1
Ask HN: Should I delete passwords/email addresses for inactive users?
I run a website with circa 100,000 users. Most have not logged-in for over a year.
For security, should I delete the password and email address of inactive accounts, in case I get hacked? I want to keep the account usernames and the content they have created.
If yes, is a year a reasonable cutoff date? Is there best-practice guidelines regarding this?