Every spring, many people go through a thorough cleaning of their house. They dust, vacuum, sweep, wipe down their house, and get things organized. This is all well and good, but have you ever wondered if you needed to do a thorough cleaning of your digital life? If I had to guess, most people out there don’t do a very thorough job of keeping their digital life in order. Online accounts get outdated, email gets out of hand, and your computer and devices need a once-over. Add on to that outdated and/or stale passwords and profile information, and you could easily have a big mess on your hands. Well, here’s a handy list of 10 tips to help you do a digital spring cleaning. Dedicate a bit of time to these items and you’ll soon have your digital life under control and in good order.
For your convenience, here’s the cliff notes version of the 10 tips, which link to their corresponding tip and explanation further down the page.
- Clean and Organize Your Smartphone and Computer
- Clean and Organize Email Inboxes
- Unsubscribe from Unwanted Emails
- Exercise Email Caution
- Deactivate/Delete Old Accounts
- Change Your Passwords
- Use a Password Management Service
- Take Advantage of 2-step Verification
- Update Your Social Networking Profiles
- Opt-out of Information Broker Websites
- Bonus Tip: Mask Your Email when Opting Out
1. Clean and Organize Your Smartphone and Computer
Nearly every smartphone owner downloads a bunch of apps, takes a ton of pictures along with a video here and there, and has a bevy of old text messages. All of these things take up space on the device. And while most smartphones have enough space to handle this, you could find yourself running low on available space. To alleviate this, take a few minutes and clean things up. Delete old apps that you’re no longer using, as well as old text messages and voicemails that you don’t need. Clean up your device’s screens and organize your app icons to better suit your needs.
While you’re at it, back up the photos and videos onto your desktop/laptop computer and remove old and unneeded photos from the device. You’d be surprised how much space you can free up by simply removing photos and videos. As an example, an iPhone 4S photo is 2448×3264 and has a file size around 2-3 MB. Get 100 photos on your phone and you’re up to 200-300 MB. 1000 photos? You can do the math. Pare down your device’s photo library after backing up and you’ll free up a lot of space.
And hey, while you’re at it, take some time to organize your computer. Have a bunch of random files cluttering up your desktop? Organize them into folders for better structure and easier navigation. And though it shouldn’t even need to be said, please, at the very least, back up your computer.
2. Clean and Organize Email Inboxes
If you’re like me, you might have borderline OCD tendencies and like things neat and orderly. Unfortunately, email inboxes can be difficult to keep tidy. It’s a necessary evil, but cleaning up your inbox can be very beneficial. When left unorganized, old messages stay there forever, nothing ever gets deleted (not that it needs to for certain email providers like Gmail), and nothing gets archived into folders.
Do yourself a favor: Take a few minutes (or hours, depending on how bad it is) and clean up your email inbox(es). Delete old messages, archive important ones, etc. And once you’re done, make a concerted effort to stay on top of keeping your email tidy. You’ll thank yourself. I promise.
3. Unsubscribe from Unwanted Emails
If you’re like me, you get a lot of unwanted email from companies you may or may not care to hear from. Some are account-related (and important), but most are largely unsolicited. From weekly/monthly newsletters to announcements to marketing and promotional emails, it’s truly amazing the amount of email we get that we automatically delete without a second thought.
Why not go ahead and unsubscribe from the stuff you’re sick of just deleting? It’s easy. Most every email will have an unsubscribe link provided in the email. Click it and unsubscribe (or update your communication preferences to only get emails you care about).
(Note: According to CAN-SPAM laws, companies can legally take up to 10 days to honor your opt out. But rest assured that it will work.)
4. Exercise Email Caution
While we’re on the topic of email, here’s a few quick suggestions for exercising caution when dealing with email:
- When sending email to a lot of recipients (say, your whole contact list), do your contacts a favor and add everyone in the BCC field, with your own email address as the sole “To” recipient. This masks everyone’s name and email address for their own privacy and security.
- Most companies will tell you this, but when you get an email about an account of yours that asks you to click on a link, don’t automatically trust and click it. You’d be surprised how easy it is to fake an official-looking email, including an email address that looks like it’s legit, but isn’t. If an email asks you to verify something about your account, most every time the best thing to do is log in to that account and verify on the site, rather than taking action through the email. This way, if you get a spam email that looks like it’s official, you won’t get into trouble by clicking on a bad link.
- When you are checking out at a retail store, and they ask you for your email address, don’t always just freely give it out. Sure, you can get “valuable coupons” emailed to you, but now they have your email address, and I’m willing to guess that after a few annoying promotional emails, you’ll be unsubscribing from them. (Note: The same thing goes for any other personally identifiable information they ask you for, including zip code.) Always ask why they are asking for it, and if it’s required to finish your purchase. Unless it’s verifying your zip code for a credit card purchase, it’s never, ever required.
5. Deactivate/Delete Old Accounts
This one is easy. If you have accounts with sites you are/were a member of, and you don’t want to be, consider deleting/deactivating your account. At the very least, look to see if there is a way to make your information for those accounts private – you’ll see why this is important shortly.
6. Change Your Passwords
Another necessary evil of the digital age is password management. We are all sick of remembering the plethora of accounts and passwords that we have. To help, we end up using the same, often memorable password for most/all of them. Worse, we never change them. This is bad. Very bad.
Why? As an example, if someone figures out your password for your email provider, they instantly unlock the power to access all sorts of valuable information about you. From contact lists to potentially-sensitive personal information to sending/receiving email as you, there’s a lot of harm that a hacker can do if they get access to your email account. And what do you think happens if you use the same password for your online banking? Well, if the hacker knows who you bank with (say, from your emails), they can go to that banking website and try to log in with the same password. If it is indeed the same password, open sesame, goodbye money.
While this is just an example, the results of sharing the same password on multiple accounts can quickly spiral out of control. And it doesn’t just have to be shared passwords. Any hole in your online security could crack wide open if you’re not careful. Don’t believe me? Read about technology writer Mat Honan who was hacked in epic fashion in August of 2012.
You don’t necessarily need to change all of your passwords in one sitting, either. Start with the big ones that you use all the time: email, online banking, and social networks. The more sensitive and personal the account, the more important it is to have a unique and impossibly-difficult-to-guess password.
But if you change all of your passwords, won’t it be more annoying and difficult to remember? I’m glad you asked…
7. Use a Password Management Service
Passwords can (and should) be difficult to remember, especially if you have different passwords for every account (which you should). The solution? Password management services.
There are a number of password management services out there – some have plugins for web browsers, some have desktop apps, and some have mobile apps. Heck, some have all of the above. Presently, the “big 3” password managements services are 1Password, LastPass, and mSecure. These services will save your passwords for you, and allow you to view them as you need – sometimes even filling in forms and passwords for you, where applicable.
But how can you know that your passwords in these services are secure? In short, here’s what I learned about how they work:
- You register with the service and set a master password. You must remember this master password to access your list of passwords. Why? It’s stored locally (not on a server) for security, and as such, there’s no “forgot password” option. If you forget, you’re in trouble. So make it unique and memorable, but difficult to guess.
- Once you set your master password, you add passwords for different accounts. You can either enter your own password, or let the service do it for you with its password-generator logic, which can create an impossibly difficult to hack, secure password using a formula that you can control (number of characters, letters, numbers, symbols, etc).
- To store your account passwords, these services do a great job of salting and encrypting (maybe even double-encrypting) your password. Salting? Encrypting? What are those? In short, salting is the addition of a string of characters to another value, and encrypting is an algorithm that takes that value and returns a fixed-size bit string. Essentially, it will turn a value like “myawesomepassword” into something unintelligible like “DFCD46BB7851788AD401…”. So when you add a new password, it will get salted and then encrypted. This salted and encrypted password is what is stored with the service, so no one other than you will ever see the original, raw version of your password.
- All of the encryption and decryption of these passwords are done client-side (i.e. on your device), using your master password as the key (thus why it’s imperative that you remember it). Your master password is not stored on any servers, so without the master password, decrypting these passwords is impossible.
If you want much more information about password service encryption, read up on each of the aforementioned services or check out the very informative Security Now video about LastPass security by Steve Gibson and Leo Laporte. (Note: Like the comments on the page say, scrub to the 52:45 mark of the video, as that’s where they start talking about it.)
Suffice it to say, these services are secure and safe. You hold the key to encrypting/decrypting your passwords. And if you ever want/need to, you can change your master password, if you think it may be compromised (or just to keep things fresh, which you should).
Now, that all being said, these services will cost a couple of bucks. Last I checked, the mobile apps for the “big 3” were priced as follows:
- 1Password: $17.99 (one-time cost)
- LastPass: Free (but requires a Premium LastPass Subscription of $1/month)
- mSecure: $9.99 (one-time cost)
Each service is largely the same, save for certain bells and whistles, so investigate on your own and see which one meets your needs the best.
The best piece of advice I can give for password management services is this: Don’t be afraid to spend a couple of bucks on a password manager. You’re paying for your online security, and an invaluable service that takes care of remembering your passwords for you. It’s quite possibly the best few bucks you’ll spend all year.
8. Take Advantage of 2-step Verification
Due to recent security updates, many companies and services are offering 2-step verification. When enabled, you will get sent a text message with an authorization code after logging in to an unregistered browser/device. You then enter the code into the 2nd step of the login form, and boom, that browser/device is registered as legit.
I know, you might be saying, “But this is just one more step I need to do to get into my account.” True. And this creates a minor annoyance at first. But once you register a device/browser, you won’t have to double-authenticate every time. Different services have different rules, but essentially, if the service offers a “stay signed in” option, you can rest assured that once you authenticate it, it’ll honor it for a while so you don’t need to keep doing the 2-step tango.
Additionally, most services that offer this sort of protection even offer you the ability to revoke access to one of the previously-authorized browsers/devices. This can prove to be very helpful, say, if you log in on a public computer and forget to log out. In a case like this, you can quickly revoke access to that computer from your account management settings. It’s wonderful peace of mind.
The nice thing about this solution is that if someone gets your password for a particular account, they can’t fully log in, because they won’t have the access code sent to your mobile phone. And guess what? If you get a random auth code that you didn’t initiate, that’s a warning that someone may know your password and is trying to access your account. Troubling? Yeah, but they can’t get in, because they don’t have the auth code. You can just change the password on that account, re-auth your devices, and boom, their old password will never work again and you’re in the clear.
9. Update Your Social Networking Profiles
As a general rule, never overshare unnecessary info. This can be problematic, because many social sites have their default share settings set to “public”, so if you include your phone number, address, state, email, etc, those are all now publicly available, and crawlable by search engines. If any random person finds your social profile, they could easily find out where you live, your relationship status, whether or not you have kids (along with their names and ages if you share that, too), and anything else you freely post under the guise of “being social”.
Do yourself a favor and check the privacy settings on your social network accounts. Maybe even read up on their privacy policies to make sure everything is in order. And hey, if you want to leave your whole profile open to the public, all I have to say is good luck – I sincerely hope no one takes advantage of it.
You need to be very cognizant of what you share and who it is shared with, because the unfortunate truth is that many nefarious people, as well as info broker websites, use your publicly-available information to build your profile without you knowing it.
Info broker sites? Never heard of them? Well…
10. Opt-out of Information Broker Websites
Search Google (or your search engine of choice) for your name, along with your state (e.g. John Doe Florida). You may be amazed at the number of results with your PII (personally identifiable information) that is publicly available. Many of the sites you may see are ones that you’ve never heard of before, and who truthfully have no right to be sharing your data. But technically, they do it legally, scrubbing public records and social profiles (all that extra stuff you’re oversharing) to build up your profile. Hey, if you make it publicly available online, it’s fair game.
So what can you do about it? You could sign up for a service to opt you out for you (like Safe Shepherd or Abine DeleteMe, to name a few). Some services have free options, while some have associated costs. Not a bad option if there’s a laundry list of sites you want to take care of and don’t have the time or patience to deal with on your own.
Alternatively, to save a couple bucks (which you can put towards a Password Management Service), take an afternoon (or longer, if necessary), and methodically and patiently go through the lists of information brokers to opt out of any that you don’t want to be a part of.
How do you find out how to opt out of these sites? A number of very helpful sites exist that contain lists and opt-out instructions. All you need to do is follow the instructions laid forth to opt-out of each one. As a heads up, know that some opt-out methods are easy, while others are (intentionally) difficult.
- Abine Opt-Out Guide
- Safe Shepherd Opt-Out Guides
- UnListMy.info Data Broker List
- PrivacyAlerts.org Data Broker List
- PrivacyRights.org Data Broker List
- National Do Not Call Registry (hey, I don’t want to be spammed by phone either)
(Note: If you choose to opt-out of a site that requires a copy of your driver’s license, never send a copy without first blacking out your photo and driver’s license number. I can’t vouch for the validity and trustworthiness of services that require a driver’s license as proof of identity, but if you do offer your license as proof of identity, never ever send it without blacking out these two items first.)
Bonus Tip: Mask Your Email when Opting Out
If you do choose to clean up your profiles by opting out as described above, I’d highly recommend masking your email (and even phone number) when doing so. How? Check out the free Abine MaskMe browser plugin (available for Chrome and Firefox). MaskMe allows you to create a fake (but legit) email address to use for different websites, and will forward the emails sent to the fake email to your actual email address. This protects the info broker sites from seeing your real email address, while allowing you to get the emails some sites will send you to confirm your opt-outs. Best yet, you can go to the plugin settings and block certain emails from coming through to your email, if you decide that a particular sender needs to be blocked.
Why You Need to Protect Your Online Identity
By now, you should realize that it’s very important to correctly manage your online identity and security. But if you aren’t yet convinced, take a look at this video. It’s amazing and horrifyingly accurate.
There you have it. Ten simple steps to help you with a digital spring cleaning. You can choose which steps are right and necessary for you. I will say this: not only will these items offer you a cleaner, more well-organized digital life, but it will also give you peace of mind in knowing that your devices, online accounts and identity are much more well organized and protected.
Until next time, happy coding and happy digital spring cleaning!