1011+ breaches tracked — check free
EmaiLeaked
travel_explore Email checker lock Password checker database Recent breaches menu_book Data breach guide article Blog group About
search Check my email now
Privacy Terms Contact Editorial standards Disclaimer
Home chevron_right Account security checklist

Protection hub

Account security checklist

Use this checklist after a breach, suspicious login, reused password, or phishing scare. It organizes EmailLeaked's account protection guides into the safest order: email first, passwords second, two-factor authentication third, then login sessions and recovery settings.

travel_exploreCheck email exposure lockCheck a password

Priority order

1

Secure email first

Your email resets passwords for other accounts, so protect Gmail, Outlook, Yahoo, and Apple ID before lower-risk services.

2

Change reused passwords

Replace any password that appears on more than one site, starting with banking, email, shopping, cloud storage, and social accounts.

3

Turn on two-factor authentication

Use an authenticator app, passkey, or hardware key where possible. SMS is better than no second step.

4

Review signed-in devices

Remove old phones, unknown sessions, and browser logins you do not recognize.

5

Check recovery options

Update backup email addresses, phone numbers, recovery codes, and trusted devices before you lose access.

6

Reduce exposed profiles

Close unused accounts, remove connected apps, and limit public personal details that make phishing easier.

Two-factor authentication guides

Gmail 2FA arrow_forward Facebook 2FA arrow_forward Instagram 2FA arrow_forward WhatsApp 2FA arrow_forward Amazon 2FA arrow_forward Apple ID 2FA arrow_forward Outlook and Microsoft 2FA arrow_forward TikTok 2FA arrow_forward

Login history guides

Check Gmail login history arrow_forward Check Facebook login history arrow_forward Check Instagram login activity arrow_forward Check Amazon login history arrow_forward

Password protection guides

Password leaked? Do this now arrow_forward Create a strong password arrow_forward What is a password manager? arrow_forward What is credential stuffing? arrow_forward

Why account security matters after a breach

When your email or password turns up in a breach, attackers don't stop at the one account that leaked. They try the same login on dozens of other sites, and they use your email address to trigger password resets everywhere else. Securing your accounts in the right order is what stops that chain reaction.

This checklist organizes the work from most to least urgent. Start at the top — email and reused passwords — and you close the gaps attackers exploit first, even if you never finish the whole list in one sitting.

Reduce your digital footprint

Your digital footprint is every account, profile, email address, and phone number tied to you online. The smaller it is, the fewer ways attackers have to reach you. Work through these once your core accounts above are locked down.

task_alt

Find exposed accounts

Run an email breach check and list every breached service you still use.

task_alt

Close unused accounts

Delete old accounts that still hold email addresses, phone numbers, addresses, or payment data.

task_alt

Review public profiles

Check social profiles, old forums, people-search listings, and public usernames.

task_alt

Audit connected apps

Remove OAuth apps and browser extensions you no longer recognize or use.

task_alt

Lock recovery channels

Secure your primary email and phone carrier account before anything else.

task_alt

Repeat quarterly

Breach exposure changes over time as new datasets appear.

Frequently asked questions

What should I do first after a data breach?add

Secure your email account first — change its password and turn on two-factor authentication. Your email can reset passwords for almost every other account, so locking it down protects everything else. Then work through reused passwords, starting with banking and financial accounts.

In what order should I secure my accounts?add

Email first, then any accounts sharing a reused password, then two-factor authentication on your most important services, then a review of signed-in devices and recovery settings. This order closes the most dangerous gaps first.

Is SMS two-factor authentication good enough?add

It is far better than no second step, but an authenticator app, passkey, or hardware key is stronger because SMS codes can be intercepted through SIM-swap attacks. Use app-based 2FA where it is offered, especially for email and banking.

How do I reduce my digital footprint?add

Close accounts you no longer use, remove old payment methods and recovery emails, audit connected apps and browser extensions, and limit public personal details like your birthday and phone number. A smaller footprint means fewer ways for attackers to reach you.

How often should I run through this checklist?add

Do the full checklist after any breach, suspicious login, or phishing scare, and review the high-risk items about once every three months. New breaches surface constantly, so security is a habit, not a one-time task.

Which accounts are the highest priority to protect?add

Your primary email, phone carrier account, bank, password manager, and your Apple ID or Google account. These are the accounts attackers use to reset access to everything else, so they deserve the strongest passwords and two-factor authentication.