Can I find a list of all accounts I've created (and delete them?)
June 19, 2022 7:59 AM   Subscribe

My password manager pops up periodically and tells me that X number of passwords have been part of a data leak or hack. When I clicked on it, I realized there are dozens of accounts I've created at some point for a one-off use (e.g., buying a spa gift certificate for someone else in another state). Is there a way to find all accounts registered to my email and delete them?

Follow-up question: is there any harm in having these accounts open? Something I used once a few years ago and haven't used since? I usually just choose "check out as guest" and never choose the "save my payment information" option, but it does seem funny to have all of these "accounts" that I don't know about.
posted by stillmoving to Computers & Internet (7 answers total) 11 users marked this as a favorite
 
Response by poster: Not sure how to edit, but will add: I use a junky password for these sort of one-off accounts, so nothing close to what I would use for banking/etc.
posted by stillmoving at 8:00 AM on June 19, 2022


If you're not reusing passwords, I would suspect the main danger is that those sites are selling your email address and whatever other information they have about you to junk mailers and spammers. Possibly deleting those accounts would reduce some of that in future, but also quite likely that horse is long gone, barn door open, etc., so I don't know how much practical good it does to close them at this point.

I don't know of any easy one-click way to close/cancel accounts en masse. For whatever it's worth, I do a quarterly-ish security check via my password manager and usually in that process I find the motivation to go close two or three old accounts. I'm probably never going to sit down and do them all at once but slowly they're getting handled, and that's sufficient for me.
posted by Stacey at 8:41 AM on June 19, 2022


Aside from searching the breaches (which is what your PM is already doing), there is no way to find all accounts under your own email, no. Some companies even create profiles for you if you don't sign up for them (ahem, Facebook).

Is it the same junky password for all of them? Don't do that. You have a password manager so use it create a new random one each time. I would search through your email for order confirmations and then try to get the companies to close those accounts. It may take a lot of effort for not much return. I had an online account with a drugstore and they said no, you have 3 accounts with us, all under the same email and phone number! It took 3 phone calls to get them to close the other two. Some places will make it easy and others not so much. If they make it hard to close and you can change your own contact info, you can always make it gibberish or fictional.
posted by soelo at 11:07 AM on June 19, 2022 [1 favorite]


Response by poster: @soelho, is it bad to use the same junk password? Or variations on that theme, eg, password1, password2, etc.?
posted by stillmoving at 2:24 PM on June 19, 2022


The thing about reusing a junky password is that it will still allow someone to access multiple accounts. Password manager makes it easy to create a unique password for each account - it should take about the same amount of time to let the password manager create and save it as it is to invent your own and save it yourself in the password manager.
posted by metahawk at 5:23 PM on June 19, 2022 [1 favorite]


One thing you can do is run a search in your email inbox for the verification emails and 'welcome' emails you received over the years from all the random merchants and other sites when you created those accounts. Search for phrases like "welcome to your account" or "your account was created" or "please verify" or "please confirm". Obviously this would only work if you never deleted those messages.

Regarding your followup question -- Any accounts that involve money, identity, or personal information (banking, investments, email accounts, mobile phone account, subscriptions, social media, etc.) should absolutely have unique, randomly-generated passwords and 2-factor authentication enabled if it's offered.

There's not much harm in re-using junk passwords for low-stakes stuff like logging into your hometown newspaper so you can read 10 free articles per month or a message board for discussing a hobby. But since you have a password manager, why not use it for everything? Let it create unique passwords for all the accounts that you can think of right now and for any new ones in the future.
posted by theory at 6:22 PM on June 19, 2022 [1 favorite]


The thing about junk passwords is that sometimes an account you think is unimportant might end up being more important than you think, or contain information that an attacker can pivot into gaining access to something more important, especially if you ever used a site with a junk password to purchase something: it's likely that someone can figure out your physical address, expiration date and last 4 digits of credit card, phone number, order history, etc., all of which is the sort of thing that can be used by malicious actors to carry out social engineering attacks or password resets on more important accounts. Or if you start using the account more regularly for more important things, will you remember to change the password to something more unique and secure?

That's one of the big reasons to get into the habit of using unique (and preferably random) passwords for each site and have them saved to your password manager, as it limits your exposure in a password breach to just what info was gathered in that breach instead of opening you up to much larger exposure.
posted by Aleyn at 9:24 PM on June 19, 2022 [2 favorites]


« Older How to plot a novel?   |   How do you count your calories? Looking for tips... Newer »
This thread is closed to new comments.