Skip to main content
tech.org.au home

Guide

How to check who has access to your accounts

Most account snooping is not clever hacking. It is old access that never got cleaned up.

Updated 9 July 20268 min readBy AngusPart of Online safety tips

If you have ever wondered who has access to my accounts, the honest answer for most people is: more people and apps than you think. Old shared passwords, a phone you sold without signing out, an app you connected in 2019, or a forwarding rule you never knew existed can all quietly read your life long after you forgot about them.

This guide walks you through checking, in order of importance. You do not need to be technical. Each check takes a few minutes, and you only need to do this properly once, then briefly again each year.

1. Start with your email, because it opens everything else

Your main email account can reset the password on almost every other account you own, so anyone who can read it can eventually take the rest. Check it first and be thorough.

  1. Open your email provider's security settings and look for a page called something like devices, sessions or recent activity. Sign out anything you do not recognise.
  2. Check the recovery email address and recovery phone number. They must be yours, current, and not shared with anyone.
  3. Check mail forwarding and filter rules. Look for any rule that forwards mail to another address, or deletes or hides messages, and remove anything you did not set up yourself.

Good to know

  • Forwarding rules and filters are a favourite trick because they keep working even after a password change. Check them even if everything else looks clean.
  • Both Google and Microsoft have a security checkup page that walks you through most of this in one place.

2. Review connected apps and services

Many accounts let you sign in to other apps with them, or grant apps permission to read your data. Each of those grants keeps working until you revoke it, even if you have not opened the app in years.

  1. In your email, social and cloud accounts, find the page listing connected apps, third-party access or apps with account access.
  2. Remove anything you do not recognise or no longer use. If you are unsure, remove it. A legitimate app will simply ask you to reconnect next time you use it.
  3. While you are there, check for app passwords, an older feature that lets a program skip two-factor authentication. Delete any you did not create.

3. Check signed-in devices on your important accounts

Beyond email, walk through your banking, social media, shopping and cloud storage accounts and open the devices or sessions page in each. You are looking for phones, computers or locations that are not yours. Sign out anything unfamiliar and anything you no longer own, like an old phone or a work laptop you returned.

4. Look at family sharing and shared services

Sharing features are easy to set up and easy to forget. Family sharing on Apple and Google accounts can include location sharing, shared photo albums and shared purchases. Streaming, food delivery and shopping accounts often stay signed in on other people's devices long after circumstances change.

  1. Open your Apple or Google family settings and confirm who is in the group and what is shared, especially location.
  2. Check location sharing separately in Google Maps and Apple Find My, because it can be on even outside a family group.
  3. For streaming and shopping accounts, use the sign out everywhere option if people who should no longer have access once used them.

5. If you find something, secure things in the right order

Finding unknown access is unsettling, but the fix is methodical. Work from a device you trust, such as your own phone on mobile data.

  1. Change the account password, starting with your email.
  2. Turn on two-factor authentication if it is not already on.
  3. Use the sign out all other devices option so the new password takes effect everywhere.
  4. Re-check recovery details and forwarding rules one more time after the change.

Good to know

  • If money or identity details are involved, treat it like a scam response: contact your bank and see our guide on what to do if you have been scammed.

6. A safety note if the person may be someone close to you

If you believe the access belongs to a partner, ex-partner or someone you live with, and you are worried about how they might react, pause before you change anything. Suddenly locking someone out can alert them and can escalate a difficult situation. The eSafety Commissioner at esafety.gov.au has specific guidance for this, and 1800RESPECT on 1800 737 732 offers free confidential support at any hour. Plan the lockdown, ideally with support, rather than doing it in the moment.

Frequently asked questions

How can I tell if someone is reading my email?

Check three places in your email security settings: the recent activity or devices page for sign-ins you do not recognise, the forwarding settings for rules sending mail elsewhere, and the filters for rules that hide or delete messages. Also confirm the recovery email and phone are yours. Any one of those being wrong is a strong sign someone else has access.

Which account should I secure first?

Your main email account, every time. It can reset the password on almost everything else you own, so securing it first means anything else you fix afterwards stays fixed. Change its password from a trusted device, turn on two-factor authentication, then sign out all other sessions.

What are connected apps and should I remove them?

Connected apps are services you have granted permission to use your account, for example an app you signed into with Google or Facebook. Each grant keeps working until you revoke it. Remove anything you do not recognise or no longer use. Nothing breaks permanently, a legitimate app will simply ask you to reconnect.

Is signing out other devices enough, or do I need a new password?

Do both. Signing out other devices ends current sessions, but if someone knows your password they can simply sign back in. Change the password first, then use sign out everywhere so the old sessions are cut off at the same time.

How often should I check who has access to my accounts?

A thorough check once, then a quick review yearly is enough for most people. Also re-check after any big change: a relationship ending, a housemate moving out, selling a phone or computer, or letting someone go from your business.

I think someone I live with is monitoring my accounts. What should I do?

Be careful and put your safety first. Suddenly locking the person out can alert them, so plan the change rather than rushing it. The eSafety Commissioner has step-by-step guidance for exactly this situation at esafety.gov.au, and 1800RESPECT on 1800 737 732 provides free confidential support around the clock. If you are in immediate danger, call 000.

More in the online safety tips hub

Get one useful tech tip a week

Plain-language guides and the occasional scam warning, sent when it matters. No spam, unsubscribe anytime.

Prefer to just ask? angus@tech.org.au or use the contact form.

Join the newsletter