your old accounts, particularly ones that show up on haveibeenpwned.com, and close them out one by one.
Take note: there are services that will do this for you, but be careful: you’re swapping one third-party with your personal data for another.
#3 Update passwords and make them unique: I’ve said this before, but reusing passwords across multiple accounts is a really bad idea. Roughly two-thirds of Americans admit to doing it. Part of your digital spring cleaning should include updating the passwords on your existing accounts and setting up two-factor authentication whenever possible.
#4 Consider a password manager: Coming up with unique and memorable passwords for your accounts is cumbersome, to say nothing of the task of remembering which password goes to what streaming service, gaming platform, social network, fitness app, etc.
Password managers are not all developed equally. Be sure to vet carefully, making sure it’s well-known and well-supported. Avoid “free” services: your online security is worth more than a few dollars per month.
