A comprehensive, step-by-step walkthrough to evaluate your entire digital presence — from forgotten accounts to privacy exposure.
What Is a Digital Audit?
A digital audit is a systematic review of your entire online presence. Think of it as a health checkup for your digital life. Just as you would visit a doctor to understand the state of your physical health, a digital audit helps you understand where your online accounts, personal data, and professional presence stand — and where they may be vulnerable.
Over time, most people accumulate dozens or even hundreds of online accounts, many of which are forgotten or abandoned. Each one represents a potential entry point for someone with malicious intent. A digital audit brings visibility to this sprawl and gives you the information you need to take meaningful action.
This guide walks you through six structured steps. You do not need to complete everything in a single sitting. Bookmark this page and return to it as you work through each section at your own pace.
Preparing for Your Audit
Before diving in, gather the tools and information you will need. A little preparation up front will make the process smoother and more thorough.
Preparing for Your Audit
Set aside 30 to 60 minutes of uninterrupted time Beginner
A thorough audit requires focus. Block out time on your calendar and treat it like an important appointment. You do not need to finish everything in one sitting, but uninterrupted focus helps you stay organized. Beginner
Have access to your primary email accounts (check all of them) Beginner
Your email inboxes are the best source for discovering forgotten accounts. Make sure you can log into every email address you have ever used, including old ones from school or previous jobs. Beginner
Open your web browser and ensure you can access your saved passwords or password manager Beginner
Your browser or password manager stores a record of accounts you have created. This is one of the fastest ways to build your account inventory. Beginner
Keep a notebook or spreadsheet handy to record findings Beginner
Tracking your discoveries as you go prevents you from losing important details. A simple spreadsheet with columns for account name, email used, password status, and action needed works well. Beginner
Have your phone nearby for checking mobile apps and authentication codes Beginner
Many accounts are tied to mobile apps, and you may need your phone for two-factor authentication codes during the review process. Beginner
Close unnecessary browser tabs to help you focus Beginner
Reducing distractions helps you work more efficiently. A clean browser workspace also makes it easier to keep track of the accounts you are reviewing. Beginner
As you work through each step, write down anything that concerns you or requires follow-up action. At the end, you will compile these notes into a concrete action plan.
Step 1: Inventory Your Accounts
The foundation of any digital audit is knowing what accounts you have. Most people significantly underestimate the number of online accounts linked to their identity. Research suggests the average person has well over 100 accounts, yet can only recall a fraction of them from memory.
Finding Your Accounts
Use these strategies to build a comprehensive account inventory:
Search your email — Look for common subject lines like "Welcome to," "Verify your email," "Your account," and "Thank you for registering." Go back as far as possible in your inbox history.
Check your password manager — If you use one, export or review the full list of saved credentials. If you rely on your browser's built-in password storage, check that as well.
Review your phone — Go through every app on your mobile devices. Each app likely has an associated account.
Check social login connections — Visit the security settings for Google, Facebook, Apple, and any other accounts you use for "Sign in with..." and review which third-party apps have access.
Search for your name — Use a search engine to look up your name, email addresses, and usernames. You may find accounts you forgot about.
As you discover accounts, sort them into categories to help prioritize later steps:
These are your highest-priority accounts because they have direct monetary risk. List every bank, brokerage, payment app, and crypto wallet you use. These should receive the strongest security measures, including unique passwords and multi-factor authentication. Beginner
Email accounts (primary, secondary, old or abandoned) Beginner
Email accounts are often the master key to your digital life since most password resets go through email. Include every email address you have ever used, even old ones. Abandoned email accounts are a common attack vector. Beginner
Social media accounts (active and inactive profiles) Beginner
Include every social platform where you have ever created a profile. Inactive profiles can still expose personal information and may be targeted for impersonation. Review your privacy settings on each. Beginner
Shopping and retail accounts (online stores, subscriptions, loyalty programs) Beginner
These accounts often store payment information and shipping addresses. Even if you rarely use a store, your saved payment details may still be on file. Beginner
Work and professional accounts (employer tools, freelance platforms, professional networks) Intermediate
Professional accounts can impact your career and reputation. Include tools your employer provides, freelance marketplaces, and platforms like LinkedIn. See our LinkedIn optimization guide for more. Intermediate
Health and government accounts (patient portals, tax services, government benefits) Intermediate
These accounts contain highly sensitive personal information including medical records, national ID numbers, and tax data. They require especially strong security because the data they hold can be used for identity theft. Intermediate
Entertainment accounts (streaming, gaming, forums, communities) Beginner
Streaming services, gaming platforms, and forum accounts may seem low-risk but often contain payment information and personal details. Gaming accounts in particular can have significant monetary value. Beginner
Utilities and services (phone, internet, cloud storage, domain registrars) Intermediate
These accounts control essential services and may contain sensitive data. Cloud storage accounts are especially important since they may hold personal documents, photos, and backups. Intermediate
Step 2: Review Security Settings
Now that you know what accounts you have, evaluate the security measures protecting each one. Start with your highest-priority accounts — financial, email, and any account that could be used to reset passwords on other services.
For Each Important Account, Check:
Is the password unique to this account? Beginner
Check that this password is not reused on any other site. Reusing passwords means one breach can compromise all accounts sharing that password. A password manager makes unique passwords effortless. Beginner
Is the password strong and unpredictable? Beginner
A strong password is at least 12 characters long and does not use personal information (names, birthdays, pet names). Avoid common patterns like "Password123!" — use a password manager to generate truly random passwords. See our password checker. Beginner
Is multi-factor authentication (MFA) enabled? Intermediate
MFA adds a second verification step beyond your password — typically a code from an app or a hardware key. Enable it on every account that supports it, starting with email and financial accounts. Authenticator apps are more secure than SMS codes. Learn more in our MFA guide. Intermediate
Are recovery options set up and current? Beginner
Recovery email addresses, phone numbers, and security questions are your lifeline if you get locked out. Make sure they point to accounts you still control. Update any outdated recovery information now — you will regret not doing so during an emergency. Beginner
Are there unrecognized devices or active sessions? Intermediate
Most major services let you see which devices are currently signed in. Look for devices you do not recognize or locations you have never been. Sign out any suspicious sessions immediately and change your password if anything looks wrong. Intermediate
When was the password last changed? Beginner
If a password has not been changed in years, it may have been exposed in a data breach without your knowledge. Check breach databases for your email addresses and update any passwords associated with known breaches. Beginner
Are there linked third-party apps that no longer need access? Intermediate
Over time, you may have granted access to apps via "Sign in with Google/Facebook/Apple." Review these connections in each platform's security settings and revoke access for apps you no longer use or recognize. Intermediate
Priority Accounts
Give special attention to these account types, as a breach in any of them can cascade into other areas of your digital life:
Primary email — This is the master key to your digital life. Most password resets go through your email, so compromising it can unlock everything else.
Financial accounts — Bank accounts, credit cards, and payment services like PayPal or Venmo have direct monetary risk.
Cloud storage — Services like Google Drive, iCloud, or Dropbox often contain sensitive personal documents.
Social media — These accounts contain personal information and are commonly targeted for impersonation.
Step 3: Evaluate Your Digital Footprint
Your digital footprint is the trail of data you leave behind as you use the internet. It includes everything from social media posts and comments to purchase histories, search results, and data broker records. Understanding this footprint is essential for managing your privacy and reputation.
Your active footprint consists of information you intentionally share:
Active Footprint
Search for your full name in multiple search engines (not just one) Beginner
Different search engines index different content. Try Google, Bing, and DuckDuckGo at minimum. Use quotes around your name for exact matches. Learn more about what your digital footprint reveals. Beginner
Review your social media profiles as a stranger would see them (log out and view your public profile) Beginner
What you see when logged in is different from what the public sees. Log out and visit your profiles to understand exactly what information is visible to anyone. Adjust your privacy settings based on what you find. Beginner
Check what appears in image search results for your name Beginner
Image searches can surface photos you have forgotten about, including those posted by others. This is especially important for your professional reputation since employers and clients often check image results. Beginner
Look for old blog posts, forum comments, or reviews you have written Intermediate
Content you posted years ago may still be publicly visible and associated with your name. Old opinions, reviews, or comments may no longer represent who you are. Consider whether any of this content should be removed or updated. Intermediate
Review public repositories, portfolios, or project pages you have created Intermediate
Public code repositories, design portfolios, and project pages can reveal technical skills, work history, and sometimes sensitive information like API keys or credentials accidentally committed to code. Intermediate
Your passive footprint is generated without your direct action — by trackers, cookies, data brokers, and public records:
Passive Footprint
Search for your name on major data broker sites to see what personal information is publicly listed Intermediate
Data brokers like Spokeo, WhitePages, and BeenVerified aggregate and sell personal information. Search for yourself to see what is available, then use each site's opt-out process to request removal. Learn more in our digital footprint guide. Intermediate
Check if your email address appears in any known data breach databases Beginner
Services like Have I Been Pwned let you check if your email was part of a known data breach. If it was, change the password for that account immediately and enable multi-factor authentication. Beginner
Review your browser's cookie and tracker settings Intermediate
Cookies and trackers follow you across the web and build profiles of your behavior. Review your browser's privacy settings, consider blocking third-party cookies, and use browser extensions that limit tracking. See our privacy guide for recommendations. Intermediate
Check what ad profile platforms like Google have built about you (visit your Google Ad Settings) Intermediate
Google, Facebook, and other platforms build detailed advertising profiles based on your activity. Visit your ad settings on each platform to see what they have inferred about you and opt out of personalized advertising where possible. Intermediate
Look for your home address, phone number, or family members' names in public records searches Advanced
Public records databases can expose sensitive details like your home address, phone number, and family connections. This information can be used for social engineering, phishing, or physical security threats. Request removal from sites that list your information. Advanced
Step 4: Assess Privacy Exposure
Privacy exposure goes beyond your digital footprint. It measures how much of your personal, sensitive information is accessible to others — whether through your own sharing habits, data broker aggregation, or the privacy settings on your accounts.
For each social media platform you use, evaluate the following:
Social Media Privacy Review
Who can see your posts? (Public, friends, friends of friends, custom lists) Beginner
Most platforms default to broad visibility. Check each platform's audience settings and restrict your posts to the smallest appropriate group. Remember that "friends of friends" can mean thousands of strangers. See our privacy guide for platform-specific instructions. Beginner
Who can find your profile through search engines? Intermediate
Many social platforms allow search engines to index your profile by default. Disabling this prevents your profile from appearing in Google search results, which significantly reduces your public exposure. Intermediate
Who can send you messages or friend/follow requests? Beginner
Unrestricted messaging and friend requests make you a target for phishing, scams, and harassment. Limit these to mutual connections or people with your contact information. Beginner
What personal information is visible on your profile (birthday, location, employer, school)? Beginner
Details like your birthday, hometown, employer, and school are commonly used in social engineering attacks and security question answers. Remove or hide any information that is not necessary for your intended use of the platform. Beginner
Are old posts still publicly visible that you might want to archive or remove? Intermediate
Posts from years ago may contain information or opinions you would rather not have public. Most platforms offer tools to bulk-archive or limit the visibility of old posts. Facebook, for example, has a "Limit Past Posts" feature. Intermediate
Have you reviewed and adjusted the platform's privacy settings recently? Intermediate
Social media platforms frequently update their privacy settings, sometimes resetting your preferences or adding new options. Review your privacy settings at least quarterly to ensure they still reflect your preferences. Intermediate
Is your location sharing turned off or limited? Beginner
Location data in posts and photos can reveal your daily routines, home address, and travel patterns. Turn off automatic location tagging and be mindful of sharing your location in real time. Beginner
Data Sharing Assessment
Review which apps on your phone have access to your contacts, camera, microphone, and location Beginner
Go to your phone's privacy settings and review app permissions. Many apps request more access than they need. Revoke permissions that are not essential for the app's core function. See our privacy guide for step-by-step instructions. Beginner
Check which email newsletters and marketing lists you are subscribed to Beginner
Marketing emails indicate which companies have your email address and potentially other data. Unsubscribe from lists you no longer want and consider which companies you trust with your information. Beginner
Review connected apps and services that have access to your accounts through OAuth or social login Intermediate
When you use "Sign in with Google" or "Sign in with Facebook," you grant third-party apps access to your account data. Review these connections in your Google, Facebook, and Apple account settings and revoke access for apps you no longer use. Intermediate
Consider whether you have shared sensitive documents (tax returns, IDs, medical records) via email or messaging apps Advanced
Sensitive documents sent via email or messaging apps may remain accessible indefinitely in sent folders, chat histories, or the recipient's inbox. Consider deleting old messages containing sensitive files and use encrypted file-sharing methods in the future. Advanced
Check if your phone number is linked to messaging apps that expose it to other users Intermediate
Apps like WhatsApp, Telegram, and Signal use your phone number as an identifier. This means anyone with your number can find you on these platforms. Review each app's privacy settings to control who can find you by your phone number. Intermediate
Step 5: Review Your Professional Presence
Your professional digital presence can significantly impact career opportunities, business relationships, and personal reputation. Employers, clients, and professional contacts routinely research people online before meetings, interviews, or partnerships.
Professional Profile Audit
Is your primary professional profile (such as LinkedIn) up to date with your current role, skills, and accomplishments? Beginner
An outdated profile signals neglect and can cost you opportunities. Update your headline, current role, and key accomplishments. See our LinkedIn optimization guide for detailed tips on making your profile stand out. Beginner
Does your profile photo look professional and current? Beginner
Your profile photo is often the first impression people have of you. Use a recent, well-lit headshot with a clean background. Avoid casual selfies, group photos, or heavily filtered images on professional platforms. Beginner
Are there inconsistencies between different professional profiles (different job titles, dates, or descriptions)? Intermediate
Inconsistencies between profiles can raise red flags for employers and clients. Cross-reference your LinkedIn, personal website, and other professional profiles to ensure job titles, dates, and descriptions match. See our personal branding guide. Intermediate
Do you have a personal website or portfolio, and is the content current? Intermediate
A personal website gives you full control over your professional narrative and improves your search result presence. If you have one, make sure the content, projects, and contact information are up to date. Intermediate
Have you claimed your name on major professional platforms, even if you do not actively use them? Intermediate
Claiming your name on platforms you do not actively use prevents others from registering it and protects your personal brand. At minimum, secure your name on LinkedIn, GitHub (if applicable), and any industry-specific platforms. Intermediate
Are your public social media posts appropriate for professional contacts to see? Beginner
Employers and clients will search for you online. Review your public posts on all platforms and consider whether anything could negatively impact professional relationships. Adjust privacy settings or remove content as needed. Beginner
Reputation Check
Search your name in quotes along with your profession or company name Beginner
This simulates what someone researching you professionally would find. Try variations like "Your Name" + "job title", "Your Name" + "company name", and "Your Name" + your city. Check at least the first two pages of results. Beginner
Check if any negative content, outdated information, or mistaken identity results appear Intermediate
Negative or outdated search results can harm your professional reputation. If you find problematic content, you may be able to request removal from the website owner or push it down in results by creating positive content. See our personal branding guide for strategies. Intermediate
Review any reviews or testimonials associated with your name or business Beginner
Check Google Reviews, Yelp, Glassdoor, and industry-specific review platforms. Respond professionally to any negative reviews and ensure positive testimonials are visible on your own profiles and website. Beginner
Look for content from others that tags or mentions you Intermediate
Other people's posts that tag or mention you contribute to your digital footprint. Set up Google Alerts for your name to monitor new mentions. Review tagged photos and posts on social media and untag yourself from anything inappropriate. Intermediate
Verify that your professional contact information (email, phone) is consistent across platforms Beginner
Inconsistent contact information makes you harder to reach and can appear unprofessional. Use the same professional email address across all platforms and ensure your phone number is current where listed. Beginner
Step 6: Create Your Action Plan
By this point, you should have a detailed picture of your digital presence, security posture, privacy exposure, and professional reputation. Now it is time to turn that knowledge into action.
Categorize Your Findings
Review all the notes you have taken and sort them into three priority levels:
Critical (do this week) — Reused passwords on important accounts, missing two-factor authentication on email or financial accounts, unrecognized active sessions, sensitive personal information exposed publicly.
Important (do this month) — Outdated recovery options, unused accounts that should be deleted, privacy settings that need tightening, professional profiles that need updating.
Beneficial (do when you can) — Removing yourself from data broker sites, cleaning up old social media posts, creating a personal website, consolidating online accounts.
Build Your Plan
Write down your top five critical actions and commit to completing them this week Beginner
Prioritize actions with the highest security impact: fixing reused passwords, enabling MFA on critical accounts, and removing exposed sensitive information. Writing them down and setting a deadline dramatically increases follow-through. Beginner
Schedule time for the important items over the next two to four weeks Beginner
Block specific time on your calendar for the "important" tier items. Spreading the work over several weeks makes it manageable and prevents burnout. Even 15 minutes per day can make significant progress. Beginner
Set a calendar reminder to repeat this audit every six months Beginner
Your digital presence changes constantly as you create new accounts and services update their policies. A biannual audit ensures you stay on top of changes and catch new vulnerabilities before they become problems. Beginner
Consider setting up a password manager if you do not already use one Intermediate
A password manager is the single most impactful security tool you can adopt. It generates, stores, and auto-fills unique strong passwords for every account. See our password manager guide to get started. Intermediate
Bookmark the Protect section for step-by-step guides on fixing the issues you found Beginner
Share what you have learned with family members who might benefit from their own audit Beginner
Your digital security is only as strong as the people around you. Family members who reuse passwords or have exposed accounts can become indirect attack vectors. Share this guide and offer to help them get started. Beginner
Maintaining Your Digital Health
A digital audit is not a one-time event. Your online presence changes constantly — new accounts, new connections, new data. Build these habits into your routine:
Monthly — Review your active accounts for any suspicious activity. Check for new data breaches involving your email.
Quarterly — Review and remove unused app permissions. Update any passwords that are older than a year.
Biannually — Conduct a full digital audit using this guide. Reassess your privacy settings across platforms.
Annually — Search for yourself online to review your public-facing digital footprint. Update your professional presence.
Interactive Audit Tracker
Use this interactive checklist to track your progress through the audit. Check off items as you complete them — your progress is saved in your browser.
Your Audit Progress
0%
0 of 36 items completed
📧
Email & Core Accounts0/6
📱
Social Media0/6
🔑
Password Security0/6
🏦
Financial Accounts0/6
💻
Devices & Networks0/6
💼
Professional Presence0/6
Your progress is stored in your browser only and is not sent anywhere.
Next Steps
Now that you have completed your digital audit, you have a clear picture of your digital life. Here is where to go next:
Security Check — Dive deeper into the security measures protecting your accounts and devices.
Password Checker — Evaluate the strength of your passwords and learn best practices.
Protect — Access step-by-step guides for fixing the vulnerabilities you discovered.
Optimize — Strengthen and polish your professional digital presence.