Privacy Fix: Search and Destroy Old Email Accounts
An unused email address can be a backdoor to your entire digital life
A lot of people have more than one email address, from old college accounts to long-forgotten AOL handles.
Spare email accounts can be useful for things like separating work from your personal life or filtering out spam. But if you have old email addresses that you aren’t monitoring, you may be putting your privacy and security at risk.
“Old email accounts are especially valuable for the cyber criminal because we don't go back and check them, which makes it more likely that a compromise will go unnoticed,” says Adrien Gendre, chief solution architect of Vade Secure, an email security firm. “It’s a vulnerability that a lot of people don’t realize they have.”
However, there are easy ways to stay safe.
Here’s what you need to know about the dangers posed by old email accounts, and a few simple steps you can follow to protect yourself.
The Risk
Breaking into an email account doesn’t require advanced hacking techniques. All a bad actor needs are passwords, and they can be easy to come by.
“Over the last two years, we've seen a lot of massive data breaches” that have leaked billions of usernames and passwords for a wide variety of services, Gendre says. Those credentials are for sale on illicit sites.
The bad guys know that many people make the mistake of reusing login credentials, and it's easy to use automated software to plug those passwords into other online services, hoping to stumble across a match. It's a hacking method known as “password stuffing."
The Solution
“One of the main strategies that I use to keep myself safe is to limit the number of things I need to pay attention to,” Guido says.
The best way to do that? Delete any unused account. A dormant email account is a security weakness you don’t need. In fact, finding and deleting all the old accounts you don’t use, from social media profiles to photo-sharing sites, is one of the easiest ways to protect your privacy and security.
Deleting accounts on major services like Google, Yahoo, or AOL is usually straightforward, though you may need to wade through multiple settings pages to find the kill switch. If you can’t figure out how to do it, get in touch with an administrator. Try sending a message to “admin” at your email domain name if all else fails.
If you don’t want to delete the account, take a few steps to give yourself a privacy boost. Some of the advice provided by security pros is the same you’ll hear for every online account.
“Make sure you use a unique password for each service,” Gendre says—a password manager can make that an easy project. If you're not reusing passwords, then you're not vulnerable to password stuffing.
Turning on two-factor authentication is also a critical step if it’s an option. With two-factor authentication, services will send you a verification code—via text or an app—to confirm your identity when anyone tries to access your account from an unverified location, device, or browser. That means that a password alone won't be enough to let a criminal log in.
Another strategy is to “devalue” the account to lessen the impact if something goes wrong. Guido recommends downloading all your old emails and erasing the data from the cloud. That way your personal information won’t be available to any online wrongdoers.
By the same token, you should separate old email addresses that you want to keep, but don’t check regularly, from any other services. If you’re not keeping an eye on an old inbox, you shouldn’t be using it as a backup to reset the password for other important accounts.
“These assets should be totally separate and isolated,” Guido says. “You want your digital life to be as simple as possible.”
Digital Housekeeping
Do you ever feel overwhelmed by the number of log-ins and passwords you have? On the "Consumer 101" TV show, Consumer Reports’ expert Bree Fowler explains to host Jack Rico how to find and eliminate old online accounts.
