If spring cleaning has you clearing out closets and drawers, cybersecurity experts say it can be the right time to do a parallel check on digital clutter—both on devices and across online accounts. In an AP One Tech Tip, Malwarebytes product vice president Michael Sherwood argued that unneeded digital items and unused accounts expand opportunities for scammers.
Sherwood said “Clutter is fuel for scammers. Old accounts, exposed data and forgotten apps give them more ways in,” and he added that “Cleaning up your digital life is one of the simplest ways to shrink your attack surface in a threat landscape that’s getting smarter, faster, and more automated.”
The AP checklist starts with storage. It recommends checking whether phones or computers are running low—since crowded internal storage can slow devices or prevent operating-system updates—then using built-in storage tools to identify which apps and files are taking up the most space. The guide says users can archive important files by copying them to an external drive, cloud storage or both, and then delete them from the device.
The checklist then moves to inbox organization, urging users to sort or filter email by size or by sender and date to find large messages—often with oversized attachments—for deletion, while also unsubscribing from mailing lists or newsletters the user no longer reads. It also recommends app cleanup on phones: deleting apps that are no longer used, and—crucially—logging into those services to delete the accounts tied to apps that required sign-up, so the information provided during signup does not remain on file.
Sherwood said “Every dormant account is an open door. Scammers actively target abandoned logins because no one’s watching,” in an explanation of why account deletion matters, not just app removal. The guide also urges users to update software by checking for app-store updates and installing the latest operating-system updates and patches for phones, computers and other devices.
From there, experts recommend auditing a person’s digital footprint on social media platforms including Facebook, Instagram, TikTok, LinkedIn and others. The advice is to review privacy settings, consider deleting older posts, and limit how much personal information is publicly available—an approach Sherwood said can reduce risk. Chad Thunberg, Yubico’s chief information security officer, said “Limiting what personal information is publicly available helps to reduce the risk of falling victim to cyberattacks such as phishing and identity theft.”
The AP guide also recommends checking third-party access. It describes steps for reviewing whether websites and devices suggested logging in with an existing social or Apple account, and for checking connected services—like smart thermostats or doorbell cameras that request access to a Google account. The checklist advises removing third-party apps and services that a user no longer needs, as a way to tighten online privacy.
For authentication, the final sections focus on improving account security. The guide recommends turning on multi-factor authentication and, better, using passkeys—a “modern login standard” that Thunberg said offers stronger protection than traditional passwords. It describes passkeys as a two-part code that works only when combined, and says they are authenticated with a fingerprint, face scan or PIN; Thunberg said they “cannot be faked, intercepted or replicated by AI-based attacks.” The checklist also advises that passkeys and password-based logins can be managed with password manager tools—either built into major phone ecosystems or via third-party services—while following the “best practice” of using a different password for each account.