Password & Account Cleanup
One afternoon to wipe out years of password reuse, breached accounts, and dead subscriptions.
Track your progress in the Check app
Free · works offline · print & export
Open in Check
Set Up the Foundation
- Pick a password manager: 1Password (~$3/mo), Bitwarden (free), or Apple/Google built-in
- Create a strong, memorable master password — 4-5 random words is fine
- Save master password in two places (sealed envelope + trusted person)
- Enable biometric unlock on phone and computer
Audit What You Have
- Run breach check at haveibeenpwned.com with your email(s)
- Check Chrome/Safari/Firefox saved passwords — export and delete
- Look at last 6 months of bank statements for forgotten subscriptions
- List every email address you've ever used — each is a separate account universe
Triage High-Risk Accounts (do these first)
- Email accounts — unique strong password + 2FA via authenticator app, not SMS
- Banking and investment — unique passwords + 2FA
- Password manager itself — strongest password you have, with 2FA
- Apple ID / Google account — these unlock your whole device
- Anything with stored credit cards (Amazon, Apple, Google, retailers)
Update Everything
- For each major account: log in, generate new password via manager, save it
- Enable 2FA wherever supported — prefer authenticator app over SMS
- Save 2FA backup codes in your password manager too
Kill Dead Accounts
- Use justdeleteme.xyz to find direct delete links
- Cancel subscriptions you don't use (note exact cancel date if mid-cycle)
- Delete accounts at companies that have been breached and you don't need
- Unsubscribe from marketing emails as you go — clean inbox is a free upgrade
Email Hygiene
- Set up a 'noise' email for shopping, newsletters, signups
- Keep your real email for banking, family, employer, government
- Use email aliases (Apple Hide My Email, Gmail +tag, SimpleLogin) for new signups
Recovery & Sharing
- Set up emergency access in your password manager (trusted person)
- Document Apple Legacy Contact and Google Inactive Account Manager
- Print master credentials and store in fireproof safe
Maintain
- Monthly: review password manager's security audit
- Quarterly: rotate any password the manager flags as weak or reused
- Annually: redo this whole list
Save this checklist
Check off steps, sync across devices, print to take with you.
Open in Check