Digital Legacy and Online Accounts: Protecting Your Digital Presence After Divorce

I was locked out of my own email account on a Tuesday morning.

The email address I'd had for fifteen years—the one tied to my bank accounts, my children's school communications, my therapy portal, my attorney's messages, my entire digital life—suddenly wouldn't accept my password. I tried password reset. It sent a code to the recovery phone number... his phone number, which I'd set up years ago when we were married and never thought to change.

In less than five minutes, he'd locked me out of the central hub of my digital existence. No access to communications with my attorney. No ability to receive messages from my children's school. No way to reset passwords for the dozens of accounts tied to that email. He controlled everything.

That was the moment I realized that securing my digital presence wasn't just about changing a few passwords. It was about systematically reclaiming every piece of my online identity that had become intertwined with his during our marriage. And it was about protecting the digital legacy I was creating for my children—photos, videos, memories—from someone who might use them as leverage or delete them out of spite. If you suspect active surveillance, read our guide on how abusers track your phone and digital activity first—stopping surveillance is urgent before changing passwords.

If you're separating from a high-conflict partner, your digital accounts are weapons. Every email, photo library, social media account, cloud storage, streaming service, and online account is either secured against them or accessible to them. There's no in-between.

Content note: This article discusses technology-facilitated abuse, including account takeover and digital surveillance. If you're currently locked out of critical accounts, prioritize immediate safety and contact a domestic violence advocate for tech-safety support.

Here's how to lock down your digital life and protect what matters most.

During marriage, you likely merged digital lives:

The problems:

• Recovery email might be theirs
• Recovery phone number might be theirs
• Password might be shared
• They might have access to your inbox
• Every account reset goes through this email

Why it matters: Whoever controls your primary email controls every account tied to it. This is the skeleton key to your digital life.

iCloud, Google Drive, Dropbox, OneDrive:

• Shared photo libraries
• Document storage
• Backup of phone/computer
• Contacts and calendar syncing
• Potentially set to family sharing

What they can access:

• All your photos
• All your documents
• Your backed-up text messages
• Your location history
• Your contacts and calendar

Facebook, Instagram, Twitter/X, LinkedIn, TikTok:

• They might know your passwords
• Recovery options might go to shared email
• Sessions might still be logged in on shared devices
• Two-factor authentication might use old phone number

What they can do:

• Post as you
• Delete your content
• Access your messages
• See your activity
• Lock you out

Netflix, Hulu, Disney+, Spotify, Amazon Prime, etc.:

• Shared family accounts
• Payment methods on file
• Viewing history visible
• Profile access

Why it matters: Not just about who pays—they can see what you watch, listen to, buy. They can delete your profiles or watchlists. They can change passwords and lock you out.

Banks, credit cards, Amazon, PayPal, Venmo:

• Might have shared accounts
• May know passwords
• Could have linked payment methods
• Access to purchase history

Critical risk: They can see what you're spending money on, where you're shopping, what you're buying. In shared accounts, they can drain funds.

School portals, medical portals, activities:

• Often set up jointly
• Both have credentials
• Shared access during marriage
• Access rights determined by legal custody status

The balance: Both parents with legal custody typically need access for legitimate purposes. But ensure you have independent login credentials they can't lock you out of. Consult your attorney about what changes are appropriate during divorce proceedings.

Google Photos, iCloud Photos, Amazon Photos:

• Years of family photos
• Videos of children
• Irreplaceable memories
• Potentially shared albums

The fear: They could delete everything out of spite. Or hold them hostage. Or edit/manipulate them.

Do these steps in order, as quickly as possible:

Before you do anything else:

1. Create brand new email address (Gmail, ProtonMail, or other secure provider)

   • Use complex password you've never used before
   • Don't use any personal information in address
   • Save password in secure password manager

2. Set up two-factor authentication (2FA) immediately

   • Use authenticator app (Google Authenticator, Authy)
   • NOT SMS to phone number they might know
   • Save backup codes in secure location

3. Set recovery options only you control

   • Recovery email: different email only you access
   • Recovery phone: your new phone number (not Google Voice, which could be compromised via Google account access)
   • Security questions: answers only you know (not factual information your ex knows)

4. DO NOT:

   • Tell your ex about new email
   • Use it to contact people you both know
   • Access from shared devices
   • Link to old accounts yet

Why this first: You need a secure base of operations before changing anything else.

Your phone is the gateway to everything:

1. Change device passcode

   • Not a pattern or PIN they've seen you enter
   • Not a significant date they'd guess
   • Complex 6+ digit passcode
   • Biometric lock (fingerprint/face ID) as secondary

2. Check "Find My Phone" settings

   • Ensure only you have access
   • Disable sharing with their account
   • Change iCloud/Google password

3. Review apps with access to location

   • Settings → Privacy → Location Services
   • Disable or set to "While Using" for anything non-essential
   • Remove family tracking apps (Find My Friends, Life360, etc.)

4. Remove their fingerprint/face from biometric unlock

5. Check for monitoring apps

   • Look for unfamiliar apps
   • Check battery usage for suspicious activity
   • Review device administrator apps
   • Consider factory reset if you suspect spyware

6. Change Apple ID/Google Account password

   • Use new complex password
   • Enable 2FA with authenticator app
   • Sign out of all devices except yours
   • Remove all trusted devices you don't personally control
   • Review recent activity
   • Disable Family Sharing if enabled
   • Check for any shared iCloud Keychain access

Protect your money immediately:

1. Bank accounts:

   • Change all online banking passwords
   • Enable 2FA
   • Update email to your new secure address
   • Remove them as authorized user if possible
   • Set up alerts for all transactions

2. Credit cards:

   • Change passwords on all card portals
   • Update contact information
   • Set up transaction alerts
   • Consider freezing credit

3. PayPal, Venmo, Cash App:

   • Change passwords
   • Remove linked bank accounts if shared
   • Unlink from old email
   • Check transaction history for unauthorized activity

4. Amazon and other shopping:

   • Change passwords
   • Remove saved payment methods if they have access
   • Update email address
   • Check order history
   • Set up two-step verification

This is the tedious part. It's also the empowering part.

Make a spreadsheet of every online account you have. Yes, every one. Seeing the full list can be overwhelming, but it's also the roadmap to reclaiming your digital autonomy. Each account you secure is one less opening for them to exploit.

For each account:

1. Visit the site/app
2. Change password to unique strong password (password manager generates this)
3. Enable 2FA if available
4. Update email to your new secure email
5. Update phone number to your number only
6. Review recovery options (systematically remove any trace of their contact information)
7. Check recent activity for unauthorized access (screenshot anything suspicious)
8. Sign out all devices and re-login only on yours
9. Update security questions with answers only you know (not facts they know about you)

Critical accounts to prioritize:

• Email (all accounts)
• Banks and credit cards
• Phone carrier account
• Health insurance portal
• Children's school and medical portals
• Utilities (if in your name)
• Landlord/property management portal
• Attorney and legal portals
• Therapy and medical portals
• Social media accounts
• Cloud storage
• Computer/device accounts

Less critical but still important:

• Streaming services
• Shopping accounts
• Forums or communities
• Newsletters and subscriptions
• Loyalty programs
• App-based services

Your memories are irreplaceable:¹

1. Download all photos/videos locally

   • From iCloud, Google Photos, Facebook, Instagram
   • Save to external hard drive (encrypted)
   • Multiple backups in different locations
   • Don't rely only on cloud storage

2. Create new cloud storage account

   • New Google Photos or iCloud account
   • Not shared or linked to family accounts
   • Upload your saved photos
   • Don't share access with anyone

3. Remove from shared albums/storage

   • After backing up, consider removing from shared spaces
   • They can't delete what isn't there
   • Balance with custody agreement terms

4. Organize and protect:

   • Separate photos by time period (before/during/after relationship)
   • Encrypt sensitive photos
   • Store children's photos carefully (they may have legitimate access)
   • Consider creating separate library for co-parenting photos

Protect your public presence:

For each social media account:

1. Change password (unique, strong)

2. Enable 2FA with authenticator app

3. Review logged-in sessions and log out unknown devices

4. Update recovery email/phone to only yours

5. Review privacy settings:

   • Who can see your posts
   • Who can tag you
   • Who can find you via email/phone
   • Location sharing settings
   • Story/post visibility

6. Remove them as friend/follower (if appropriate for your situation)

7. Block if necessary (prevents viewing public posts)

8. Review past posts for anything that could be used against you

9. Update "About" info (remove relationship status, shared details)

Platform-specific settings:

Facebook:

• Review "Where You're Logged In"
• Disable platform apps that might share data
• Check Facebook Messenger separately
• Review business pages if you manage any

Instagram:

• Check logged-in devices
• Review who can message you
• Private vs. public account
• Story settings

LinkedIn:

• Make profile changes private if updating career info
• Review who can see your connections
• Update job status privately

Protect their online presence and future:

Email and accounts:

• Create new email accounts for children's school/activities
• Not shared with ex if possible (discuss with attorney)
• Secure children's tablets/devices if they have them
• Review apps and parental controls

Photos and videos:

• Back up all photos of children
• Discuss with attorney: who can post children on social media?
• Custody orders may address this
• Consider mutual agreement not to post children
• If you must post: private accounts, face obscured, no names

School and medical portals:

• Ensure both parents have access (if both have legal custody)
• But ensure access is independent (they can't lock you out)
• Set up alerts to your email for all communications
• Download and back up important documents

Future digital footprint:

• Think long-term about what you create now
• Children will grow up and see what was posted
• Divorce content involving them may embarrass or harm them
• Protect their privacy above your need to vent/share

Why you need one:

If you're thinking "I can't possibly remember 50+ unique complex passwords," you're right. That's why password managers exist. They're not just convenient—they're essential for the kind of comprehensive security overhaul you need after leaving a high-conflict relationship.² For deeper understanding of how abusers use smart home technology and digital tools for surveillance and control, see smart home technology as a control mechanism.

What password managers do:

• Generate unique passwords for every account
• Store them securely encrypted (even the company can't access them)
• Auto-fill without typing (harder for keyloggers to capture)
• Alert you to compromised passwords from data breaches
• One master password to remember (make it long, complex, and memorable only to you)

Recommended options:

• 1Password (paid, excellent security track record)
• Bitwarden (free and open-source option)
• Dashlane (paid, user-friendly)

Note: We previously listed LastPass, but after significant security breaches in 2022, we no longer recommend it for high-conflict situations where maximum security is essential.

Set up:

1. Choose a password manager
2. Create master password (long, complex, memorable)
3. Enable 2FA on password manager itself
4. Import or create all account passwords
5. Use generated passwords going forward
6. Never reuse passwords

What it is: Second verification step beyond password—usually a code from app or text.³

Types (from most to least secure):

1. Hardware keys (YubiKey, Titan Security Key)

   • Physical device you plug in or tap via NFC
   • Most secure option
   • Can't be phished or intercepted
   • Cost: $30-70 per key (buy two - one for backup)

2. Authenticator apps (Google Authenticator, Authy, Microsoft Authenticator)

   • Generate 6-digit codes that change every 30 seconds
   • More secure than SMS
   • Free

3. SMS codes (text message to your phone)

   • Better than nothing
   • Can be intercepted or redirected
   • Use only if no better option available

Enable 2FA on:

• All email accounts
• All financial accounts
• Social media
• Cloud storage
• Phone carrier account
• Apple ID / Google account
• Any account with sensitive information

Backup codes:

• Save them when setting up 2FA
• Store in password manager or secure location
• Needed if you lose access to authentication method

For highly sensitive situations:

Encrypted cloud storage:

• ProtonDrive
• Tresorit
• Sync.com

Encrypted email:

• ProtonMail
• Tutanota

Encrypted messaging:

• Signal (end-to-end encrypted texts and calls, minimal metadata collection)
• WhatsApp (end-to-end encrypted content, but Meta collects metadata about who you contact and when)

Local encryption:

• Encrypt external hard drives
• Use FileVault (Mac) or BitLocker (Windows) for laptop encryption
• VeraCrypt for encrypted folders

Computer/laptop:

• Set up login password
• Enable full-disk encryption
• Require password after sleep/screensaver
• Don't save passwords in browsers
• Log out when not in use
• Install antivirus/anti-malware
• Keep OS and software updated

Tablets and phones:

• Passcode lock
• Biometric backup
• Encryption enabled (usually default on modern devices)
• Remote wipe capability enabled
• Regular backups to secure cloud

Shared devices:

• Don't use shared computers for sensitive accounts
• Use private/incognito mode if you must
• Log out of all accounts when done
• Clear browser history and cache

Damage control if you suspect they've accessed your accounts:

If you're reading this section because you've already discovered unauthorized access, first: breathe. The violation you're feeling is real. Someone invading your digital privacy is invasive, frightening, and infuriating. And second: you can fix this. Here's how to regain control.

1. Change password immediately from device you control
2. Enable 2FA with authenticator app
3. Review "recent activity" or "security" to see logins
4. Sign out all sessions except yours
5. Check email forwarding rules (Settings → Forwarding) and delete any you didn't create
6. Review filters/rules they might have set up to hide emails
7. Check sent emails for things you didn't send
8. Search for password reset emails to see what accounts they might have accessed
9. Assume they've read everything and plan accordingly⁴

1. Change passwords immediately
2. Call your bank/credit card company and explain situation
3. Request fraud alerts on your credit
4. Freeze credit with all three bureaus (Equifax, Experian, TransUnion)
5. Review all recent transactions for unauthorized activity
6. Set up transaction alerts
7. Consider identity theft protection services like Aura or Norton LifeLock to monitor for unauthorized credit inquiries and new accounts opened in your name
8. Consider opening new accounts they don't know about
9. Document everything for potential legal action

1. Change password immediately and log out all sessions
2. Delete their posts if possible
3. Post correction if necessary (keep it brief and factual)
4. Screenshot their posts before deleting (evidence for court)
5. Enable post approval before things appear on your timeline
6. Consider temporary account deactivation while you secure things
7. Report to platform as unauthorized access

1. Check "Recently Deleted" or "Trash" folders (often 30-day recovery window)
2. Restore what you can
3. Check if you have backups (cloud, external drive, old devices)
4. Google Photos/iCloud may have older backups
5. Check if files were shared with others who might still have copies
6. Acknowledge the loss if files are unrecoverable
   • The grief of lost photos and memories is real and valid
   • This is a form of abuse—intentional destruction of irreplaceable items
   • Give yourself permission to mourn what was taken from you
   • Consider documenting this loss with a therapist who can support your court case
7. Document the deletion for court (screenshot empty folders, restore logs showing deletion)
8. Change all passwords and security settings so it can't happen again

Don't do it, even if you know the passwords:

• It may be illegal under federal law (Computer Fraud and Abuse Act applies to unauthorized access of protected computers used in interstate commerce) and various state computer crimes statutes⁵
• Could be contempt of court if protective order exists
• Will severely damage your credibility in court
• Could result in criminal charges in some jurisdictions
• "But they did it to me" is not a legal defense
• Evidence obtained through unauthorized access may be inadmissible

The only exception:

• Legitimate joint accounts you're both legally entitled to access
• Accounts set up as shared during marriage (consult attorney about what qualifies)
• With explicit attorney guidance about what's permissible in your jurisdiction
• Even then, document your legal right to access before doing so

Legal disclaimer: Digital privacy laws vary significantly by state and evolve rapidly. This article provides general information, not legal advice. Consult an attorney licensed in your jurisdiction about your specific situation before taking any action that could be construed as unauthorized account access.

Communications with your attorney are privileged:

Protect them:

• Use only your secure email for attorney communications
• Don't forward attorney emails to accounts ex might access
• Don't access legal portals from shared devices
• Use encrypted email for especially sensitive communications
• Don't discuss legal strategy on platforms ex might monitor

May need protective orders addressing:

• Prohibition on accessing your accounts
• Requirement to return any devices, passwords, or access they have
• Specific terms about children's digital presence
• Penalties for violations

Digital security isn't one-and-done:

Monthly:

• Review recent activity on email and financial accounts
• Check logged-in sessions and sign out unknowns
• Rotate most critical passwords
• Review privacy settings on social media

Quarterly:

• Full security audit of all accounts
• Update passwords on medium-priority accounts
• Back up photos and important files
• Review credit report for suspicious activity

Annually:

• Change master password on password manager
• Replace 2FA backup codes
• Review all account recovery settings
• Update encryption software
• Replace hardware security keys if you use them

After any security incident:

• Change affected passwords immediately
• Review all connected accounts
• Enable additional security measures
• Document for potential legal action—see our guide on documentation best practices in divorce for how to properly record and preserve digital security incidents as evidence

Age-appropriate digital security education:

Young children (under 10):

• Passwords are private, don't share them
• Tell parent if anyone asks for passwords
• Only use devices parent has set up
• Don't talk to strangers online

Pre-teens (10-13):

• Importance of strong passwords
• Not using same password everywhere
• Why we don't share personal information online
• Asking before downloading apps or creating accounts
• What to do if something feels wrong online

Teens (13+):

• How to create strong passwords
• Two-factor authentication
• Privacy settings on social media
• Digital footprint and long-term consequences
• Recognizing phishing and scams
• Consent and sharing photos

In co-parenting context:

• Children shouldn't be asked to spy on other parent
• They shouldn't be given access to either parent's accounts
• Protect them from being used as information sources
• Teach them healthy boundaries about digital privacy

If you're overwhelmed by this list, start with these three priorities:

Priority 1 (Today): Create a new secure email account with strong password and two-factor authentication. This is your foundation for everything else.

Priority 2 (This Week): Secure your phone - change passcode, review location sharing, check for monitoring apps, update Apple ID/Google Account password.

Priority 3 (This Month): Systematically change passwords on critical accounts (banks, attorney portals, children's schools) using a password manager to track everything.

Remember: Digital security is a process, not perfection. Every account you secure is progress. Every password you change is reclaiming power. Start where you are, protect what matters most first, and build from there.

Related Resources:

• Economic Abuse and Financial Control (understanding financial account security in context)
• Documentation Strategies for High-Conflict Custody (how to document digital abuse)
• Technology Safety Planning (comprehensive tech safety beyond accounts)

NOTE ON HOTLINE NUMBERS: Phone numbers for crisis hotlines, legal aid, and support services are provided as a resource. These numbers are current as of publication but may change. Please verify hotline numbers are still active before relying on them. For the National Domestic Violence Hotline, visit thehotline.org for current contact information.

Digital Security Tools:

• 1Password - Password manager for securing accounts
• Bitwarden - Open-source password management
• YubiKey - Hardware two-factor authentication keys
• Signal - Encrypted messaging and calls

Digital Safety and Privacy Resources:

• Electronic Frontier Foundation - Digital rights and security guides
• Safety Net Project - Technology safety for survivors of abuse
• National Network to End Domestic Violence - Tech safety resources
• Cyber Civil Rights Initiative - Protection from online abuse

Credit Protection and Legal Support:

• Equifax Credit Freeze - Freeze credit to prevent identity theft
• Experian Freeze - Credit freeze and monitoring
• TransUnion Freeze - Free credit freeze services
• National Domestic Violence Hotline - 1-800-799-7233 (technology-facilitated abuse support)

---