fast-guide
If Someone Has Your Passwords
Fast steps to lock down accounts and prevent access.
fast actionpasswords
DIGITAL SAFETY
If Someone Has Your Passwords
1. Change Top 5 Accounts First
Focus on the accounts that create the most risk if someone else can access them.
Common “top 5” to consider:
- Email accounts (especially the one used for password resets)
- Cloud storage (photos, backups, shared documents)
- Messaging apps with web or desktop versions
- Social media accounts
- Financial accounts (online banking, payment apps)
Steps to change each password more safely:
- Whenever possible, use a device the other person has never used (library, work, trusted person’s phone or computer).
- Go to the official website or app, not a link from text or email.
- Log in and find “Security” or “Account” settings.
- Change the password to something new that:
- Is not reused from any other account
- Does not include names, dates, or words the person might guess
- Is stored somewhere they cannot reach (paper in a safe place, or a secure password manager they cannot access)
- Turn on two-step verification (also called 2FA) if available, using a phone or email they cannot access.
If changing passwords might create conflict or be noticed quickly, consider making a basic safety plan first, including where you could go and who you could contact for general support. Some people also review external directories, such as listings at https://www.dv.support, to see what kinds of services exist in their area.
2. Remove Devices
Many accounts show a list of devices that are currently signed in.
Options to review and remove devices:
- Open account “Security” or “Devices” section.
- Look for:
- “Where you’re logged in”
- “Devices” or “Your devices”
- “Active sessions”
- Sign out devices that:
- You do not recognize
- Belong to the other person
- Are old phones, tablets, or computers you no longer use
- Use the option “Sign out of all devices” where available, then:
- Sign back in only on devices in your control
- Re-check security settings afterwards
Extra checks that may help:
- Look at “Login history” or “Recent activity” for unknown locations or times.
- Check “Connected apps” or “Third-party access” and remove anything unfamiliar.
- Review “Authorized computers” or “Trusted devices” and remove devices that are not in your possession.
3. Reset Recovery Emails
Recovery options often let someone get back into your accounts even after you change the password.
List the accounts that use recovery contacts:
- Email (especially your main email address)
- Cloud accounts linked to your phone
- Social media accounts
- Important apps that send login codes to email or phone
Steps to review and update recovery details:
- Open each account’s “Security,” “Login,” or “Recovery” settings.
- Check for:
- Recovery email addresses
- Recovery phone numbers
- Backup codes or security questions
- Replace recovery email with:
- An email only you can open
- Preferably on a device or app the other person cannot see
- Update recovery phone numbers to:
- A number they do not have access to, if possible
- Or temporarily remove numbers they can control
- Change security questions:
- Avoid answers based on real facts they know (birthplace, schools, relatives)
- Use answers that are like passwords (random words) and store them somewhere safe
If you cannot safely change the main recovery options right away, you can still note which accounts are most exposed and plan the order you want to update them later.
4. Protect Banking Apps
Financial access can affect housing, transportation, and daily needs. Consider organizing these steps even if you cannot complete all of them at once.
Accounts and tools to review:
- Online banking websites and apps
- Credit card logins
- Payment apps (for example: peer-to-peer transfer apps)
- Digital wallets on your phone
Protective options to consider:
- Change login passwords using a secure device, if available.
- Turn on two-step verification:
- Use a phone number or authentication app that is not shared
- Avoid sending codes to devices they hold
- Check “authorized devices” or “remembered browsers” and remove anything:
- You do not recognize
- That the other person can access
- Review recent transactions and account alerts:
- See where notifications are being sent (email, SMS, app)
- Shift alerts to contact details they cannot control when possible
For detailed financial decisions, account changes, or questions about shared funds and legal rights, local legal or financial professionals may be useful. This page does not provide legal or financial advice.
5. When to Switch Phones
Sometimes phones are linked to shared accounts, monitoring apps, or cloud backups that another person can see.
Signs it may be worth considering a different phone or setup:
- The other person has your current phone’s unlock code or biometrics.
- They set up the phone, cloud account, or main email for you.
- Apps appear or disappear without your actions.
- Battery drains unusually fast, or data use is much higher than expected.
- They mention details they would only know from your messages, photos, or location.
Options if you decide to switch phones or phone setups:
- Consider using a low-cost phone not shared with them.
- Set it up with:
- A new email address they do not know
- A new cloud account not linked to the old one
- New PINs and lock methods not shared with anyone who may tell them
- Install only the apps you need, one by one, from official app stores.
- Avoid logging in with old passwords or accounts until those accounts are secured.
- Decide whether to keep the old phone:
- Some people keep it powered on for routine use that the other person expects
- Others power it off and store it after backing up needed information
If changing devices could affect your day-to-day safety, consider speaking with a local advocate, legal aid, or other support person who understands technology safety, before making major changes.