The Digital Chores Cheatsheet is a simple, actionable guide outlining essential tasks to protect yourself from digital threats and maintain your online privacy and safety.
These one-time setup tasks are critical for establishing your digital security foundation. While they require an initial time investment, completing these tasks will significantly reduce your risk of identity theft, data breaches, and financial fraud. Start with the highest priority items and work through the list at your own pace.
Time range:
Calculating...
Expand/Collapse Row
Task
Time
Priority
Lock Your SIM Card
new
5
High
SIM-swapping attacks allow criminals to transfer your phone number to their device, intercepting your calls, texts, and two-factor authentication codes. The FBI reports millions in losses from SIM swap fraud. As of March 2025, FCC rules require carriers to verify your identity before processing SIM changes, but proactively locking your SIM adds an extra layer of protection.
Contact your carrier or log into your account to enable SIM lock / number lock:
AT&T: Account settings > Sign-in info > “Extra security” toggle
Verizon: Account settings > “Number Lock”
Set a unique account PIN or passcode with your carrier (different from your phone’s PIN).
Enable port-out protection to prevent unauthorized number transfers to other carriers.
Remove your phone number as a recovery method for critical accounts where possible – use an authenticator app or passkey instead.
A locked SIM means you’ll need to verify your identity with your carrier before making legitimate SIM changes (like upgrading your phone). This minor inconvenience prevents criminals from hijacking your phone number.
Your email, financial, cloud, and social media accounts are the keys to your digital life. A compromised email account alone can be used to reset passwords on every other service you use. Securing these accounts with the strongest available authentication – especially passkeys – dramatically reduces the risk of unauthorized access, even if your password is leaked in a breach.
Identify your critical accounts: primary email, banking and financial services, cloud storage, social media, and any work-related accounts.
Set up passkeys on every account that supports them (Google, Apple, Microsoft, Amazon, PayPal, GitHub, and more). Passkeys are phishing-resistant and the strongest option available today.
For accounts that don’t yet support passkeys, enable the strongest 2FA available. Preference order: passkeys > hardware security keys > authenticator apps > SMS (last resort only). CISA and NIST now recommend against SMS-based 2FA because it is unencrypted and vulnerable to SIM-swapping and interception. In 2025, NIST classified SMS OTP as a “restricted authenticator.”
Use your password manager to generate a unique password of at least 16 characters for each critical account.
Print and securely store 2FA backup/recovery codes in a physically secure location separate from your devices (fireproof safe or safety deposit box). Also save a copy in your password manager.
Review and update recovery options: ensure recovery email addresses and phone numbers are current, and remove any old or unused ones.
Replace security questions with random, false answers stored in your password manager – real answers are often publicly available.
Enable login alerts and notifications for new device sign-ins on every account that offers them.
Review linked third-party apps and authorized services on each account, and revoke access for anything you no longer use.
Repeat this process for any new critical accounts you create going forward.
Passkeys are the gold standard. Use them wherever available. For everything else, an authenticator app is your best bet – avoid SMS verification unless it is the only option offered.
A password manager generates and stores strong, unique passwords for every account so you never have to memorize or reuse them. Even as passkeys become the future of authentication, a password manager remains essential for managing all your credentials, passkeys, secure notes, and recovery codes in one place.
Choose a password manager: 1Password (best for most users) or Bitwarden (best open-source/budget option). Avoid LastPass, which suffered a major breach in 2022 and continued security issues through 2026.
Create a strong, unique master password – this is the only password you need to memorize. Make it long (4+ random words or 16+ characters).
Enable two-factor authentication on your password manager account.
Print your Emergency Kit or Recovery Key and store it in a physically secure location (fireproof safe or safety deposit box).
Install the browser extension and mobile app on all your devices.
Start adding your existing accounts and use the built-in password generator to replace any weak or reused passwords.
Use the password manager’s security audit or “Watchtower” feature to identify compromised or weak credentials over time.
Your master password should be long, unique, and never used for any other account. If you forget it and lose your recovery key, your vault is gone – treat both with care.
Software updates patch security vulnerabilities that attackers actively exploit. Enabling automatic updates across all your devices ensures you get these fixes as soon as they are available, without having to remember to check manually. This single setting eliminates one of the most common attack vectors.
Operating systems: Enable automatic updates on every computer, phone, and tablet you own.
Windows: Settings > Windows Update > turn on automatic updates
macOS: System Settings > General > Software Update > enable Automatic Updates
iOS/iPadOS: Settings > General > Software Update > Automatic Updates
Android: Settings > System > Software Update > enable auto-download
Browsers: Verify that Chrome, Firefox, Edge, or Safari are set to update automatically. Most do by default – just confirm you haven’t disabled it.
Apps: Enable automatic app updates in your platform’s app store (App Store, Google Play, Microsoft Store).
Smart home devices: Open each manufacturer’s app (Ring, Nest, Hue, etc.) and confirm firmware auto-updates are enabled. Check your router/gateway admin panel as well.
Restart promptly: Auto-updates often require a restart to take effect. Don’t postpone restart prompts for more than a day.
Auto-updates handle the vast majority of patching, but occasionally an app or device falls outside the auto-update system. If you notice a manual update prompt, act on it right away.
A credit freeze blocks lenders from accessing your credit report, which stops criminals from opening new accounts in your name. Combined with ongoing identity monitoring, a freeze is one of the most effective defenses against financial identity theft – and it is completely free by federal law.
Gather your information: You will need your full name, address, date of birth, Social Security number, and a government-issued ID.
For each bureau, create an account, verify your identity, request the freeze, and save the PIN or password in your password manager. You will need it to temporarily lift the freeze when applying for credit.
Freeze the lesser-known bureaus too: Innovis and the National Consumer Telecom & Utilities Exchange (NCTUE) to close additional gaps.
Set up free identity monitoring: After freezing, sign up for free credit monitoring offered directly by each bureau. Also enroll at IdentityTheft.gov to get an FTC recovery plan if anything suspicious appears.
Use breach settlement monitoring: If you have been part of a data breach settlement (Equifax, T-Mobile, etc.), claim the free credit monitoring included – it stacks with your other monitoring.
Check your credit reports annually: Visit AnnualCreditReport.com to review your reports from all three bureaus for free. Look for accounts or inquiries you don’t recognize.
A credit freeze does not affect your credit score, and you can temporarily lift it in minutes when you need to apply for credit, a job, or a rental. Keep your freeze PINs safe – they are the keys to unlocking your reports.
Your phones, tablets, and laptops hold an enormous amount of personal data. A lost or stolen device without proper security gives an attacker direct access to your accounts, photos, messages, and financial information. Modern devices ship with strong security features – you just need to make sure they are turned on.
Enable biometric unlock (fingerprint or face recognition) on every phone, tablet, and laptop, with a strong PIN or password as the backup method (at least 6 digits or an alphanumeric passphrase).
Enable device tracking and remote wipe:
iPhone/iPad: Settings > [Your Name] > Find My > Find My iPhone
Android: Settings > Google > Find My Device
Mac: System Settings > Apple Account > iCloud > Find My Mac
Windows: Settings > Privacy & Security > Find My Device
Verify that full-disk encryption is enabled. Most modern devices encrypt by default, but confirm it is active:
iOS encrypts automatically when a passcode is set.
Android devices have encrypted by default since 2019.
Windows 11 24H2 enables BitLocker by default on new installs – check Settings > Privacy & Security > Device Encryption.
Apple Silicon Macs enable FileVault by default – check System Settings > Privacy & Security > FileVault.
Record each device’s serial number (and IMEI for phones) in your password manager or Digital Emergency Plan.
Disable automatic connection to open Wi-Fi networks on all devices.
Built-in security tools are sufficient for most people – Windows Defender and macOS XProtect provide solid baseline protection without third-party antivirus. Keep automatic updates enabled so these protections stay current.
Hardware fails, ransomware encrypts, and accidents happen. A solid backup strategy is the only reliable way to recover your data when something goes wrong. The 3-2-1 rule – three copies, two different media types, one off-site – ensures no single event can destroy everything.
Understand the 3-2-1 rule: Keep 3 copies of your data (the original plus 2 backups), on 2 different types of storage media, with 1 copy stored off-site or in the cloud.
Choose your local backup: Use your operating system’s built-in tool – Time Machine on macOS, File History on Windows – with an external drive or NAS. Connect the drive and enable automatic backups.
Choose your cloud backup: Sign up for a dedicated backup service (Backblaze, iDrive) or use cloud storage you already have (iCloud, OneDrive, Google Drive). Select the folders that matter most and enable automatic sync.
Ensure encryption: Encrypt local backup drives (FileVault on Mac, BitLocker on Windows) and verify your cloud backup service encrypts data in transit and at rest.
Test a restore: After your first backup completes, restore a few files to confirm everything works. Do this at least once a year going forward.
Document your setup: Record what is backed up, where, and how to restore it. Store these notes in your password manager so your emergency contacts can find them too.
A backup you have never tested is a backup you cannot trust. Verify your restores, and review your backup coverage whenever you add a new device or change how you store important files.
Data breaches are common and your personal information may have been exposed without your knowledge. Checking for compromised accounts lets you take quick action to secure your identity before attackers can use stolen credentials.
Visit Have I Been Pwned and enter each of your email addresses to check for known breaches.
Sign up for breach notification alerts so you are emailed when your accounts appear in future breaches.
For each compromised account, change the password immediately using your password manager to generate a strong, unique replacement.
Enable two-factor authentication on every compromised account (preferably an authenticator app or passkey, not SMS).
If financial information was exposed, monitor your statements and consider a credit freeze at the three bureaus (Equifax, Experian, TransUnion).
Delete or close any breached accounts you no longer use.
Breaches are often discovered months or years after they happen. Unique passwords for every account ensure that one breach cannot cascade into many compromised accounts.
If you are hacked, incapacitated, or pass away, someone you trust needs to be able to manage your digital life. Without a plan, even well-meaning family members cannot access critical accounts, stop fraudulent activity, or preserve digital assets. A digital emergency plan bridges that gap.
Choose 2-3 trusted contacts who could act on your behalf in an emergency. Make sure each person understands their role and knows the plan exists.
Create an emergency document that includes:
A list of your important accounts (email, financial, social media, cloud storage) with usernames but not passwords
The name of your password manager and a hint for accessing it
Locations of 2FA backup/recovery codes
Contact information for your attorney, financial advisor, or other relevant professionals
A list of digital assets (domain names, crypto wallets, digital purchases) and how to access them
Device access instructions (phone PIN, laptop password) or where to find them
Where your backups are stored and how to restore from them
Encrypt and store the document securely: Keep a digital copy as an encrypted file in cloud storage and a physical copy in a fireproof safe or safety deposit box. Do not email it or store it unencrypted.
Set up emergency access in your password manager: Both 1Password and Bitwarden offer emergency access or shared vault features. Configure this with your trusted contacts so they can request access after a waiting period.
Inform your contacts: Tell each trusted person where the emergency document is stored and how to access it. Do not share passwords directly – rely on sealed envelopes or the password manager’s emergency access feature.
The goal is to balance security with accessibility. Your plan should be secure enough to prevent misuse but reachable enough that your trusted contacts can act quickly when it matters. Review and update this plan whenever you add major new accounts or experience life changes.
Every online account, social media profile, and data broker listing creates exposure that can be exploited. Old, forgotten accounts are especially vulnerable – they often have weak passwords and outdated security. Reducing your digital footprint limits your attack surface and makes it harder for criminals to piece together your identity.
Search your email for “welcome,” “verify,” or “new account” messages to find forgotten accounts, and check your password manager for old entries.
Delete accounts you no longer use. Visit JustDeleteMe for deletion instructions by service.
For accounts you cannot delete, remove personal information and replace with dummy data.
Remove your information from people-search sites (Whitepages, Spokeo, BeenVerified) by submitting opt-out requests on each site.
Consider a data broker removal service like DeleteMe or Incogni to automate opt-outs across dozens of brokers.
If you are a California resident, submit a single deletion request through the California DELETE Act DROP platform, which went live in January 2026 and covers all registered data brokers at once.
Unsubscribe from marketing emails and newsletters you no longer read.
Review and tighten privacy settings on social media accounts you keep – limit who can see your posts, friends list, and profile details.
Prioritize accounts that hold sensitive information first: financial services, healthcare portals, government sites, and anything with your SSN or payment details. Data broker removal is not one-and-done – your information reappears over time, so plan to revisit annually or use a subscription service.
Your home Wi-Fi network is the gateway to every connected device in your household. A poorly secured network lets attackers intercept your traffic, access shared files, or use your connection for malicious activity. A few key changes make a major difference.
Log into your router’s admin panel (usually at 192.168.0.1 or 192.168.1.1) and change the default admin password to a strong, unique password stored in your password manager.
Set your Wi-Fi security mode to WPA3 if your router and devices support it, or WPA2 at minimum. Never use WEP or “Open.”
Set a strong Wi-Fi password – at least 16 characters, generated by your password manager.
Check for and install any available router firmware updates.
Set up a guest network with a separate password for visitors and IoT devices, with access limited to the internet only (no local network access).
Disable remote management (sometimes called “remote administration”) so the router cannot be configured from outside your network.
For improved privacy, consider setting your router’s DNS to an encrypted DNS provider such as Cloudflare (1.1.1.1) or Quad9 (9.9.9.9).
Router firmware updates are released to fix security vulnerabilities – check for updates every few months or enable automatic updates if your router supports it.
Unwanted calls, prescreened credit offers, and spam texts are more than annoying – they are common vectors for phishing and identity theft. A few opt-out steps dramatically reduce the noise and lower your exposure to scams.
Register all of your phone numbers at DoNotCall.gov or by calling 1-888-382-1222 from each phone. Registration is permanent and takes effect within 31 days.
Opt out of prescreened credit and insurance offers at OptOutPrescreen.com or by calling 1-888-5-OPT-OUT (1-888-567-8688). Choose the permanent opt-out option for lasting results.
Activate your carrier’s built-in spam call blocking:
T-Mobile: Dial #662# or enable Scam Shield in account settings.
AT&T: Download the AT&T Call Protect app or dial *787#.
Verizon: Enable Call Filter in account settings or download the app.
Enable the built-in “Silence Unknown Callers” feature on your phone (iOS: Settings > Phone > Silence Unknown Callers; Android: Phone app > Settings > Caller ID & spam).
Report persistent violators at DoNotCall.gov and mark spam callers in your carrier’s app to improve blocking for everyone.
Shred prescreened credit offers before discarding them to prevent dumpster-diving identity theft.
These steps will not stop all unwanted contact. Charities, political organizations, surveys, and companies you already do business with are exempt from Do Not Call rules. Never share personal information with an unsolicited caller – hang up and call the organization directly using a number you trust.
These are foundational principles to integrate into your daily digital life. Unlike scheduled chores, “Always Remember” items are about cultivating a continuous state of vigilance and mindful practice to protect yourself against evolving threats and maintain good digital hygiene.
Time range:
Calculating...
Expand/Collapse Row
Task
Protect Against AI-Powered Scams
new
Never trust a voice call, video, or message solely based on how it sounds or looks – AI can now convincingly clone voices and faces. If you receive an urgent request for money or sensitive information from someone you know, hang up and call them back on a number you already have. Establish a family code word that only your inner circle knows, to verify identity during emergencies.
AI-generated voice cloning and deepfake technology have made impersonation scams dramatically more convincing. The FBI reports that criminals use AI to clone voices from just a few seconds of audio, often impersonating family members in fake emergencies. A pre-arranged family code word is the simplest and most effective defense – an AI clone cannot guess a password it was never trained on.
Treat all security alerts with urgency, but be extremely cautious about text messages and emails claiming to be security alerts. Never click links or call phone numbers provided in these messages - they are often phishing attempts. Instead, manually navigate to the official website or app of the service in question to investigate any claimed issues. Ensure legitimate alerts are enabled for all critical financial and online accounts.
Timely responses to genuine security alerts are crucial - they warn you of unauthorized access, fraudulent activity, or data breaches. However, scammers frequently impersonate security alerts via text and email to steal credentials or personal information. By always going directly to the source rather than trusting incoming messages, you can act quickly on real threats while avoiding sophisticated phishing scams.
Prioritize the installation of security updates, especially those labeled as ‘critical’ or addressing known vulnerabilities. Enable automatic updates where feasible, but remain vigilant for manual prompts if auto-updates are delayed or require intervention.
Promptly applying security updates is one of the most effective defenses against malware and cyberattacks. Attackers quickly exploit known vulnerabilities, and delaying updates leaves your devices and data exposed to unnecessary risks.
Always be skeptical of unsolicited emails, text messages, and messaging app requests – especially those urging immediate action, requesting personal information, or containing unexpected links. SMS phishing (smishing) and messaging app scams are now just as common as email phishing, and AI-generated messages are increasingly convincing and harder to detect. Verify sender identities carefully, and when in doubt, do not click or respond; instead, contact the alleged sender through a known, legitimate channel.
Email, text messages, and messaging apps are all primary channels for phishing scams, malware distribution, and social engineering attacks. AI tools now enable attackers to craft highly personalized, grammatically flawless messages at scale, making traditional red flags like poor spelling or awkward phrasing unreliable. Consistent vigilance across all communication channels is critical to protecting your accounts and personal information.
Regularly ask yourself: “Is it necessary to share this piece of personal information? What are the potential risks?” Strive to provide only the minimum information required in any interaction, whether online or offline. Before posting personal information, opinions, photos, or videos, remember that information shared online can be difficult or impossible to completely retract – treat every post as potentially public and permanent.
Every piece of personal information shared increases your digital footprint and potential exposure to identity theft, scams, or unwanted tracking. Online content can be copied, archived, and resurfaced long after you intended, affecting your reputation, privacy, and even physical safety. Practicing mindful sharing is a fundamental aspect of maintaining privacy and security.
When using AI tools (chatbots, assistants, image generators, coding copilots, etc.), never input personally identifiable information, financial details, passwords, private documents, medical information, or proprietary work data. Most AI services may use your inputs for model training unless you explicitly opt out. Before using any AI tool, review its privacy settings and data retention policies – enterprise and paid tiers often offer stronger privacy protections than free tiers.
AI companies have experienced data breaches and unintended exposure of user conversations. Some AI tools share data with third parties or use inputs in ways not immediately obvious to users. Treating every AI interaction as potentially stored and reviewable protects you from unintentional exposure of sensitive information.
Be selective about which apps you install - each new app increases your attack surface. Before installing any app, browser extension, or signing up for a new service, ask yourself if you truly need it. When you do install something, carefully review the permissions it requests and grant only those essential for its intended function. Regularly review and remove apps you no longer use.
Every app is a potential security risk and privacy concern. Fewer apps mean fewer opportunities for data breaches, malware, and privacy violations. Many apps request excessive permissions beyond what they need to function. By being selective with installations and strict with permissions, you minimize your digital footprint and reduce the risk of compromised accounts or data exposure.
For sensitive activities like banking or accessing important accounts, prefer using your mobile data connection over public Wi-Fi. If you must use public Wi-Fi, verify that websites use HTTPS and consider using encrypted DNS. A reputable VPN is one additional option for protection, but be aware it shifts trust to the VPN provider rather than eliminating risk. Avoid accessing sensitive accounts on networks you do not control whenever possible.
Public Wi-Fi networks are inherently less secure and can be monitored by malicious actors. While HTTPS protects the content of your traffic on most modern sites, metadata and DNS queries can still be exposed. Using mobile data for sensitive activities is the simplest way to avoid these risks entirely.
Restart your primary devices (phones, computers, tablets) at least once a week. This simple habit clears temporary memory, applies pending updates, resolves minor software glitches, and disrupts non-persistent malware or exploit chains that only live in volatile memory.
The NSA recommends powering phones off and on weekly as a defense against spearphishing and zero-click exploits. Many sophisticated attacks rely on code that runs only in temporary memory and cannot survive a reboot. A weekly restart is one of the simplest security habits you can adopt – it costs nothing and takes seconds.
Monthly reviews allow you to thoroughly assess your digital security and catch any issues that daily habits might miss. These tasks help you stay ahead of threats, maintain good digital hygiene, and ensure your protection measures are working effectively.
Time range:
Calculating...
Expand/Collapse Row
Task
Time
Priority
Monitor Financial Statements
20
High
Monthly statement reviews are essential for catching fraud, errors, and unauthorized charges early. The sooner you identify problems, the easier they are to resolve and the more likely you are to be fully reimbursed.
Review all bank and credit card statements for unfamiliar or unauthorized charges.
Look for small test charges (often under $5) that can precede larger fraud.
Verify all automatic payments and recurring subscriptions are correct.
Confirm deposits, payments, and refunds cleared properly.
Check for duplicate charges or billing errors.
Report any discrepancies immediately to your financial institution.
Set a specific day each month for reviews, such as the 5th, to build a consistent habit. Don’t wait for paper statements – review online as soon as they’re available.
Data breaches are frequent and can expose your personal information without your immediate knowledge. Regularly checking breach notification sites and monitoring your accounts helps you detect compromises early, allowing you to take swift action before identity theft or financial fraud occurs.
Review any breach alerts from your password manager or identity monitoring services.
Check for security incident notifications from companies you do business with.
For any breached or suspicious accounts: change the password immediately and enable two-factor authentication if not already active.
Review login activity and connected devices on critical accounts for anything unrecognized.
If financial information was exposed, monitor your credit reports and financial statements closely.
Using unique passwords for every account limits the damage when one set of credentials is exposed. Password manager monitoring features and breach notification alerts provide ongoing vigilance between manual checks.
Regularly checking online backups ensures your data is properly protected and recoverable. Backups can silently fail due to expired credentials, full storage, or configuration changes, leaving you vulnerable to data loss.
Log into your online backup service and check the last backup date and time.
Verify all important folders are included in the backup set.
Review any backup failure notifications or error logs.
Perform a test restore of a few files to confirm recoverability.
Check available storage space and ensure automatic backups are enabled.
Update backup settings or schedule if needed.
A backup is only useful if it’s current and actually working. Regular verification is crucial for data protection.
Digital clutter accumulates fast – scattered desktop files, a bloated Downloads folder, and weeks of browser tracking data. A quick monthly cleanup improves performance, protects your privacy by clearing tracking data, and keeps you organized enough to actually find things when you need them.
Clear your desktop – delete what you don’t need and file the rest into proper folders.
Empty your Downloads folder of old installers, PDFs, and temporary files.
Clear browser cache, cookies, and history (Settings > Privacy > Clear browsing data).
Empty your Trash / Recycle Bin.
Clearing cookies will sign you out of websites – make sure your password manager is ready before you start. Fifteen minutes now saves hours of frustration later.
Quarterly reviews provide an opportunity to step back and assess your overall security posture. These periodic deep-dives help you adapt to new threats, update aging systems, and ensure your security measures evolve with your changing digital needs.
Time range:
Calculating...
Expand/Collapse Row
Task
Time
Priority
Update Router & IoT Device Firmware
15
Medium
Firmware updates for your router and IoT devices patch security vulnerabilities, improve performance, and add new features. Outdated firmware can leave your entire home network exposed to attacks. Since these devices are always connected and often overlooked, keeping them updated is one of the most impactful things you can do for home network security.
Log into your router’s admin panel and check for available firmware updates; download and install if available.
Note that many modern mesh systems (eero, Google Wifi, etc.) auto-update – verify auto-update is enabled rather than checking manually.
Make a list of all IoT and smart home devices (cameras, smart speakers, thermostats, smart locks, etc.).
Check each device’s companion app or manufacturer website for firmware updates and install any that are available.
Restart devices after updating to ensure changes take effect.
Enable automatic updates on any devices that support it.
Always download firmware updates directly from the manufacturer’s official app or website. If a device is no longer receiving security updates from its manufacturer, consider replacing it.
It’s easy to sign up for services or trials and forget about them, leading to unnecessary recurring charges. Regularly reviewing your subscriptions helps you cancel those you no longer use, saving money and reducing the number of companies holding your payment information.
List your known recurring subscriptions (streaming services, software licenses, cloud storage, subscription boxes, etc.).
Check bank and credit card statements for any recurring payments you don’t recognize or have forgotten about.
For each subscription, evaluate whether you still use it and whether it provides enough value.
Cancel any subscriptions or memberships that are no longer needed.
Note renewal dates for annual subscriptions to decide whether to renew them in advance.
Some services make cancellation difficult. Be persistent. Set calendar reminders for trial period endings to avoid being charged.
Annual tasks focus on the big picture of your digital security. These comprehensive reviews ensure your long-term strategies remain effective, your documentation is current, and your digital estate planning is up to date. Schedule these during a quiet time when you can focus on thorough evaluation and planning.
Time range:
Calculating...
Expand/Collapse Row
Task
Time
Priority
Comprehensive Yearly Privacy Settings Review
60
High
Privacy settings on operating systems, applications, and online platforms change frequently, and defaults rarely prioritize user privacy. A comprehensive annual review ensures you maintain control over your personal information and aren’t unknowingly sharing more data than intended.
Review privacy dashboards for major online accounts (Google, Apple, Microsoft, etc.) – check activity controls, third-party app access, and ad personalization settings.
Audit social media privacy settings (Facebook, Instagram, X, LinkedIn, TikTok, etc.) – tighten who can see your profile, posts, and friend lists; revoke unused third-party app connections.
Review OS-level privacy settings on computers and mobile devices – check location services, app permissions, advertising identifiers, and diagnostic data sharing.
Check web browser privacy settings – review cookie handling, tracking protection, and permissions granted to websites (location, notifications, camera/microphone).
Review smart home device and IoT app privacy settings – check data collection policies, voice recording storage, and sharing options.
Audit privacy settings for streaming, gaming, and work-related platforms where you share data.
Balance privacy with functionality; some features require certain data sharing. Take screenshots of your preferred settings after review – this helps you spot unwanted changes by platforms later.
Account recovery options are your lifeline if you get locked out or an account is compromised. Your digital emergency plan ensures trusted people can manage your digital life if you’re incapacitated. If either is outdated, you risk permanently losing access to important accounts or leaving loved ones unable to act on your behalf.
For all critical accounts (email, banking, cloud storage, social media), verify that recovery email addresses and phone numbers are current and accessible.
Check that backup codes are saved securely and regenerate them if you’ve used any.
Review and update security questions – ensure answers are stored in your password manager.
Review digital legacy contact settings on accounts that offer them (Apple, Google, Facebook) and confirm designated contacts are still appropriate.
Check your password manager’s emergency access settings – verify the designated contact(s) and waiting period are correct.
Review your digital emergency plan document – update contact information for banks, credit bureaus, legal contacts, and your digital executor.
Update your digital asset inventory – add new accounts or assets acquired this year and remove any that no longer exist.
Confirm your digital executor still knows where to find the plan and how to access it.
Store your emergency plan in a secure but accessible-in-emergency location. This task covers both the recovery mechanisms within each account and the broader emergency plan – doing them together ensures nothing falls through the cracks.
Your credit report affects loan rates, insurance premiums, employment, and housing opportunities. Regular reviews help you catch errors, fraud, and identity theft early. All three major bureaus now offer free weekly credit reports permanently through AnnualCreditReport.com – take advantage of this to protect yourself.
Visit AnnualCreditReport.com and request reports from all three bureaus: Equifax, Experian, and TransUnion.
Review each report for accounts you don’t recognize or didn’t open.
Verify that personal information (name, address, employer) is correct.
Look for hard inquiries you didn’t authorize.
Check that closed accounts show as closed and balances are accurate.
Dispute any errors directly with the relevant bureau.
Save copies of all reports securely for your records.
Free weekly reports are now permanently available from all three bureaus, so you can check more often than once a year if needed. Consider spacing out full reviews quarterly for continuous monitoring.
Your digital footprint grows continuously as new information appears online. An annual audit helps you understand what’s publicly visible, remove data exposed by data brokers, and close accounts you no longer use. Proactive removal reduces your exposure to identity theft, doxxing, and unwanted solicitations.
Search for your full name, email addresses, and phone numbers on major search engines (use quotation marks for exact matches) and review what’s publicly visible.
Check major people-search and data broker sites (Whitepages, Spokeo, BeenVerified, etc.) and submit opt-out requests where your information appears.
If you’re a California resident, use the DELETE Act DROP platform – a free government tool launched in January 2026 that lets you submit a single deletion request to all registered data brokers.
Enable Global Privacy Control (GPC) in your browser – 12 US states now legally require businesses to honor this signal. Firefox, Brave, and DuckDuckGo support it natively, or install a GPC extension.
Review your public social media profiles and tighten any settings that overshare personal details.
Search your email archives and password manager for old or unused accounts, and delete or close those you no longer need (use JustDeleteMe.xyz to find deletion pages).
Consider automated data removal services (DeleteMe, Incogni) if you find extensive broker listings or lack time for manual opt-outs.
Document your findings and track opt-out requests with dates and confirmation numbers.
Data removal from broker sites is an ongoing process – your information may reappear after opt-out. Automated services can help maintain removals year-round. Be persistent and check back to verify your opt-outs have been honored.
Your physical wallet contains identity and financial documents that can be devastating if stolen. Minimizing what you carry and documenting what’s there helps prevent identity theft and speeds recovery. An annual review ensures you’re not carrying outdated cards or unnecessary sensitive information.
Empty your wallet completely and photograph the contents.
Remove anything unnecessary: Social Security card, passwords, excess credit cards, old membership cards.
Keep only essentials: driver’s license, insurance cards, 1-2 payment cards.
Photograph front and back of all remaining cards and store the photos in your password manager or encrypted storage.
Create a wallet inventory list with card numbers and issuer phone numbers, stored separately from your wallet.
Shred any old cards or documents you removed.
Never carry your Social Security card. If you need it for a specific appointment, bring it and return it to secure storage immediately. Having a pre-made inventory makes reporting lost or stolen cards much faster.
Let’s be honest – you probably didn’t do the monthly cleanup every month. That’s okay, that’s what this annual deep clean is for. A year of accumulated cloud files, old email threads, and forgotten downloads creates real problems: ballooning storage costs, slower devices, and a growing pile of personal data sitting in accounts that could be breached. This is your chance to start fresh.
Log into each cloud storage service (Google Drive, iCloud, Dropbox, OneDrive) and check usage against your plan limit. Delete old backups, duplicate files, and anything you no longer need.
Review sharing permissions on cloud files and folders – revoke access that’s no longer needed.
Archive or delete email older than 2 years. Empty your email trash and spam folders.
Review and delete old text message threads and messaging app conversations, especially any containing sensitive information.
Clean up local files: Desktop, Documents, and Downloads folders on all devices.
Empty Trash / Recycle Bin on all devices after cleanup.
Before deleting anything, make sure important data is backed up. Old messages may contain login credentials, receipts, or sentimental value – export before you delete. Think of this as spring cleaning for your digital life: if you haven’t touched it in a year, you probably don’t need it.