Heartbleed has got me rotating passwords and deleting stale accounts.<p>I've found a lot of websites, despite what they say, don't actually delete your account.<p>For example, Eventbrite appends "deleted-" to your e-mail address and leaves everything exactly the same. You can even log back in!<p>Deleting accounts and user data is always a frustration. SQL foreign keys being one pain I'm sure many have suffered. On my last project, we just had a "deleted" column.<p>How is everyone else handling deleting users from your website?
In this day when valid email addy is at a premium I never delete an account.<p>I have a status field Active/Inactive, when a user goes inactive (over 90 days) I have a process in a cron job that creates a strong password (36 chars) for that account.<p>Then when an inactive tries to login, my system tells them they have been inactive and must reset their password.