Livdock iconLivdock
Sign inGet started
All guides
AccountsApril 20, 2026 · 7 min read

Ghost Accounts: How to Find and Close the Online Accounts You Forgot You Had

Old accounts aren't harmless. They're a quiet tax on your security, your inbox, and your attention. Here's the weekend pass that clears them out.

livdock · accounts · ghosts
Unused · dormant · last login > 1 yearfilter

Photobucket

last login 2012 · forgot existed

14 yrClose

Old Wordpress blog

self-hosted · 0 posts since 2019

7 yrClose

Side-project signup

founder@old-domain.com · bounces

5 yrInvestigate

Ancient gaming forum

same password as 2010 email

15 yrClose

Duolingo

still using weekly

3 yrKeep

To close

21

Investigate

4

Archived

12

Most people dramatically underestimate how many online accounts they have. The real number — counting everything from major services down to a forum you joined once in 2011 — usually lands somewhere between 80 and 150. A decent portion of those are accounts you'd cheerfully close if you remembered they existed. We call them ghost accounts.

Ghost accounts aren't harmless. They're the main source of leaked credentials in data breaches. They clutter your email, your password manager, and your mental map of your own digital footprint. Cleaning them out is one of the highest-leverage things you can do in a weekend.

What ghost accounts are actually costing you

The honest accounting has three parts:

  • Security surface. The most common way accounts get compromised is credential stuffing — reused passwords from a breached service being tried on your active services. Old accounts you've forgotten about are the ones most likely to have reused, weak passwords from 2014. See the calm digital security guide for the full frame.
  • Inbox noise. Every ghost account is a silent subscriber to a newsletter, a "product update", or a re-engagement email. You don't notice one; you notice fifty.
  • Cognitive overhead. When it's time for inheritance planning or a job change, the list of "places I have accounts" becomes a legitimate project. Shorter is kinder to your future self.

How to surface the full list

The first challenge is simply finding the accounts, because by definition you don't remember most of them. A thorough sweep uses several sources, not one:

  • Password manager export. If you use one, it's already a big chunk of the list. Export the vault titles (not secrets) into a working list.
  • Email inbox search. Search your main email for the phrases welcome to, verify your email, your account has been created, confirm your signup, and we've received your registration. These five searches alone usually uncover 30–60 forgotten signups per decade of inbox.
  • Sign-in-with-Google / Apple / Facebook pages. Each of these has an admin page listing every third-party service you've used social login for. Start at your Google account's "third-party apps" page, then Apple's "sign in with Apple" list, then Facebook's. This catches a huge class of signups that don't exist in your password manager at all.
  • Browser saved-password list. Chrome, Safari, Firefox, and Edge all keep separate saved-password lists outside your password manager. Often you'll find old accounts here that were never moved into the vault.
  • Bank / card statements for digital purchases. Any "one-time" purchase from an e-commerce site, streaming rental, or niche SaaS probably created an account. Search the last 3–5 years of statements.

Put it all into one working list. Don't worry about formatting. The goal is coverage, not neatness.

The three-pile sort

Go through the list fast. Each account gets one of three labels:

  • Keep. You actively use it, or you're likely to in the next year. Move on, don't overthink.
  • Close. You haven't used it in more than a year, the data isn't sensitive, and nothing you need depends on it.
  • Investigate. Something makes you hesitate — maybe you can't remember what's in the account, or it's tied to an old email, or you want to export data before closing. Park it for a dedicated 20-minute investigate session later.

Expect the close pile to be bigger than feels reasonable. That's the whole point.

How to actually close an account

This is where most efforts stall, because every service hides the close button in a slightly different place. The pattern that works 80% of the time:

  1. Log in. If you can't remember your password, trigger a reset first. You can't close an account you can't access.
  2. Remove payment info. If there's a card on file, remove it beforeclosing. This protects you if the close flow doesn't fully take effect.
  3. Cancel subscriptions or auto-renewals. Same reason.
  4. Delete the account. Settings → Account → Delete / Close. If it's buried, search the help center for "close account" or use the site JustDelete.me, which catalogs the direct links.
  5. Save the confirmation. Forward the closure email to yourself or screenshot it. You'll occasionally need proof.

When closing isn't possible

A small number of services genuinely don't offer account deletion, or only offer it via a support request that takes weeks. For these:

  • Scramble the data. Change the name to something generic, replace the email with a burner, and change the password to something long and random that you don't record.
  • Turn off all notifications. At minimum, marketing emails.
  • Mark it "locked" in your records. It's an account that exists but is effectively sealed. You've done what you can.

Accounts tied to old email addresses

The trickiest ghosts are accounts created with email addresses you no longer control — an old work email, a university address, a defunct domain. These won't show up in your inbox searches and you can't reset their passwords.

The usual options are:

  • If you still have the old address: move its contents into your current primary, then see the email switch guide for how to re-point accounts.
  • If the address is gone: contact the service's support with proof of identity. Many will re-attach the account to a new email. Some won't. If not, the account is abandoned — not ideal, but also not catastrophic.

Document what you keep

The cleanup isn't complete until the surviving accounts are in a list you can find. This is the step most people skip, and it's the reason the ghosts come back within two or three years.

For each kept account, record:

  • Service name and URL.
  • Email used to sign up.
  • Login method (password, SSO, passkey).
  • Rough purpose ("domain registrar", "newsletter", "side project").

Don't put the passwords here — those belong in your password manager. What you're building is the inventory. A password manager plus a personal hub is the cleanest split.

The five-minute monthly habit that prevents relapse

Once you've done the deep pass, the maintenance is genuinely small. A monthly five-minute check is plenty:

  1. Search your inbox for welcome to over the last 30 days. Add any new signups to your inventory.
  2. Glance at your password manager's "not used in 6+ months" filter (most managers have one). Label new ghosts.
  3. Close the obvious ones. Investigate the rest next month.

Over a year, that's one hour. In exchange, the ghost population stays near zero — and you've quietly made your security and inheritance story considerably easier at the same time.

If you want the inventory half of this in something purpose-built, create a free Livdock account. The "accounts" item type is exactly this list — the places you log in, not the secrets you log in with.

Livdock guide

Set up in 2 minutes

What is your biggest pain right now?