Google is deleting inactive accounts. Here’s why that’s a good thing

Google is deleting inactive accounts to enhance cyber resilience.

Google is deleting inactive accounts to enhance cyber resilience. Image: Unsplash/Markus Spiske

David Elliott
Senior Writer, Forum Agenda
Our Impact
What's the World Economic Forum doing to accelerate action on Cybersecurity?
The Big Picture
Explore and monitor how Cybersecurity is affecting economies, industries and global issues
A hand holding a looking glass by a lake
Crowdsource Innovation
Get involved with our crowdsourced digital platform to deliver impact at scale
Stay up to date:


This article is part of: Centre for Cybersecurity
  • Google is deleting inactive accounts to enhance cyber resilience.
  • Unused accounts pose a significant security risk, making them vulnerable to cyber threats.
  • The World Economic Forum’s Global Risks Report 2023 put cybercrime and cyber insecurity in the current and future top 10 risks globally.

What happens to online accounts that are kept open but not used? In the case of one of the world’s biggest tech firms, it’s started shutting them down.

Google began removing personal accounts it deems to be inactive at the start of December 2023. If an account has not been signed into for at least two years, it and its contents may be deleted. That includes emails, documents, photos and more associated with that account.

Anyone that keeps an account without regularly using it – as an archive, for example – might ask the question, why can’t they just keep it open?

The answer – unused accounts are a significant security risk.

Malicious threats

Google says accounts that haven’t been used for an extended period of time are more likely to be compromised.

In a blog post on its inactive account policies, it says abandoned accounts are at least 10 times less likely to have 2-step verification set up than active accounts. They also receive fewer user security checks and often rely on old passwords that may have been compromised.

This leaves these accounts vulnerable to spam and threats including phishing scams and identity theft.

Such cybercrimes are becoming ever-more sophisticated and rising fast. A recent report from Microsoft, for example, found that password-based attacks grew tenfold in 2023 compared to a year earlier to 11,000 attacks per second.

Overall, it’s estimated that cybercrime will cost the global economy $10.5 trillion a year by 2025. No surprise, then, that the World Economic Forum’s Global Risks Report 2023 put cybercrime and cyber insecurity in the current and future top 10 risks globally.

A ranking showcasing World Economic Forum’s Global Risks Report.
Cybersecurity will remain a constant concern according to the World Economic Forum’s Global Risks Report. Image: World Economic Forum

An industry issue

Google isn’t the only big tech firm looking at this issue. Microsoft and Facebook, for example, have their own policies that require users to regularly log into accounts. X, once known as Twitter, said earlier this year that it would purge accounts that have had no activity for several years.

That announcement sparked discussion about our ownership of our ‘digital lives’, with some users concerned they would lose the accounts of deceased loved ones and the associated memories. Google’s announcement led to some pointing out the policy could lead to the loss of historically important video clips. The company has clarified that it doesn’t plan to remove accounts with YouTube videos.

Experts anticipate more data deletion policies to follow in the future, according to MIT Technology Review.


How is the Forum tackling global cybersecurity challenges?

Building cyber resilience

There may be other benefits besides security to removing unused accounts, including reducing the environmental impact of storing all that data. Digital technologies will be vital to addressing the impacts of climate change. But their footprint – currently up to 4% of greenhouse gas emissions, according to the European Commission – must also be considered.

But Google says security is at the heart of its updated inactive account policy, which focuses on personal accounts and won’t affect those of organizations such as schools or businesses. Its policy complements other tools and technology the company has invested in to protect users from threats.

Such investment will be vital in the continued defence against cybercrime, which due to factors including jurisdictional issues has become a “relatively safe and lucrative” business model for criminals, according to the World Economic Forum Centre for Cybersecurity.

The Centre is working to reinforce the importance of increasing cyber resilience across industries and sectors in order to enable a safe digital transformation. This includes driving public-private action to address systemic cybersecurity challenges.

Security tips

Cybersecurity challenges and trends are also examined in the annual World Economic Forum’s Global Cybersecurity Outlook – the latest edition of which is due to be released in January 2024. The report includes research on how the world is responding to threats and what leaders can do to secure their operations.

But, with 86% of cyberattacks using stolen credentials, there are some simple steps we can all take right now to help protect our passwords, according to password management system manufacturer NordPass:

1. Change passwords regularly

2. Use at least 20 characters, with a mix of uppercase and lowercase letters, numbers and symbols

3. Avoid guessable information such as birthdays, names or common words

4. Don’t reuse old passwords or use them for more than one site.

Oh, and it might be wise to take a look at those unused accounts and decide if you really need to keep them.

Have you read?
Don't miss any update on this topic

Create a free account and access your personalized content collection with our latest publications and analyses.

Sign up for free

License and Republishing

World Economic Forum articles may be republished in accordance with the Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International Public License, and in accordance with our Terms of Use.

The views expressed in this article are those of the author alone and not the World Economic Forum.

World Economic Forum logo
Global Agenda

The Agenda Weekly

A weekly update of the most important issues driving the global agenda

Subscribe today

You can unsubscribe at any time using the link in our emails. For more details, review our privacy policy.

Tinder Swindler: How 'romance fraud' became a multi-billion dollar cybercrime

Robin Pomeroy and Sophia Akram

May 24, 2024

About Us



Partners & Members

  • Join Us

Language Editions

Privacy Policy & Terms of Service

© 2024 World Economic Forum