Guide
How to check who has access to your accounts
Most account snooping is not clever hacking. It is old access that never got cleaned up.
Updated 9 July 20268 min readBy AngusPart of Online safety tips
If you have ever wondered who has access to my accounts, the honest answer for most people is: more people and apps than you think. Old shared passwords, a phone you sold without signing out, an app you connected in 2019, or a forwarding rule you never knew existed can all quietly read your life long after you forgot about them.
This guide walks you through checking, in order of importance. You do not need to be technical. Each check takes a few minutes, and you only need to do this properly once, then briefly again each year.
1. Start with your email, because it opens everything else
Your main email account can reset the password on almost every other account you own, so anyone who can read it can eventually take the rest. Check it first and be thorough.
- Open your email provider's security settings and look for a page called something like devices, sessions or recent activity. Sign out anything you do not recognise.
- Check the recovery email address and recovery phone number. They must be yours, current, and not shared with anyone.
- Check mail forwarding and filter rules. Look for any rule that forwards mail to another address, or deletes or hides messages, and remove anything you did not set up yourself.
Good to know
- Forwarding rules and filters are a favourite trick because they keep working even after a password change. Check them even if everything else looks clean.
- Both Google and Microsoft have a security checkup page that walks you through most of this in one place.
2. Review connected apps and services
Many accounts let you sign in to other apps with them, or grant apps permission to read your data. Each of those grants keeps working until you revoke it, even if you have not opened the app in years.
- In your email, social and cloud accounts, find the page listing connected apps, third-party access or apps with account access.
- Remove anything you do not recognise or no longer use. If you are unsure, remove it. A legitimate app will simply ask you to reconnect next time you use it.
- While you are there, check for app passwords, an older feature that lets a program skip two-factor authentication. Delete any you did not create.
3. Check signed-in devices on your important accounts
Beyond email, walk through your banking, social media, shopping and cloud storage accounts and open the devices or sessions page in each. You are looking for phones, computers or locations that are not yours. Sign out anything unfamiliar and anything you no longer own, like an old phone or a work laptop you returned.
4. Look at family sharing and shared services
Sharing features are easy to set up and easy to forget. Family sharing on Apple and Google accounts can include location sharing, shared photo albums and shared purchases. Streaming, food delivery and shopping accounts often stay signed in on other people's devices long after circumstances change.
- Open your Apple or Google family settings and confirm who is in the group and what is shared, especially location.
- Check location sharing separately in Google Maps and Apple Find My, because it can be on even outside a family group.
- For streaming and shopping accounts, use the sign out everywhere option if people who should no longer have access once used them.
5. If you find something, secure things in the right order
Finding unknown access is unsettling, but the fix is methodical. Work from a device you trust, such as your own phone on mobile data.
- Change the account password, starting with your email.
- Turn on two-factor authentication if it is not already on.
- Use the sign out all other devices option so the new password takes effect everywhere.
- Re-check recovery details and forwarding rules one more time after the change.
Good to know
- If money or identity details are involved, treat it like a scam response: contact your bank and see our guide on what to do if you have been scammed.
6. A safety note if the person may be someone close to you
If you believe the access belongs to a partner, ex-partner or someone you live with, and you are worried about how they might react, pause before you change anything. Suddenly locking someone out can alert them and can escalate a difficult situation. The eSafety Commissioner at esafety.gov.au has specific guidance for this, and 1800RESPECT on 1800 737 732 offers free confidential support at any hour. Plan the lockdown, ideally with support, rather than doing it in the moment.