Old accounts are often unmaintained and forgotten – which can be problematic when you want to “clean up” some of your digital footprint by deleting them or go back to secure them with stronger passwords/MFA.

How do you find these old accounts when your recollection isn’t enough? Fortunately, we all have some tricks up our sleeves for doing so. Some methods may be more effective for some users.

Everything you do on the internet leaves a trace, which is commonly collectively referred to as your digital footprint. Creating accounts – whether you use them or not – is a part of this digital footprint.

I probably don’t really need to explain it to you if you’re reading this, as you likely understand that there’s an account for just about everything on the internet. According to a survey conducted by NordPass in 2024, the average user has around 168 passwords to manage (which for the most part translate into accounts). Their survey also indicated this is an upward trend.

A proliferation of accounts and their subsequent management contributes to users’ “attack surface” as well, as the more accounts increases the the possible points an unauthorized user can gain access to the information connected to/stored in the account. In this use case, this is typically by breaking into the account itself, a data leak, or a data breach.

The term “attack surface” is typically used for organizations to describe the avenues for attacks, but on the topic of accounts and users, its principles apply here as well. The short story is the less accounts you have, the less “attack surface” you have as a user; though this is primarily a cybersecurity topic, it actually extends to privacy as well.

Of course, you can minimize this attack surface by following and maintaining good cybersecurity hygiene, which includes having good password management and using MFA to secure your accounts. However, note that even following these practices can’t mitigate data breaches where the service itself is compromised by a threat actor.

On the privacy front, the less accounts you create, then the less avenues for data breaches (which can leak your personal information) and the less trust you must have in third parties not to disclose personal information – including usage data, device and connection info connected to the account – to potential “adversaries.”

Unmaintained “old” accounts can be problematic, especially if you’ve forgotten about them. They can use weak/leaked passwords and any data contained in the account can be weak to credential stuffing attacks from threat actors… or the account data leaked in a data breach of the service itself. If the account is no longer desired or needed, deletion is the best course of action.

There are many ways to find accounts to delete. You probably know of the accounts you currently use – but here are some tips to find old accounts so you can delete them, hopefully reducing your digital footprint and “attack surface.”

Using a password manager is a great way to improve password management – primarily by generating and securely storing strong passwords. Regardless of your password manager – whether it is cloud-based or note, open source (which is preferable) or not, a great place to look for accounts to delete could easily begin in your current password manager vault.

Most modern browsers have a built-in “password manager” able to store website credentials. Users can search these saved logins, which may contain old/abandoned accounts, though doing so varies slightly depending on the browser. Review your browser’s help pages to access/search saved logins.

Note: Using a browser “password manager” is not recommended. Dedicated password managers provide more features, usability, and security.

iOS and macOS users: Review accounts in the “Keychain”

Apple devices (iOS and macOS) have a built-in credential manager, “Keychain.” On iOS this is the new default “Passwords” app.

If you’ve had or currently have an Apple device, there’s a high likelihood you’ve used Keychain – and it may have old accounts you no longer use stored. If you’ve ever transitioned from iOS/macOS or have transitioned to using another password manager, then this is a great place to look.

Android (and Google account users): Check the Google password manager

When users are signed into their Google accounts – especially when using Google Android or Google Chrome – the Google password manager may automatically capture and store login information for websites and apps.

As such, it may contain old accounts – especially if users have multiple Google accounts, have used Google Android, or have signed into their Google account when using Google Chrome.

If you still have access to your old(er) email accounts, searching these inboxes can provide clues to accounts you may have forgotten about – especially if you created them before using a password manager. Many of us don’t delete emails; so upon creating an account, it’s highly likely you could still have the welcome email for long forgotten accounts.

Some helpful search terms ideas include:

• “Account information”
• “Welcome to”
• “Thanks for creating”
• “Email confirmation”
• “Finish registration”

Similarly, even if the original welcome email is not in your inbox, you may also find old accounts from password reset messages, one-time passwords (OTP), or account information changes. With account information changes, many services will send “confirmation” of key account changes, such as address changes, payment changes, or email address changes.

Some helpful search strings could include:

• “Email address change”
• “Information change”
• “Notice of account change”
• “Change confirmation”
• “Reset link”
• “New password”
• “Password reset”

Data breach databases often house information exposed in data breaches and data leaks, which can include email addresses and password hashes/plaintext equivalents. Most breach databases can be easily searched – typically, users will be required to input an email address, username, or phone number to check against the database records.

Common (and reputable) breach databases include:

• Have I Been Pwned
• Dehashed
• Breach Directory
• Mozilla Monitor

Searching breach databases can be useful for uncovering old, long abandoned or “dead” accounts that may have been involved…

*** This is a Security Bloggers Network syndicated blog from Avoid The Hack! authored by Avoid The Hack!. Read the original post at: https://avoidthehack.com/delete-old-accounts