Random Thoughts – Randosity!

Security tip: Don’t sign-up for sites without ‘delete account’ function

Posted in data security, security by commorancy on April 2, 2012

As security of data becomes more and more important and as security breaches become more and more frequent, the ‘delete account’ link becomes very important.  So many sites today allow you to import information such as credit cards, birth dates and other sensitive information, but many times they don’t allow you to delete that information (or your account) easily.  In some cases, you can’t delete your data at all.  It’s important to understand why it’s critical to have the option to delete your account (and all data associated with it). Let’s explore.

Account Security

Few people consider account security when signing up for an internet service like Facebook, Twitter, MySpace or even Yahoo or Google.  As more and more sites become victims of security breaches, without deletion of old dormant accounts, your data is sitting out there ripe for the picking.  In some cases, these accounts may have stored credit card, social security or other potentially sensitive or revealing data.  So, when you begin that sign-up process, it’s a good idea to check the help pages on how to delete your account information before you sign up.

Old Dormant Accounts

We all have them.  We signed up for a site 4 years ago and then either never used it or used it only a few times. Don’t leave old dormant accounts sitting unattended.  Delete them.  You don’t need some random hacker gaining access to the account or, worse, obtaining the password through a break-in to that site.  If they obtain an old password, it’s possible that they may now have access to all of your accounts all over the net (assuming you happen to use a single password at all sites).

If you are using a single password, change them to all be unique.  If you can’t do this, then find the delete button on all these old accounts.  If you can’t remember what you’ve signed up for, then that’s beyond the scope of this article.  Still, deletion is the best option at avoiding unintended intrusion into other important accounts, so delete old accounts.

No Delete Function?

Two ways to handle this one.

  1. Delete all data that you can from the account, then find a random password generator and change the password to a randomly generated password.  Do not keep a copy of the password and never use it again.  Basically, you have locked the account yourself.  If someone does access the account through the web, they won’t get anything.  If they break into the site and gain access to the passwords, they will get a randomly generated password that leads them nowhere.
  2. Contact the site administrator and ask to have the account completely deleted without a trace.  Sometimes they can, sometimes they can’t.  Depends on how the site was designed.  It’s always worth asking.

New Accounts at New Sites

When signing up with new accounts, if you cannot find a way to delete the account, then contact the administrator and explain that you would join the site, but you cannot find a way to delete the account when you no longer wish to have one.  If they state that there isn’t a deletion function, explain to them that until they implement this function, you can’t use the site.. and walk way.  Note that there is nothing more important than your own personal data security and you have to be the champion of that security because no one else will.  If sites refuse to implement deletion functionality, then don’t use the site.  There is no site functionality that is more important than your data security.

No Reason for Lack of Delete Function

In fact, there is absolutely no reason, other than sheer laziness, to not implement a delete function in any internet web site.  If it can be added, it can be deleted.  It’s very simple.  I know, some developers are going to say, “Well, it’s not that easy”.   That’s a total crock.  It is that easy.  If you have developed software that is incapable of deleting user account information, then you are either seriously inept as a programmer or you simply don’t understand what you are doing.  There is no excuse at all for not adding a delete function to any site (including deletion of a user account).  To my knowledge, there is no operating system or database that does not have the ability to delete data.  Not adding this feature is just not acceptable.  Always demand this feature if you cannot find it.

Pre-existing Site Accounts

I know that some of you may have joined sites ages ago when data security breaches were less common than today.  Back then, account delete functions may not have been available.  This may have been carried forward and these sites may still not have delete functions.  Demand that the developers add this functionality.  If you are an avid user, you should always demand this functionality.  You never know when something may change that may require you to delete your account at that site… like a data breach.  Security is important and your personal ability to delete your account is your right and should not be undermined.  Again, always demand this feature from the sites you frequent if it is not present.

I challenge you to visit all of the sites you regularly use and locate the delete account function.  I’ll bet that more than 50% of the time, it’s not there.  Demand that this feature be implemented if, for nothing else, than your own personal peace of mind in case you need it.  It’s like that insurance policy you buy, this is the same.  The delete account feature is your insurance policy to prevent unauthorized access whenever you need to exercise this option.  However, you cannot delete your data if the functionality is not there, so always make sure the delete feature exists before you sign-up.

All comments are encouraged under the following rules: Comments will not be posted that contain personal attacks. Personal attacks only serve to degrade your comment, make you seem like a troll, weaken your stance and undermine your points. Please choose your words carefully. Thank you for contributing!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: