How to Lock Accounts While Self-Managing

If you're self-managing your internet restrictions, you will need to approach accounts strategically, and make it harder to disable filtering setting.

Tech Lockdown Team

Updated July 16, 2024

Many visitors to Tech Lockdown are trying to set content restrictions for their personal devices without the help of an accountability partner. Normally, you might have an accountability partner manage the passcode used to bypass content filtering restrictions (like with Apple Screen Time or mobile device managers). If you don't have access to an accountability partner, or you want guidance on how you should handle accounts related to your blocking system, this guide will walk you through our recommendations.

This guide focuses on several key areas:

Preventing yourself from simply logging in to accounts and easily changing settings that allow bypassing your blocking system.
Safely implementing an account bypass prevention system to help break compulsive habits.

To get started, it's important to get a clear understanding of our recommended approach to personal account management.

These steps are not required for Tech Lockdown accounts

If you use Tech Lockdown to filter content, you don't need to restrict yourself from signing in. You should use your personal email address and make the account easy to sign in to. Our profile locking feature will restrict you from making your settings less restrictive.

Get Started

Here is a summary of what we recommend to our customers. We'll elaborate on each step later on in this guide.

Create a secondary email address that you use to sign up for any online services related to your blocking system. This email address should be on a different provider than what you use for personal email. We recommend using Proton Mail for this secondary email.
You'll restrict access to this secondary email address using strategies that we cover in detail in this guide. This email account shouldn't be impossible to access - this is unsafe and we strongly advise against it! However, it should take an annoying amount of time and effort to access this email account.
When you need to create an account as part of your blocking system, you'll sign up with this secondary email address. If you try to use the Forgot Password feature on one of your accounts to login, you'll still have to login to Proton Mail, which will take some time and effort to access.

Create Secondary Email and Store the Password

To get started, sign up for the free Proton Mail email service. We recommend this email service because it's free, privacy and security focused, and has some useful features for making the account take longer to login to.

Go to Protonmail 's site and select a plan. The free plan should be more than enough.

Create an account and use a randomly generated password. You can use this Lastpass tool to randomly generate a password you won't remember.

Temporarily save this password somewhere until you can figure out the best way to store it. We'll go into some strategies later on.

Enable 2FA

2FA stands for 2-Factor Authentication. It basically means that a password alone isn’t enough to log you in. Many services add this as a security feature. For your purposes, it's mainly to add extra steps to make your Proton Mail account harder to login to.

You can choose from the following 2FA options:

Use a physical Yubikey , which is security hardward you can use for other accounts as well. In order to finish logging in to your Proton Mail account, you'd have to physically touch this key while it's plugged into a computer. This opens up many possibilities for preventing this account from easily being logged into like putting it out of sight in a physical lockbox. If you do happen to have an accountability partner, you can have them hold on to this key. Learn more here .
Use the Authy app for Android or iOS. This requires you to open an app on your phone and enter the randomly generated number to finish logging in to Proton Mail. Learn more here .

Store Password for your Secondary Email

When you up your secondary email address, you generated a random passcode and saved it temporarily. Now you need to store that password in a way that you can still retrieve it, but it will take some time and effort.

Don't make this email account impossible to access!

It's risky to not give yourself the option to access this email account. Instead, just make the process require multiple steps in order to increase the time and effort required to access it. This will break compulsive behaviors.

There are two recommended approaches:

Force yourself to wait until you can unlock your password by using a time-delayed passcode storage tool that releases the password after a set amount of time.
Lock your password from being easily copied and pasted by using a file vault tool like Cryptomater. Furthermore, ensure that you can backup this locked file with a platform like DropBox.

Option 1: Cloud Storage with Encryption Tool

Instead of storing the password to your secondary email account as plain text on your device, you could encrypt the password in a file vault program. This will make it much harder to access easily and require you to take the time to decrypt it manually first.

The free program we recommend for this is Cryptomator , which can be installed onto your computer and be used to lock a text file with your password.

Additionally, since your password will be encrypted, you can store the locked file containing your passwords with a file backup service like Dropbox . This way, if the device where you've installed Cryptomator has an issue, you can still unlock your password file on another computer.

If you instead want to make it harder to access your password by requiring you to wait, it's a better idea to consider option 2.

First, sign up for a DropBox account and set it up on your device. You will use DropBox to back up the locked file.

Next, download and install Cryptomator .

Open Cryptomator and add a new vault.

Navigate to the Dropbox folder that was added to your device after you set up Dropbox and specify a file name, then save.

This creates a new folder.

Set a password and click "create vault." You'll use this password to unlock the vault in the future.

After creating the vault, you need to enter your password again to unlock it..

Unlock your vault so that you can add files to it temporarily. You can't add files to a locked vault.

Add a text file containing the password you want to protect to your vault. In my case, I store the first half of my Protonmail password here.

Lock your vault.

Navigate to your Dropbox folder to the vault folder you created.

Notice that the text file is replaced with encrypted contents and two masterkey files.

The masterkey file is necessary to unlock the vault. It's saved in the same folder by default. You can save the .bkup masterkey file somewhere else as a backup.

I typically only use one device to access Cryptomator and I don't set it up on any other devices. You could optionally block the download website for Cryptomator so that it's difficult to download and install on another machine.

Option 2: Lock your Passwords behind a Time Delay Lockbox

Another way you can lock your secondary email password is by setting a time delay, that way it requires you to wait until you can unlock your accounts.

A free program called Lockbox lets you do this online. You can create a box with your password that will only unlock after a set period of time:

How long of a time delay to set depends on each person. For example, if you're trying to target in-the-moment urges, maybe set a time delay of 30 minutes or so. If something isn't critical, you could play it safe and set a delay for longer.

If you need to sign up for an account as part of your content blocking system, here is generally what you should do:

Use the Proton Mail email as the account email
Generate a random password that you won't remember

In order to login to this account in the future, you'd need to use "Forgot Password" to send a password reset email to your Proton Mail email account.

Since you've restricted access to this Proton Email account, it will take some effort for you to access the forgot password link.

Change Email Addresses for Existing Accounts

Now that you have a second email address that you've effectively restricted access to, you should update any account email addresses that you want to restrict access to so that it use this email address instead of your personal email.

In this section, we'll look at some of the accounts that we recommend in our premium guides and as part of the Tech Lockdown platform.

Cloudflare

When you first created your Tech Lockdown account, we asked you to create and link a Cloudflare account. You probably used the same email address that you signed up for Tech Lockdown as your Cloudflare email: we recommend using a different email for Cloudflare, but keeping your same Tech Lockdown email.

Do I need to change my Cloudflare email address if I never login?

For the vast majority of us, we probably won't need to change your Cloudflare email. We're including this information for those who would like the option.

If you are interested in doing this, sign into Cloudflare's website and go to Profile settings . You should see the option to Change Email Address at the top of the page.

Secondary Apple ID (for Screen Time)

If you use Screen Time on your iPhone or Mac, you could take your secondary email and use it to create a secondary Apple ID. You can find out how to do this on Apple's website .

In order to choose this option when locking your Screen Time settings, make sure that you've selected This is My Child's iPhone:

If you've enabled device supervision or management, then you won't need a secondary Apple ID. Supervision and Management lock Screen Time settings on a separate device, without the ability to use a PIN to disable.

Manage Engine

Manage Engine is the free mobile device manager that we show you how to use in our premium guides . We recommend changing the password associated with your Manage Engine account so that you can't easily login and change settings on connected devices.

Tech Lockdown Account

If you are using Tech Lockdown's DNS Content Policy to block content, you do not need to change your account email address to use the second proton mail email that you set up previously. In fact, you want to ensure that this account is easy to login to.

Instead, you can lock your Tech Lockdown Profile to prevent reducing account restrictions while still being allowed to add to them.

Locking your Profile will prevent new Allow rules from being added and existing Block rules from being deleted (plus it locks a bunch of other settings).

Right now, we have two ways of locking your profile:

Passcode.
Random Text.

You can access these settings on the Tech Lockdown dashboard by selecting your profile icon on the top right, then choosing Lock Settings:

Add a Passcode

This requires you to enter a password that you set in order to unlock your profile. Instead of storing this password with your browser, you could instead use Cyptomator or the delayed Lockbox to keep this password difficult (but not impossible) to retrieve.

Add Random Text to make it take time to access your account

This requires you to enter a randomized string of letters, numbers, and symbols in order to unlock your profile. You won't be able to copy/paste the string and will have to type it in manually. This means that you will have to spend the time and effort to type in the Random Text, adding a time delay to unlocking your profile.

By default, this string is 35 characters when you first go to lock your profile. You can change this to be more or less. An example of what the string looks like to unlock will be shown on the screen before you lock your profile:

Going Further with Restricting Access to the Secondary Email

If using 2FA and a random password stored using a delayed lockbox doesn't go far enough, there's one other approach we recommend.

You can use our website blocking techniques to completely block proton mail from being accessed at all.

Additionally, you might consider setting up a scheduled block rule if you are using the Tech Lockdown DNS Content Policy .

You can create a block rule that restricts when Proton Mail can be accessed to certain hours of the day.

In your Tech Lockdown dashboard, navigate to Content Policy and create a new block rule

Open the Apps section and then search for Proton Mail. Select it and save changes.

In the rule editor, scroll down to the schedule section and choose what hours of the day this rule is active. You should make sure there are certain times of day that it is unblocked so that you have a chance to login to your Proton Mail account if needed.

Frequently Asked Questions

Should I change my Tech Lockdown account email to use the second email address?

No, you don't recommend changing your Tech Lockdown email to the secondary email address created in this guide. Instead, use the Lock Profile feature in your Tech Lockdown account.

How difficult should I make it to unlock my accounts?

This depends on the person. For most people, just adding friction and inconvenience to unlocking your settings is enough.

That being said, you've got a lot of options to choose from in this guide.

On the other hand, you don't want to make it impossible to access your accounts all. Emergencies happen. We talk more about this in our where should you draw the line blogpost.

How can I plan for emergency cases when I need to disable a content filter?

While not common, it is possible that you may need to disable your settings.

I would strongly recommend creating a small note (preferably on a piece of paper) that instructs you how to unlock access to each of your counts. It's time-consuming, but as someone who has lost access to accounts before, it's worth the effort.

If you're concerned that having a written plan makes it easier for you to disable your settings later on: that's where time delays come in. Even if you know and complete the process to unlock your account, you will still have to wait.