We started using the Internet 20 years ago and 20 years ago the landscape of online services was very different to what it is now. No Facebook, Twitter, Gmail or even Google. There was AOL, Netscape, Hotmail, then later MySpace and plenty of other services that may still exist, but that most of us don’t use anymore. Similarly, you may have bought some flowers for mother’s day on a site that you used once only. You may have tried a service when you wanted to learn how to play guitar but abandoned it a week later. Now think about all these accounts that you have created since you started using the Internet. I did a stocktake and found a little less than 100 sites in which I have created and accounts with a username and password. Do I use these 100 services regularly? Certainly not. I have not logged to some of them for more than 10 years. These old accounts pose a risk to my information security. Not only do they have personal information such as address, phone, date of birth, mother’s maiden name, secret questions…. but they also have passwords. As most of us reuse our passwords in some way, this is a not good.
The problem is that these old accounts may not be as secure as you think. Storing passwords in plain text was common practice 15 years ago, and unfortunately is still used by some companies even today. As interest in services wanes, so does the ongoing investment in securing and maintaining databases. Our information could be exposed and unprotected.
So what can you do to get rid of these old accounts? First keep track of all the places where you create an account. You can have a list somewhere, generally linked to the password hint of the service. When you have not used a service for a while, compromise and delete your account: login to the account and alter all personal information in the “account detail” section. Change your address, date of birth, phone number,… all the bits of information that can identify you. Then change the password of the service to a “dump” password. A password that you will use only for the services that you want to get rid of. Finally if the service gives you the option to delete the account, go ahead and delete it. However, be aware that some services will never delete your account even if they propose you to do so. Your username and account may be linked to other items in the database architecture that makes it too hard to delete the account. So instead of deleting your account, service providers may only deactivate it, still leaving your personal information in their databases.
With this method, you can minimise the chances of somebody getting your password or your personal information and being able to reuse them to access an account that you currently use like your bank account or your primary email account.