Deleting Old Unused Logins

kdeemer
kdeemer
Community Member
in Lounge

I have over 1,000 logins in 1Password. They have just accumulated over they years. Most of them are ones I never use. Many of them have the same, insecure password. My emphasis until recently was simply on having someplace to help me remember passwords. Now, I'm much more concerned about security. What should I do about all of these old logins? I see my choices as

  1. Ignoring them and/or deleting the login from 1Password. In this case the account is still out there and vulnerable to hacking.
  2. Updating them to all have very secure passwords (this would take days).
  3. Actually logging in and deleting each account. This would take forever and, in many cases, doesn't seem even possible short of writing to the webmaster.

I'm thinking that for old accounts, even if they once had my credit card info, the cards would be expired and the logins can safely be ignored and deleted. As long as those sites which have current financial info have unique, strong passwords, then I should be OK.

Curious how others think about this issue.

1Password Version: 7.0.7
Extension Version: Not Provided
OS Version: 10.13.6
Sync Type: 1Password
Referrer: forum-search:deleting old logins

Comments

  • AGAlumB
    AGAlumB
    1Password Alumni

    @kdeemer: Indeed, I'd recommend not simply deleting them. I know it's a bold suggestion, given that I'm essentially giving you homework, but given your concerns about security and privacy I'd be negligent to recommend otherwise. Deleting the login in 1Password doesn't change the fact that you've got accounts out there on websites with insecure (reused, and perhaps weak and/or known) passwords. So it would be best to go to those sites and delete the accounts there before removing the login from 1Password.

    As you point out, that sounds like a lot of work, and it probably is, but it gets worse: a lot of sites don't make it easy to delete your account, and many simply offer no mechanism to do so. So in reality, in many cases, you'll need to be creative and "sanitize" the information you have there, removing personal and payment information if you can, or replacing it with nonsense. In the process, you might as well change the password too, but if you have nothing of value there it's more a matter of discretion. But it's important to consider, and I'm really glad you brought it up!

  • Jeoh
    Jeoh
    Community Member

    If they do not offer the option to delete your account: You could try to do it via GDPR Article 17 (Right to erasure): https://gdpr-info.eu/art-17-gdpr/
    Though that might be a nuclear option :-)

  • AGAlumB
    AGAlumB
    1Password Alumni

    I'm not sure how efficient a legal battle would be, but it's certainly one option. :dizzy:

This discussion has been closed.