People are often reminded to “Delete old accounts”. I’ll assume that means old accounts at online services that you no longer use. This applies if you either access the service through a browser or through the service’s app. This is good advice, but not sufficient to ensure your association with the service is permanently severed. I would like to describe a more thorough process to create a permanent separation.
If you have an “old” account at some online service that you no longer want or need, it is not sufficient to just delete the service’s link (URL) and your credentials (username and password) on your client platform (either a browser or an app). You need to make sure the service has forgotten your account. By “forgotten”, I mean the online service has either deleted your account, or the service itself no longer exists.
The first thing you should do is to attempt to login to the service using known links, usernames and passwords. At this point you will either succeed in logging in, or you will fail. In this situation you are hoping to fail. If you receive any response to indicate that the service is no longer online, that is a good thing. If the service is not available at the URL you have, most likely the service itself has been deleted. If you get to the service but your credentials don’t work, most likely the operator of the service has already deleted your account.
The real challenge comes when you can still log in to your account on the service. The challenge is finding an option to delete your account somewhere on the user-interface of the service. Not all services have a delete or remove option. From my experience I’d say only about 10% of online services do. You can also search for a customer service telephone number for the service… good luck with that! The one thing an online service doesn’t want to do is lose you as an account holder.
Remember the thing you want deleted is not your record of the account’s link, username and password, but the actual account itself on the service’s website. If the service, where you have the account, should be compromised and its user credential database stolen, the “bad guy” has your credentials. The worst thing is that, if you have only deleted your credentials from your own records, you might not even remember you had an account, much less do anything like logging in to check if your service activity data is still valid.
One last point of clarification: User credential data identifies: “Who” can use the service. User activity data identifies: “Who” you are, “What” you have done, and often “How” and “When” you’ve done it. Their difference is meaningful and important.
Birkdale Computing 