We live our entire lives connected to the web, signed up for dozens of services using accounts. Many of those accounts are so critical, that it’s no exaggeration to say having them compromised could ruin your life, or at the very least be an expensive and inconvenient disaster.

The good news is that, although there’s no such thing as perfect security, there are several things you can do that makes it much less likely your services will be compromised.

Use a unique password for every account

Credit: Lucas Gouveia/How-To Geek | valiantsin suprunovich/Shutterstock

I know it’s hard to remember a bunch of passwords, but a cardinal sin of cybersecurity is to use the same password for multiple accounts. Why? Because this makes your password as safe as the service provider with the worst data breach protection. Hackers know people like to do this, so if they manage to breach a soft target, they’ll check major accounts like Gmail or your bank to see if you used the same password to log into those services.

Also, don’t just use the same password slightly remixed, since that is basically giving hackers the easiest dictionary attack on a silver platter.

Let a password manager handle the hard part

Credit: Justin Duino / How-To Geek

If you have lots of accounts, it makes sense to use a good password manager. With the right software, you can generate, manage, and change your passwords with very little effort on your end. Many browsers have built-in password managers for free, though some cybersecurity experts advise against using a browser password manager for fears of insecurities in the browser itself.

Turn on two-factor authentication (2FA) everywhere you can

A password alone, no matter how secure, just isn’t enough to keep your accounts safe. Two-factor authentication makes it so you need two different “keys” before gaining access, and the two need to be unrelated. For example, a text message with a one-time PIN in addition to entering your password. It’s orders of magnitude harder for a hacker to compromise both your phone and password than just one or the other.

So if 2FA is offered on an account, it’s almost always better to make use of it.

Switch to passkeys when available

Credit: Lucas Gouveia / How-To Geek

Not all 2FAs are made equal, and so better additional factors have been developed to combat things like SIM-swap fraud. Passkeys are a great solution, because they make use of an on-device encryption key that requires physica possession of that specific device.

If you have the option to use passkeys, I recommend it, but then you need to have good security for that device. Consider using a passcode or password instead of biometrics, for example.

Keep your devices and software up to date

Credit: Lucas Gouveia/How-To Geek

Hackers use vulnerabilities discovered in hardware and software to gain access to information or to bypass security. When these exploits become known, the holes are usually patches before or soon after.

This doesn’t mean much if your device doesn’t have the latest security updates, and it’s a key reason you shouldn’t use devices that are no longer receiving security updates.

Watch for phishing and social engineering tricks

You should keep up with the latest phishing and social engineering tricks. Reading How-To Geek is a good start! In brief, *phishing *is a method where hackers try to fool you into handing over your password, because you think you’re giving it to the actual service. This is done through spoofed emails or text messages with links to fake websites.

Social *engineering *is broader, and includes phishing, but also includes all the methods of getting compliance from a human being. Like phoning you and pretending to be your boss or a representative of your bank.

Use a secure recovery setup

Credit: Google

The worst situation happens when someone gets access to your accounts and then locks you out of that account. This often happens with social media accounts, for example. Here the intruder may then change the associated email account or otherwise prevent recovery.

So if a service offers recovery or backup methods, be sure to set them up as soon as possible. Store them somewhere safe and offline, such as on paper in a safe. This way, if the worst does happen, you can provide absolute proof you are the rightful account owner.

Regularly review and clean up your accounts

If you’re using a password manager or something like Google Chrome’s security checkup, you can see of your passwords have been in a data breach. Take it seriously if accounts come up in those lists.

---

Delete accounts that you don’t use anymore, and change compromised passwords in each service. Periodic reviews are important, and you should change your most important account passwords every few months whether they’ve been listed in a breach or not. After all, those breaches are just the ones we know about!