Day 2
Delete Old Accounts & Factory Wipe Old Devices
Day 2: Delete Old Accounts & Factory Wipe Old Devices
Welcome to Day 2 of my 30 day security challenge, the month long challenge I created to help you gain control of your privacy and security online. You can follow along with the security challenge via my blog at snubsie.com, where you can skip ahead or download a checklist of the challenge. Each video will also be curated into a playlist so it'll be easy to follow along from Day 1 all the way through 30.
Today we're building on the steps we took yesterday to prepare ourselves for the challenge. Specifically, we're focusing on old accounts and old devices that you no longer want.
About a year ago, I had an online account that got hacked. It was an account I'd created about 15 years ago for Skype, which I hadn't used in a few years. I forgot about it, and I hadn't changed the password since I stopped using it. Someone was able to find that old password and logged into my account. What I didn't take into account was the contacts that I had on that account. Several of them received a link from my account, that when clicked on, would potentially download malware. They thought it was from me, and I was alerted by a friend via email. Luckily, the attacker hadn't changed my very old password, so I was able to log in and change the password, add two factor authentication, and report the offending IP address (Skype tells you the location of recent logins, and this one had come from an IP in another country... or a VPN... but that's for another day.).
Today we are just going to focus on deleting those old accounts and devices so you don't fall prey to the same attack I experienced. First off, let's take care of those old devices. If you intend to sell these or even drop them off at a recycling center, it's wise to erase the contents first. Most, if not all, devices have the capability to do a factory reset, which means you erase all content on the device and set it back to it's factory settings, as if it was brand new.
Devices made by popular brands and running commonly used operating systems are pretty easy to wipe. For smartphones, a "factory restore" function can usually be found through the settings. On laptops, it may be harder to find. Internet of Things devices like your Amazon Echo or a connected Philips Hue controller might not have a screen attached to them, but you can usually remove the device from your smartphone and home network via the smartphone application, or they'll have a reset button on the back that'll require it to be pressed in for a few seconds to restart and wipe the device. For anything you're unclear about, you can easily search "How to factory wipe xxx" and you'll find step by step tutorials in your browser online.
Once you have those devices factory wiped and restored to factory settings, you can package them up to be resold or e-cycled. Any information security professional will tell you that e-cycling is safer than reselling a device, but for financials sake, you just do whatever you can afford to do.
The second step for today is to delete your old online accounts. Had I deleted my Skype account after college, it wouldn't have gotten hacked. But I had forgotten about it. Problem is in this day and age we sign up for all sorts of sites online. A lot of times you can figure out which sites you've signed up for by checking your email inbox - what site keeps sending you coupons for sales or newsletters? You've probably signed up on that site. If you don't use it anymore, or don't buy from that website anymore, consider deleting that account.
Now before you just begrudgingly click around each site you've ever visited trying to figure out how to delete an account - use JustDeleteMe instead. This site is found at JustDelete.Me and is set up to be a directory of popular websites with directions on how to delete your accounts on them. If a site is highlighted in green, that means it's relatively simple to delete your account. If it's black, that means you cannot delete your account on that site. Clicking show info shows you directions on the deleting process, and clicking on the name will take you to the websites page where you can begin the cancellation process.
If you run into a website where you forgot your username or password, try to reset it. by going through their "Forgot password" steps. By doing so, most sites will send you an email with steps on resetting your password so you can log in. If a site sends you your password over email, generally that means they are storing your credentials without any encryption, which is a HUGE no no. You definitely want to try and delete your account from that site for sure. Check out http://plaintextoffenders.com/ for other websites that store user credentials in plain text, where anyone can see them. Most sites will require you to log in to delete your account, so ensuring you still have access is a key step.
Now, mark off all of the devices you erased and accounts you deleted from your notepad, leaving just the products you still use. Your list is probably a bit shorter now, which will save time when we start working with your current accounts.
Tomorrow I'll share how you can protect your home network now that you have all your old devices removed off of it. But first, make sure to subscribe on youtube and hit up snubsie.com for the downloadable checklist and to skip ahead to on the 30 day security challenge. Again, I'm Shannon Morse and I'll see you tomorrow for day 3!
Important links: