Why You Need an Account Audit
The average internet user has hundreds of online accounts — most of which they have forgotten about. Each forgotten account represents a security risk: a password that may have been breached, personal data sitting in a company's database, and a potential account takeover vector.
A focused one-hour audit identifies what you have, secures what you keep, and deletes what you do not need.
The One-Hour Account Audit
Minutes 0-15: Find Your Accounts
Search your email for account registration notifications:
Open your primary and secondary email and search for these terms:
- "welcome to"
- "verify your email"
- "confirm your account"
- "complete your registration"
- "account created"
Each result represents a platform where you registered. Create a simple list (spreadsheet or document) with the platform name and the email address you used.
Check your password manager: If you use a password manager, review all stored accounts. This gives you the most complete picture of active accounts.
Check your browser's saved passwords: Settings > Passwords in Chrome or Firefox. These represent platforms where you logged in.
Check app store purchase history: Many apps have associated accounts. Review your app library for apps with accounts.
Minutes 15-30: Categorize and Prioritize
Organize your discovered accounts into three categories:
Keep and Secure: Accounts you actively use and want to maintain. Keep for Now: Accounts you may use again. Delete: Accounts you no longer need.
Prioritize by risk
High priority to secure: Email accounts, banking, healthcare, work accounts. Medium priority: Social media, shopping, streaming. Low priority: Old forums, defunct services, trial accounts.
Minutes 30-45: Secure Your Active Accounts
For each account in the "Keep and Secure" category:
Check and update passwords
If the password is weak, reused, or old — generate a new strong password with your password manager.
Enable 2FA
Enable two-factor authentication with an authenticator app. Save backup codes in your password manager.
Review connected apps
Each account may have third-party apps with access. Revoke access from apps you no longer use.
Check login activity
Look for unrecognized sessions in account security settings.
Minutes 45-60: Delete Unnecessary Accounts
Use justdeleteme.com to find the deletion page for each service you want to remove.
Before deleting: Download any data you want to keep. Check that there are no active subscriptions tied to the account.
For accounts that make deletion difficult: Submit a formal deletion request, citing GDPR (if you are an EU resident) or CCPA (if California resident).
Mark deleted accounts in your tracking list.
Post-Audit Habits
Going forward, maintain your account hygiene:
- Use Temp90 for all new non-essential registrations so your real email does not accumulate in new databases
- Add new important accounts to your password manager immediately
- Set a quarterly reminder to review new accounts added since the last audit
- Check haveibeenpwned.com monthly for breach notifications
Frequently Asked Questions
How do I find accounts I have completely forgotten?
Email search is the most effective method. Also check old backup files, note-taking apps, or paper notes for old account information. Social media logins through Facebook or Google reveal which sites you have connected to those accounts.
What should I do about accounts on services that no longer exist?
If the service is defunct, the account data may have been acquired by another company or may simply be abandoned. Delete what you can; for inaccessible accounts on defunct services, the practical approach is to change the password to something strong and unique and monitor for breach notifications.
Should I prioritize deleting or securing?
Secure first — accounts you keep must be protected. Delete second — removing unnecessary accounts reduces your attack surface.
Conclusion
A one-hour account audit is one of the highest-impact security activities available to most users. Finding and deleting forgotten accounts removes risk. Securing active accounts with strong passwords and 2FA prevents compromise. And establishing the Temp90 habit for future registrations prevents the accumulation of new unnecessary accounts with your real email.