Google is deleting inactive accounts. Here’s why that’s a good thing

What happens to online accounts that are kept open but not used? In the case of one of the world’s biggest tech firms, it’s started shutting them down.

Google began removing personal accounts it deems to be inactive at the start of December 2023. If an account has not been signed into for at least two years, it and its contents may be deleted. That includes emails, documents, photos and more associated with that account.

Anyone that keeps an account without regularly using it – as an archive, for example – might ask the question, why can’t they just keep it open?

The answer – unused accounts are a significant security risk.

Google says accounts that haven’t been used for an extended period of time are more likely to be compromised.

In a blog post on its inactive account policies, it says abandoned accounts are at least 10 times less likely to have 2-step verification set up than active accounts. They also receive fewer user security checks and often rely on old passwords that may have been compromised.

This leaves these accounts vulnerable to spam and threats including phishing scams and identity theft.

Such cybercrimes are becoming ever-more sophisticated and rising fast. A recent report from Microsoft, for example, found that password-based attacks grew tenfold in 2023 compared to a year earlier to 11,000 attacks per second.

Overall, it’s estimated that cybercrime will cost the global economy $10.5 trillion a year by 2025. No surprise, then, that the World Economic Forum’s Global Risks Report 2023 put cybercrime and cyber insecurity in the current and future top 10 risks globally.

Google isn’t the only big tech firm looking at this issue. Microsoft and Facebook, for example, have their own policies that require users to regularly log into accounts. X, once known as Twitter, said earlier this year that it would purge accounts that have had no activity for several years.

That announcement sparked discussion about our ownership of our ‘digital lives’, with some users concerned they would lose the accounts of deceased loved ones and the associated memories. Google’s announcement led to some pointing out the policy could lead to the loss of historically important video clips. The company has clarified that it doesn’t plan to remove accounts with YouTube videos.

Experts anticipate more data deletion policies to follow in the future, according to MIT Technology Review.

There may be other benefits besides security to removing unused accounts, including reducing the environmental impact of storing all that data. Digital technologies will be vital to addressing the impacts of climate change. But their footprint – currently up to 4% of greenhouse gas emissions, according to the European Commission – must also be considered.

But Google says security is at the heart of its updated inactive account policy, which focuses on personal accounts and won’t affect those of organizations such as schools or businesses. Its policy complements other tools and technology the company has invested in to protect users from threats.

Such investment will be vital in the continued defence against cybercrime, which due to factors including jurisdictional issues has become a “relatively safe and lucrative” business model for criminals, according to the World Economic Forum Centre for Cybersecurity.

The Centre is working to reinforce the importance of increasing cyber resilience across industries and sectors in order to enable a safe digital transformation. This includes driving public-private action to address systemic cybersecurity challenges.

Cybersecurity challenges and trends are also examined in the annual World Economic Forum’s Global Cybersecurity Outlook – the latest edition of which is due to be released in January 2024. The report includes research on how the world is responding to threats and what leaders can do to secure their operations.

But, with 86% of cyberattacks using stolen credentials, there are some simple steps we can all take right now to help protect our passwords, according to password management system manufacturer NordPass:

1. Change passwords regularly

2. Use at least 20 characters, with a mix of uppercase and lowercase letters, numbers and symbols

3. Avoid guessable information such as birthdays, names or common words

4. Don’t reuse old passwords or use them for more than one site.

Oh, and it might be wise to take a look at those unused accounts and decide if you really need to keep them.