You create and keep lots of personal information in your online accounts, so you want protection in place. Here’s how to protect your accounts with strong passwords and other security methods.
Create a strong password
When you set up an online account, you’re usually asked to create a password. To protect your account from cyberattacks, create a strong password that’s hard to guess. How? Start by making your password long – aim for at least 12 characters.
Of course, a long password can be hard to remember. You may find it easier to use a passphrase – a series of words separated by spaces. But make sure your passphrase consists of random words. Avoid using common phrases, song lyrics, or movie quotes that are easy for a hacking program to guess.
If the account doesn’t allow long passwords, mix uppercase and lowercase letters, numbers, and symbols to make your password strong.
Studies show people aren’t very good at creating random, strong passwords – or remembering them. So, what to do? One option is to have your web or mobile browser create a password for you. Each browser has its own process.
Another option is to use a third-party password manager to create a strong password – and remember it. To find a reputable password manager, read expert reviews. Make sure the password you’re using with the password manager is strong and secure.
Lock down your email
It’s critical to protect your email account with a strong password. Password reset links often go to your email inbox; if a hacker takes over your email account, they can get password reset links for your other accounts. Then they can change the passwords and take over those accounts, too. If that happens, here’s how to recover a hacked account.
Use multi-factor authentication
A strong password is an important first step in protecting your account from hackers. But even strong passwords are vulnerable to cyberattacks. Using multi-factor authentication means a hacker who steals your password can’t log in to your account without another authentication factor.
The most common type of multi-factor authentication is a verification passcode you get by text message or email. This one-time passcode is typically six digits or longer and it expires automatically. This is the least secure type of two-factor authentication, so when available, choose a more secure method like an authenticator app or a security key for more protection.
Pick security questions only you can answer
When you create an account, you may have to give answers to a few security questions. Some sites may periodically ask you to answer these questions as a security measure to confirm your identity. You also may have to answer them if you need to reset your password.
Hackers could try to guess your answers to get into your account, so pick security questions only you can answer. Avoid questions with a limited number of responses hackers can guess – like the color of your first car. And skip questions with answers that someone could find online or in public records – like your zip code, birthplace or mother’s maiden name. If you can’t avoid those questions, treat them like a password and use random and long answers. Just be sure you can remember your answers. As with a password, make sure the question and answer are unique, not one you use on other sites.
Change your password if someone steals it
If a company or website tells you it lost your password in a data breach, change your password right away. Follow the advice above and create a new strong password. If you reused the same password, or a similar one on other services, change it there, too.