Many recommend doing a spring cleaning of one’s passwords: make sure they’re not leaked, secure enough, and still relevant.

While generally being a good advice, it might be overwhelming for people like me with 300+ passwords in their vault.

That’s why, starting today, every day is a spring cleaning for me. Set a timer for 10–20 minutes and monitor as many accounts as you can!

My checklist includes, but is not limited to:

• do I still need this account?
• does it have a long enough (yet not too long) password with various symbols?
• does the provider support 2FA and if yes, is it enabled?
• does the account use my own (not Google’s) email?
• does the account (for some reason) store too much data on me
• are all the URLs up-to-date?


I’ve already been sifting through some stuff in March and April this year, and I was able to reduce my entry count from 400+ to “just” 350! It’s insane how many useless accounts one might have. GDPR is certainly a saviour here — even if you don’t live in Europe, many sites are obliged to implement the corresponding mechanisms for those who do!

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.