Now it's time to do the drudge work. You're going to go back through web site usernames, passwords, and security questions, and clean them up. There is, unfortunately, no magic tool to make this easy, or save you the click-click-click work, but we do have some tips that can help.
- First off, clean out your email inbox as best you can, or at least make a note of when you started doing password cleanup. That makes it easy to find and entirely delete the emails you'll receive when recovering passwords you can't remember, or authorizing password changes.
- If you've got an older, hardly-ever-used email address that a lot of passwords are tied to, it's time to consolidate that email address into Gmail, or use the IMAP settings in Yahoo, Hotmail, or your other preferred email client to import that old address. Otherwise, it's probably time to log in one last time, set up auto-forwarding to your newer address that you actually use, then close that account forever—it's nothing but a security liability.
- On those sites where it is possible, change over to a standard username, so you can use your new password system without having to guess at the other piece of the puzzle.
- Similarly, protect your accounts from security question hackers by changing up the answers to your security questions. The standard questions—middle names, maiden names, childhood streets and schools—can be researched and discovered—sometimes very easily—so choose your own questions, whenever possible, or use commenter Srwight's tip and answer different questions entirely, with a translation key.
Now it's up to you to go ahead and change your password on the sites where you can remember your original password, and recover your password from the others. The "Forgot password?", "Need help logging in?", and similar links are usually located under or next to the boxes for entering a username and password. Click them, grab the email or text message, log in again, and delete the email immediately after changing your password. This is crucial—you don't want anyone who somehow gets into your email knowing how you changed your password to a site, or, even worse, recovering even an old password from sites that make the dumb move of sending your password to you.
The most important sites to fix, right up front, are those where bad people could get at your personal life, your work, and your money. That means, as a short list, you should prioritize your email, banking, work-related, and primary shopping sites. Head to every site you can think of using regularly, recover your password, change it to use your new system, then delete the emails that resulted from your change.
