How to Secure Your Online Accounts

In This Article

• Preventative measures

• Text and email alerts

• Password protocols

• Social media smarts

• Don't forget about your phone

• And be careful with WiFi

online accounts

(No time to read right now? Just want to see the list of things to know? Here you go.)


Your online existence is scattered all over the Internet, probably in places you've forgotten about. That creates some potential problems…

Social engineering is when hackers use publicly-available information to manipulate people into performing actions or divulging confidential information.Your personal info can be found by hackers and used for social engineering.

And if your username and password are leaked after a data breach at one site, hackers will try them at other sites (and just might be able to log into your accounts).

Luckily, we'll show you some things you can do to secure your online accounts and minimize the risk that you'll become a victim.

Account Activity

  First, close all online accounts you're no longer using, whether they're for credit cards or bank accounts you don't have anymore, social media you don't use, or eCommerce sites you haven't bought anything from in a long time.

  Second, periodically check the activity in the accounts you still use to make sure there's nothing you don't recognize, such as a login from a strange location. Every site puts account activity logs in a different place, but here they are for Facebook and Google.

  Third, set up alerts (if available) to notify you via text message or email when there's a login (or even a login attempt). If someone is trying to login without permission, you'll know it right away.

  Fourth, revoke authorizations for devices (computers, laptops, phones, etc.) you don't use anymore. Sometimes sites will let you tag a device as "trusted" and not require additional access security. But if you've done this for devices that you no longer have, you can “un-tag” them and close up a potential security gap

Financial Accounts

Obviously, your online financial accounts are juicy targets for hackers. Unfortunately, even the biggest institutions sometimes have vulnerabilities that hackers become aware of and exploit.

While you can't do much about the computer server security used by these companies, you can do something to protect yourself.

The best thing to do is to sign up for email and/or text message alerts from your bank, credit card, and other financial accounts.

These can warn you if, for example, there's a large expenditure, a wire transfer attempt, or a failed login or password change attempt.

If you get such an alert, immediately call the financial institution and talk to their security and/or fraud team.

Passwords and Logging In

Your passwords are the primary way to secure your online accounts, so using them correctly is critically important.

Here are some things security experts recommend regarding passwords:

      Always use “strong passwords” (See this article).

       Never use the same password on more than one site.

      Update your passwords periodically (especially on financial-related sites).

      Use a password manager (This article explains password managers)

      When you create new passwords, make future resets harder for hackers.

  Use good answers (or fake ones you can remember) to security questions (your mother's maiden name, the street you grew up on, and your high school mascot are easily discovered by hackers, but not if you make up fake versions!).

  If a site can be configured to require additional information for password resets, such as a recent transaction amount, enable that feature.

      If available, use two-factor authentication or multi-factor authentication.

  These features require you to provide a code sent via text message or email, in addition to your username and password.

  Yes, it's an extra step and can be annoying, but it's also an extra step and annoying for the hackers, who will likely move on to someone without 2FA / MFA enabled.

       Don't use the “sign in with” feature (offered by Google, Facebook, etc.).

  This feature is easier and faster, but you're letting a 3rd party company (Google, Facebook, etc.) manage your username and password instead of the site where it's actually used. Just log in directly at the site.

      Always log out of a website when you're done.

Social Media

It's fine to use social media, but please do it safely. Facebook is used by about half the world's population and is therefore a huge target for hackers.

  Sometimes, Facebook's attempts to protect people causes them to get locked out of their accounts. To make it easier to get back in, you can set up “trusted contacts”. To do that, go here and then to “Security”. Then scroll down to “Setting Up Extra Security” and edit “Choose 3 to 5 friends…”

  When you set up social media accounts, it's safer to use a separate “secret” email address that doesn't include your name or other identifiable information. (You can easily set up additional email addresses with Gmail, Outlook, Yahoo, and others.)

The reason to not use your normal email address is that it's easy for hackers to figure out what that is. Then they only have to crack your password to get into your account. Instead, if you use a “secret” email address, you make it a lot harder for the hackers.

  Sometimes apps we use on our phones or computers ask to connect to our social media accounts. In many cases, that's safe to do and provides some nice features.

But every 3rd party connection to our social media accounts is another potential vulnerability. So it's safer to remove the ones you don't use anymore. To do this on some popular sites, check out these links:

  Facebook        Google        Twitter

  Finally, be aware that social media accounts are like a giant supermarket for hackers. There is a lot of information there for them to just pick up and take advantage of.

Make sure your “sharing circle” is relatively small. On Facebook, for example, that means only sharing things with “friends” rather than the “public”.

And for all social media sites, it's best to not share anything that could help a hacker pretend to be you while resetting a password on one of your online accounts.

Avoid publishing things like the town you're from, the high school you went to (and its mascot), the year you graduated, and other things you might be using as answers to password reset security questions.


How much personal info do you have on your phone? How would you feel if you lost your phone, a hacker found it, and he starting looking through everything?

The best way to prevent the feeling of panic you'd probably have is to set up the “find my phone” feature.

And if you ever do lose your phone, know how to erase its contents remotely. To learn how to do these things, please see these web pages:

  iOS        Android

It's also important to have a good PIN / password on your phone and to set it to automatically lock after a few minutes of inactivity.

Don't use codes like “1111” or your birthday.

Those are the first things a hacker will try. Instead, come up with something easy to remember but unlikely for a hacker to figure out. For example, it could be the birth months of you and your parents, such as “010402”.

Software Updates

An easy way to help protect your online accounts is to keep your operating system (Windows, macOS, etc.) and your software applications (including your web browser) up to date.

You probably get a lot of notifications about “available updates” and, like many people, ignore them.

  But these updates are critically important.

Sometimes they just include new features that you may or may not care about. A lot of the time, though, they include fixes to security problems that have been discovered.

In some cases, the problem was never taken advantage of by hackers. But in other cases, they are “known secrets” in the hacker community and actively being exploited.

So even if there's no obvious benefit to software updates, you're generally safer in doing them than in holding off.

Phishing Email

A common way online accounts get compromised is via a phishing email. This is when you get an email (maybe from, your bank, or other company you do business with) that looks legitimate and asks you to log in to check something.

Unfortunately, the hackers know how to create fake emails that fool even the smartest people. And that login link may take you to a page that also looks legit.

But you're actually giving your username and password to the hacker. And sometimes, the hacker will even pass that info to the real site, where you get logged in, and have no idea your info was stolen along the way.

The best way to avoid becoming the victim of a phishing email, and keeping your online accounts safe, is to “trust no one” and be very careful with any email that asks you to click something.

Links in email can look correct but actually take you somewhere else. It's always safer to open a new web browser window and manually enter the web address of the site in question.

A related trick to watch out for is a fake tech support scam that can fool you into logging into something that steals your online account credentials.

WiFi and Connecting to the Internet

Outside of corporate environments, most of us connect to the Internet using WiFi, which is a wireless network connection method. Because there are no visible wires, it's easier for hackers to intrude, capture sensitive information, and get access to your online accounts.

They do this by setting up rogue WiFi “hotspots” that actually do connect you to the Internet but use a “man in the middle” attack where they sit in the middle of your computer's "conversation" and capture everything (including usernames, passwords, credit card numbers, etc.).

  We wrote an article about how to protect yourself on public WiFi.

Another way to protect your online accounts is to use a Virtual Private Network (VPN). This is software than runs on your computer or phone.

It helps hide your location and it scrambles your data in a way that the site you're connecting to can understand it but a “man in the middle” (see above) cannot.

  We're preparing a detailed article to help you decide which VPN is best for you, so check back later (or sign up for our free newsletter to be notified when the article is ready.)


We now have a lot of personal and sensitive information stored online. So it's really important to protect it as best as we can, just like we want to have secure doors and windows in our house.

This article provided several ways you can do that. It's a little bit up work up front, but will be well worth the time because your online accounts will be more secure.


If you have any questions about anything here or if there's an issue related to online account security you'd like us to talk about please get in touch.

Want More Info Like This?

Get our Free Newsletter