Here’s Why You Should Delete Your Old Online Accounts—Stat

More is definitely better when it comes to certain things—job offers, binge-worthy Netflix series, chocolate—but the same cannot be said about passwords. In fact, the more logins you have, the greater the security risk. Alarmingly, the average American now has a whopping 168 passwords, according to a recent survey from password-management company NordPass, and that number is up 70% compared with just three years ago.

If you can’t possibly believe you have that many passwords, let us take you on a trip down memory lane to your very first Hotmail account, the wedding site you created for the big day and your Tumblr account, for starters. While you might have forgotten about these abandoned accounts, cybercriminals have not. “Your forgotten online accounts may seem harmless, but they’re actually a big security liability,” says Wes Gyure, an executive director with IBM Security. And if you want to keep your information safe from hackers, it’s essential to get rid of them.

Ahead, we’ll walk you through what to do with your old accounts and provide some important tech tips that will protect the ones you decide to keep.

Get Reader’s Digest’s Read Up newsletter for more tech, travel, humor, cleaning and fun facts all week long.

Why does having so many logins put you at risk?

“Each one is a potential target for hackers seeking sensitive information stored within, like your credit card or bank account numbers,” says Gyure. “Even if your account doesn’t have sensitive data tied to it, it’s still a liability, as many people reuse passwords across accounts, allowing hackers to swipe the password from one and gain access to another, like your bank account.”

In fact, for the second year in a row, IBM’s Cost of a Data Breach report found that compromised credentials were the top way cybercriminals access your data. “Each of a user’s forgotten or abandoned accounts becomes a potential attack vector at compromising your personal information,” Gyure says.

Businesses are reeling from these cyberattacks as well, and if hackers break into one of their systems and get hold of your login information, all of your accounts could be compromised. The bottom line: Even if you think you’re being responsible about online safety, a company’s data breach could still put you at risk.

Which accounts have you likely forgotten about?

Sure, you probably remember that you had (and, er, may still have) an AOL or Snapfish account, but there are also the logins you used only a handful of times—maybe even just once. Yep, every time you create an account, even for a quickie appointment or vacation booking, that account stays there … forever. Here’s a partial list of accounts you’ve probably created over the years:

• Email (Hotmail, Yahoo, Outlook, Gmail, etc.)
• Social media
• School accounts and emails
• Health sites (hospitals, clinics, doctor’s offices and labs)
• Concert and theater ticket sites
• Transportation (train, bus or plane services)
• Travel sites
• Loyalty plans and rewards cards
• Online-shopping sites

How to find and delete old accounts

If you’re no longer using an account, delete it. While there’s no set time frame in which you should review your online accounts to decide if you should delete or deactivate them, try doing so at least once a year. The good news is that it’s easier than you think. Just follow these steps:

• Look for your login credentials to various online accounts on your computer’s web browser. On Chrome, click the three vertical dots at the top right of the screen, go to “Passwords and autofill” and then select “Google Password Manager” to see a list of the accounts the browser has stored for you. The process will be similar for other browsers.

• Check if any of your passwords have shown up on the dark web due to a data breach. You may see a pop-up from Chrome or Microsoft Edge that tells you which passwords you should change. If you don’t see a pop-up, that doesn’t mean there’s not a problem. To check yourself in Chrome, click the three vertical dots at the top right of the screen, go to “Passwords and autofill,” then click “Google Password Manager” and finally “Checkup.” Alternatively, go to the free (and safe) website “Have I Been Pwned?” to see if any of your passwords have been breached.

• Check your PC, Mac or mobile device’s operating system for login credentials to various accounts. Do a search for the word “password,” and you should be able to find a password manager (called “Keychain access” on a Mac) to see a list of accounts. From here, you can delete them or change the passwords if you want to keep them. You may also see installed password manager apps—such as NordPass, Dashlane, Roboform, LastPass, 1Password or Bitwarden—here.

• Log on to each site to review or change your password, or officially deactivate or delete accounts you no longer use. Make sure you’ve backed up anything you want, such as info and photos, before you do.

An important note: Don’t just uninstall apps from your phone or tablet. This removes the program from your device, but your information will still be on the service it’s linked to (such as a site like Hotels.com). You need to go through the steps above to delete your account, or it will remain on the site’s server indefinitely. FYI, you’ll also want to go through a similar process when deleting apps.

How to keep your passwords safe

A good password can make it more difficult for hackers to access your accounts. Reader‘s Digest reached out to McAfee, a leading cybersecurity company, for some tips to create a strong password and manage them all. If you decide to keep an account, follow the recommended best practices below for setting secure passwords and changing them at least every 90 days.

• Use a unique password for each account. We know—it’s more convenient to use the same password for everything or a slight variation of one password that’s easy to remember, but this also makes it easier for hackers to get into all your online accounts.

• Don’t write passwords in a notepad or keep them all in a document on your computer. These are not secure storage solutions. Instead, consider a trustworthy password-manager app for all your devices, such as NordPass, Dashlane, Roboform, LastPass, 1Password or Bitwarden. Find one you like best, and install it on multiple devices (phone, tablet, laptop and desktop) so it’ll synchronize between them all.

• Create a strong password. That means one that is at least 12 characters long, isn’t a common word or sequence of numbers, and has a combination of upper and lowercase letters, numbers and symbols. Alternatively, McAfee says a passphrase is a good idea too. Try a lyric from a song or poem (for example, “andtherocketsredglare”), or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance). Also resist using personal information that people who know you or look at your social media can guess, such as your birthday, your kids’ or pets’ names, and so on.

• Use multifactor authentication for your important online accounts, like online banking. Logging into an app or website with two-factor authentication doesn’t just require your password but also a one-time code sent by text or email to confirm it’s really you. If offered, a secondary “biometrics” option to log in—which uses a part of your body to identify you, such as your fingerprint or face scan—adds another layer of protection.

Why trust us

Reader’s Digest has published hundreds of articles on personal technology, arming readers with the knowledge to protect themselves against cybersecurity threats and internet scams as well as revealing the best tips, tricks and shortcuts for computers, cellphones, apps, texting, social media and more. For this piece on old online accounts, Marc Saltzman tapped his 30-year experience as a technology journalist, the author of several books (including Apple Vision Pro for Dummies) and the host of the syndicated Tech It Out radio show and podcast to ensure that all information is accurate and offers the best possible advice to readers. We rely on credentialed experts with personal experience and know-how as well as primary sources, including tech companies, professional organizations and academic institutions. We verify all facts and data and revisit them over time to ensure they remain accurate and up to date. Read more about our team, our contributors and our editorial policies.

Sources:

• Wes Gyure, executive director at IBM Security; email interview, Aug. 31 and Sept. 3, 2024
• NordPass: “Juggling security: How many passwords does the average person have in 2024?”
• The Wall Street Journal: “Those Online Accounts You No Longer Use? For Your Own Safety, Get Rid of Them”
• McAfee: “Everything You Need to Know to Keep Your Passwords Secure”
• IBM: “What is the True Cost of a Data Breach?”
• Morgan Lewis: “IBM/Ponemon Study Finds Average Cost of Data Breaches Continued to Rise in 2023”

RD.com, via iphone, getty images

How Can Lockdown Mode Protect You?

takasuu/Getty Images

Can iPhones Get Viruses?

Liudmila Chernetska/Getty Images

How Often You Should Reboot Your Router?