Most people don’t know how many accounts they have.
They only find out when one gets breached.
Digital sovereignty starts with awareness: what exists, where, and what it can break.
Inventory Everything
Start simple:
- List every account you have, active or dormant
- Note what email and password they use
- Include devices, cloud services, IoT, subscriptions
If you don’t know it exists, you can’t secure it.
Map Dependencies
An old forum login might seem harmless. Until:
- It reuses a password tied to your main email
- It’s linked to a social account for SSO
- It holds personal data you’ve forgotten about
Dependencies are where breaches cascade.
Assess Weak Points
For each account, ask:
- Does it have 2FA?
- Do you control the recovery email/number?
- Could it be used to impersonate you?
Critical doesn’t always mean obvious.
Prune and Harden
Delete what you don’t need.
Strengthen what you do:
- Unique passwords via a manager
- 2FA wherever possible
- Update recovery info regularly
The smaller your footprint, the harder you are to hit.
Repeat Periodically
Attack surface changes over time.
New accounts are made; old ones rot.
Schedule an audit like you schedule backups.
Ignorance is not sovereignty.
You can’t control what you can’t see.