The Threat Model Is Different Here
Most security advice assumes the attacker is a stranger. After a breakup or divorce, the person with potential access knows your passwords, your security-question answers, your habits, and may have their face or fingerprint registered on your devices. They've had legitimate access to shared accounts and possibly your phone. This isn't about paranoia; it's about cleanly separating two digital lives that were intertwined. Work through this calmly and thoroughly. If you feel you may be in danger, prioritise your physical safety and consider contacting a domestic violence support organisation, which can advise on tech safety specific to your situation.
Start With the Master Keys
- Change your email password first, and enable strong 2FA (authenticator app, not SMS). Email resets everything else, so it comes first (our Gmail guide). Check for and remove any forwarding rules or recovery addresses you didn't set: a quiet forward is a common way an ex keeps reading your mail.
- Change your phone/carrier account password and set a carrier PIN, so your number can't be ported away or accessed. A partner who knows your details could otherwise SIM-swap you.
- Change your password manager's master password (if you shared it) and review its access.
Reset Every Shared and Known Password
- Assume every password they might know is compromised. Change them all, making each unique (our generator). Prioritise: email, banking, social media, shopping with saved cards, cloud storage.
- Fix your security questions: a former partner likely knows your first pet and mother's maiden name. Replace answers with random strings stored in your manager (our security questions guide).
- Enable 2FA everywhere it wasn't, so even a known password isn't enough.
Check Your Devices
- Remove their biometrics: check your phone and laptop for any registered fingerprints or faces that aren't yours, and delete them (our biometrics guide). A registered face or finger unlocks your device regardless of your passcode.
- Change your device passcode to something they don't know.
- Review installed apps for anything unfamiliar, especially tracking or "family locator" apps that may have been installed with or without your full awareness. On a shared family plan, location sharing may be on.
- Check location sharing: Find My (Apple), Google location sharing, Snapchat Snap Map, and similar. Turn off sharing with the ex.
Untangle Shared Accounts and Access
- Log out all sessions on major accounts (email, social, streaming) so any device they're still logged in on is kicked out (our session guide explains why this matters).
- Review connected apps and account access and revoke anything shared (our OAuth guide).
- Separate shared subscriptions: streaming (our Netflix/Spotify guide covers sign-out-everywhere), family plans, shared cloud storage, and any joint accounts.
- Check smart home devices: shared accounts on cameras, locks, and speakers may still give the other person access or visibility. Remove their access or reset the devices.
The unique challenge of a breakup is that the other person isn't guessing, they know. Assume anything they could have known is compromised, and rebuild each account's access from scratch. Thoroughness, not suspicion, is the goal.
Financial and Identity Accounts
- Change passwords and 2FA on all financial accounts; watch for unfamiliar activity.
- Review account recovery details (phone, email) and remove theirs.
- For joint financial accounts, work through the proper channels to separate them.
- Consider a credit freeze if you're concerned about identity misuse.
The Priority Order (If You're Overwhelmed)
- Email password + 2FA, and remove sneaky forwarding/recovery settings.
- Phone/carrier password + PIN; remove their biometrics from your devices; change device passcode.
- Log out all sessions and change passwords on banking and social.
- Turn off all location sharing; check for tracking apps.
- Work through remaining shared accounts over the following days.
Frequently Asked Questions
Where do I even start if we shared everything?
Email first, always: it's the recovery key to everything else. Once your email is locked down with a new password and app-based 2FA, you can methodically reset the rest, because password resets flow through the email you now control. Then phones/devices, then financial, then the long tail.
How do I know if there's tracking software on my phone?
Look for unfamiliar apps, unexplained battery drain, and apps with location or accessibility permissions you didn't grant. On a shared family/carrier plan, location features may be enabled in settings. When in doubt, a factory reset (after backing up your data) removes hidden software, and domestic-violence tech-safety resources can help if you're concerned for your safety.
Should I confront them about accessing my accounts?
That's a personal and sometimes safety-sensitive decision beyond the scope of security advice. From a purely technical standpoint, quietly securing your accounts first (before any confrontation) prevents a reactive lockout attempt. If safety is a concern, prioritise it and seek appropriate support.
What about shared devices we both used?
Assume anything on a device they had access to may have been seen or copied. For devices staying with you, change all passwords entered on them and remove their access/biometrics. For devices going to them, sign out of and remove your accounts, then factory reset to clear your data.
How long does this take?
The critical items (email, phone, devices, financial) take an evening. The full untangling of shared subscriptions, smart home, and minor accounts can span a week or two. Do the priority list first for immediate protection, then work through the rest as you have energy, this is emotionally taxing, so pace yourself.