I decided that before 2018 was out, I’d try to tackle my online presence and remove any unused accounts. I started by opening lastpass and running through the security challenge and let me tell you, it was pretty pathetic. I don’t recall my exact score but it was dismal. It took a while but I did manage to raise my score quite a bit and I learned some tips along the way.
In short: I wanted to reduce my ‘attack surface’. With all the data breaches we had in 2018 (and earlier) I knew that the best way to protect myself online was to simply remove (or sometimes change) any of my personal information that sites had. Not to pick on any site in particular let’s take groupon. I am not a user of groupon although I have / had an account. It had my personal address on it, my phone number, and other identifying information. Since I had not used groupon in quite a while, I logged on, changed my password, changed my address and phone number, and emailed customer service to delete my account.
I basically repeated this process about 100 times.
What I learned is that most sites do not have an easy way to delete accounts. You wind up having to contact customer service which is fine but does take more time than a simle click. The other thing is – how do you actually know they’ve removed your account? I know from working at a large Enterprise that customer data gets everywhere and it’s hard to truly delete it from all systems / especially backups and maybe the loose Excel spreadsheet that someone in marketing has.
Pro tip: don’t create new accounts, or if you do, use throwaway information like an email that doesn’t have any PII in the address. In other words, use something like “lastunicorn2018@gmail.com” instead of “joe.smith@gmail.com”
security without obscurity 