Password Manager Review: Cleaning Up Your Digital Life
Password managers are excellent. But like any system, they accumulate dead weight over time.
Old accounts you no longer use. Duplicate entries. Weak passwords you never got around to changing. A periodic review keeps things manageable.
What to Review
Duplicate entries: Most password managers flag these. Merge or delete as appropriate.
Weak passwords: Sort by password strength. Anything rated "weak" or "poor" should be updated.
Reused passwords: The cardinal sin. If one site gets breached, every account with that password is compromised.
Old accounts: Services you no longer use. Consider deleting the accounts entirely rather than just removing them from your manager.
Compromised passwords: Most managers check against breach databases. Take these seriously.
The Audit Process
- Export a list (if your manager supports it) or work through alphabetically
- Check each entry:
- Do I still use this service?
- Is the password unique and strong?
- Is 2FA enabled where available?
- Update or delete as needed
- Check your "secure notes" - outdated information, old recovery codes
What "Strong" Actually Means
- Length: 16+ characters minimum
- Randomness: Generated, not created by you
- Uniqueness: Used for one account only
Your password manager generates these. Use that feature.
Recovery and Backup
While you're reviewing:
- Master password: Is it strong? Do you remember it?
- Recovery method: What happens if you forget your master password?
- Backup: Is your vault backed up? What if the service disappears?
- Emergency access: Can a trusted person access your accounts if needed?
How Often
Every 6 months is reasonable. More frequent if you create many new accounts.
The first review takes time. Subsequent reviews are faster once you've cleaned up the backlog.
Add it to your tasks. We'll remind you twice a year.