Fortify Your Digital Presence: 10 Essential Tips for Securing Your Online Accounts

Let’s be honest: most people don’t get hacked because a big Hollywood villain brute-forced their firewall. They get hacked because they reuse the same password across multiple sites, or because they tap a fake “your account has been locked” link, thinking it’s real.

The bad news is that no one is unhackable. The good news is that you can still safely browse online without worrying about losing all your data.

Taking a few steps to secure your online accounts won’t take much time out of your day, but it can be a lifesaver if you’re ever the target of a scam or a cyberattack. There are many ways to stay safe online, but we’ve gathered some of the most practical, easy-to-follow methods you can get started with.

Turn on Two-Factor Authentication (Everywhere)

Passwords get leaked all the time. From social networks to small forums, and even services you forgot you signed up for. Two-factor authentication (2FA) is the safety net that prevents someone from logging in with a password they found after your credentials were leaked online. Even if a hacker has your password, they can’t access your account without that second code.

Cyber attackers have gotten really good at credential stuffing (trying your email + old password on dozens of sites) and at phishing for 2FA codes using AI-generated emails that look legit. That’s why you should enable 2FA on all your most important accounts, including your email, Apple Account, social media profiles, and your bank accounts.

Most platforms will walk you through enabling 2FA to secure your account. We recommend you start by securing your email and work your way to your other essential platforms.

A word of caution: When setting up 2FA, you’ll be shown a set of backup codes. Ensure you save these backup codes, as they’re the easiest (and often the only) way to get back into your account if you lose your 2FA device.

It’s Time to Use Strong Passwords

They say that a chain is as strong as its weakest link, which means it doesn’t matter how much security Meta or Apple implements on your account if your password is “password.”

Using a strong, alphanumeric password with some unique characters is a must in this day and age. In fact, some platforms won’t even let you use weak passwords like “123456” anymore, so you need to come up with a strong password that only you would know.

Instead of using things like birthdays or anniversaries, use random letters, words, and numbers. Something like “d32%x0s%9” will be a pain to remember, but it will also be harder to crack than “december25.”

You also don’t need to try coming up with these random passwords yourself — let your computer do it…

Start Using a Password Manager

Reusing passwords is still the number one way people’s accounts get hacked. A password manager fixes that by creating long, unique passwords for every single site and remembering them for you. That way, if any website gets breached, the attacker can’t reuse that password on your PayPal or Venmo accounts.

Apple users already have a good option with the new Apple Passwords app, but tools like 1Password and Bitwarden make it easier to manage your passwords, share them with family, and store 2FA codes in the same place.

Start Changing Your Reused Passwords

Even if you start using a password manager today, you still have a history of reused passwords. Most password managers have a feature that will tell you which sites are using the same password or which ones are weak. Some will even tell you if your password has been compromised and suggest that you change it.

If your password manager doesn’t have a feature like that, you’ll need to do it manually. Start with accounts that have your money or identity attached to them, like your bank account, Apple ID, or email. Then, continue with less critical accounts.

The goal is to have a unique password on all your online accounts. It sounds tough, but it’ll be worth it.

Choose App-Based Codes Over SMS Codes

Text-message codes are still widely used because they’re easier to work with, but they’re not the safest. If someone takes over your phone number, they can get your codes.

App-based codes live on your device and aren’t tied to your carrier. Instead of a text message, you’ll get a notification on your device letting you know someone is trying to access your account. If you have an iPhone, you’ll still need to use Face ID or your passcode to let people into your account, which gives you even more security.

Turn on Passkeys Wherever You Can

Passkeys are the future, and Apple, Google, and Microsoft have been pushing them hard for a good reason: they work.

Instead of passwords, platforms use passkeys to let you log in to your account using Face ID or a fingerprint sensor. They’re also built to be phishing-resistant, because your device won’t hand over a passkey to a fake website.

So if you see “Use a passkey” on Google, PayPal, eBay, or even some banking sites, say yes. Next time you try to log in, the platform will ask for your Face ID or fingerprint to let you in. It’s faster and safer.

Split Your Email Addresses

Using the same public email for everything (social media, bank accounts, newsletters, random app websites) is convenient, but it means any phisher who knows that address can target your essential accounts.

A simple fix is to create different email addresses for different purposes. For instance, you can create an address for social media, one for financial-related stuff, and another one for personal use. If you’re an iCloud+ subscriber, you can use Hide My Email to create as many alternative addresses as you like that forward to your main address, and other services like Fastmail offer similar features.

If you really want to split things up, you can go with entirely separate email accounts. That may seem like a lot of work (because it is), but it will ensure that if one of your email accounts gets hacked, the bad actor won’t be able to mess around with all your online accounts. Still, it’s probably easier to ensure your main email address is as secure as possible.

Protect your phone number from SIM Swaps

Because SMS is still the default 2FA and account recovery method, your phone number is an attractive target.