editione1.0.0
Updated October 9, 2023After resetting and re-saving our email account passwords into a password manager, the same needs to be done for these other accounts. I will admit that I have previously created poor, easy-to-remember passwords just to see what the service is like; only to later forget to reset the password when I started to load my data into the service. Now is a great time to reset those passwords to new, unique ones and re-save them into your password manager. Again, don’t worry too much about being able to manually type out these passwords, as your password manager can often generate and plug them in when needed.
For 2FA, you can be a bit more loose depending on the data being stored within the account, compared to how we selected the method used for your email. Some of these accounts won’t give many options, and you might be stuck with just SMS. You might also find yourself with a service that doesn’t give any option at all. This is where you need to balance out the data kept in that service with the risk it carries.
The best way to do this is to think about the data inside the account, and weigh it against it getting leaked to others, or the account being used to cause harm to others. For example, an email marketing campaign account might have limited data stored inside, mostly business names and email addresses that are already quite public. However, an attacker can use your campaign account to craft scam emails and send them to your contacts, breaking trust and causing harm. These types of accounts need to be protected with 2FA, and any second factor is better than none.
If you have accounts on your list that have sensitive data or the potential for harm, and don’t offer a two-factor option, then it is time to look for a competitor that does. A great website to find alternatives is 2FA Directory. It is an open-source, managed list of different websites that do and do not provide 2FA.
It is 2 a.m., do you know where your data is? Probably not, because even I struggle with tracking all the websites and accounts I have signed up for. You need an account to use most websites, and my password manager is starting to look as thick as a phone book.
On your list, you might have been forced to think about accounts that you have forgotten about. If you no longer use an account or social profile—delete it. Although you can’t guarantee 100% removal of your information, it is the one small action you can take to try and limit the data sprawl and information footprint you have online. If that account provider has a breach and accounts are accessed, you have done as much as you can to reduce your personal risk. A lot of us don’t have the time and energy to track down all these accounts that have been long forgotten. Heck, I forgot I even used LiveJournal until I was notified about a recent security breach. Wherever there is a time-consuming process, there is a company out there providing that process as a service. Services like DeleteMe are great for those of us who need an extra hand in finding which accounts we might still have out there, and an extra hand in getting them shut down.
This also applies for all those Software-as-a-Service (SaaS) accounts you signed up for as a free trial (to vet it for use in your business), uploaded some data to play around, and then moved onto something else. We will dive into a bit more detail around picking the right SaaS tools for your business later. For now, being conscious of the accounts you create and the data you store in them is what you need to do. If any of that data has value, it needs to be protected with a unique, long password and 2FA.