After a couple of recent scares with several online accounts I decided to take my online security more seriously. I've been using 1Password to keep track of all my online accounts, so that's where I started. Though my setup is in 1Password, you can probably recreate the same thing in other applications.

1Password makes security audits easy with filtered views for duplicated passwords and passwords that haven't been changed in a long time. These views are useful, but as I was working to update my passwords I found that the job was too unwieldy. So I decided to take a more structured approach.

Remove old accounts

There were a bunch of accounts in my vault that I don't use any more. At best those are pointless and at worst they are a security risk. Closing accounts is sometimes quick but unfortunately most sites don't give you that option.

That forces you to remove any personal identifying information from the account and change the password to an overly strong. This can take a long time depending on the site, so I decided to do this on a regular basis instead of everything at once.

To make auditing these accounts easier I did the following:

  1. Add the delete tag to all accounts set for deletion
  2. Create a new Smart Folder called "[Audit] Delete" and set it to display only items wit hthe delete tag.

Why don't I use the delete tag subitem in the sidebar? Because maybe one day my criteria for deleting accounts will change and I'll have to create a new Smart Folder anyway. This way I have all the lists I need for audits in the same place.

Update high-risk accounts

It's important to keep your passwords up to date. You never know when that password may have been leaked online, so changing things on a regular basis is a good idea. You might also find that the security requirements of the site have changed to allow for stronger passwords or even two-factor authentication. Changing older passwords regularly also serves as a security review of that site. Maybe you need to tag it for deletion or maybe the account information needs to be updated and old information removed.

If you're an active internet user you've likely accumulated hundreds of accounts across services, and given a limited time to deal with these you're better served by dealing with the highest risk accounts first. These can include shopping sites which have payment details, government services that contain potentially sensitive information, and social media accounts that have private information and are linked to other services.

Aside: As I think about it, logging-in to services with your social media accounts creates an unnecessary interdependency that weakens your online security. If somebody gets your Facebook account, they also get your Spotify. In addition, it creates a login profile which you cannot monitor with a password manager.

To make auditing these accounts easier I did the following:

  1. Tag all the so-called high-risk accounts with a highrisk tag.
  2. Create a new Smart Folder named [Audit] Change which displays login items that are tagged as highrisk and haven't been changed in over 300 days

Finally, I added the following items to my Monthly Reviews in OmniFocus:

  • Audit: 1Password Delete
  • Audit: 1Password Change
  • Audit: 1Password Duplicates

That way once a month while I'm clearing shop I'll make a dent in each of the lists, improving my online security slowly over time.

I hope this encourages you to fortify your online security and provide you with some workflow to do it.

Have a good one. Until next time.

-- Jay Blanco

Comment