A lot of important data in your life is at the mercy of how companies implement their login security, which is often not well. This is on top of the unfortunate fact that your personal information is likely already leaked and on the dark web. So what are some things that you as a user can do to protect yourself?

 

1. Use a password manager

There are lots of good and trustworthy options out there; read some reviews, pick one that you like, and become an expert at using it. Generate a different password for each online account you have. 12 characters is the absolute minimum length they should be (along with a mix of upper/lower-case letters and numbers), but more is ideal. Most password managers also include a "Notes" area where you can store things like account numbers and one-time recovery codes. If you're worried about forgetting your master password, write it down on a physical piece of paper and file it away with your other important documents.

It will be frustrating at first, but once you get into the habit, you'll find that using a password manager actually saves you loads of time and effort (on top of protecting you).

2. Set up multi-factor authentication whenever possible

A good rule of thumb is: an authenticator app is better than email, which is better than SMS, which is better than security questions. However, anything is much better than nothing. If a website lets you generate one-time recovery codes, write those down in your password manager.

(Hardware keys are even better, but probably more trouble than they're worth for most applications unless you're dealing with large sums of money or very sensitive data.)

3. Treat security questions like passwords

If a website uses security questions, you shouldn't actually use real information for your answers, which can be learned or guessed. Since you're using a password manager, just generate and store random strings for these too. An attacker will never guess that your mother's maiden name is "6qu1hCaxFvMB".

4. Freeze your credit

It sounds extreme but it's really not. Sign up for Equifax, Experian, and TransUnion accounts and set a security freeze on all of them. They might try to confuse you by offering a paid subscription that includes "credit security" or something like that, but by law freezing your credit has to be free. This prevents anyone from taking out a loan or opening a credit card in your name, which are major catalysts for identity theft. The only downside is that you need to remember to lift the freezes when you take out a loan or open a new credit card, but this just takes a few extra minutes.

5. Set notifications for financial transactions

As you may have experienced before, it's only a matter of time before one of your debit or credit card numbers gets swiped and is used for a spending spree. No matter how well you protect your physical and virtual wallets, thieves have many ways of getting this information. Set up your bank and credit card apps to send you an alert every time a transaction is made with one of your cards. This will help you take action as soon as possible if a fraudulent transaction is made.