Secure your account

How to protect your personal information

On this page

Why secure your account

Your personal information is collected, shared, and sold to thousands of businesses. Data brokers also collect and sell large amounts of information about you. Scammers can use the information they find about you to gain access to your accounts. 

There are several ways hackers, scammers, and other bad actors can gain access to your accounts, including: 

Even if you use a strong password, it may not be enough. When a business you interact with gets hacked, your username and password can be exposed in a data breach. 

If you reuse passwords, hackers can try it on your other accounts – email, shopping, banking, and more. One reused password could unlock your entire digital life. 

Hackers can use the personal information they have found or bought about you to trick you into giving them access to your accounts. In a phish, scammers send a fake email, text, or website and use details they know about you to make their scam seem real. Another way they can use your personal information is to answer common security questions (e.g., What is your pet’s name? What is your birthday? What is your maiden name?) and reset your passwords.  

Email and password tips

Set strong, unique passwords

You can use a passphrase – a set of words that is longer and easier to remember than a password. For example, a passphrase could be a sentence with or without spaces, or even random words. If you can’t use a passphrase, you can use longer passwords with a combination of upper and lowercase letters, numbers, and symbols. Do not reuse passphrases or passwords. If leaked, attackers can try to use that same info to gain access to your other accounts. 

Use a password manager

Memorizing all of your unique login details can be a challenge. Consult trusted reviewers who can recommend a password manager that will create and store passphrases in a “vault” with a master passphrase known only to you.  

Don’t share your account info

Keep your logins safe by not sharing them with others. Don’t write your login details down on notes or leave them in plain view.  

Use multifactor authentication (MFA)

Many websites and applications offer an extra layer of security called multifactor authentication, or MFA. MFA requires you to use more than one type of proof to log in to an account.  

Types of MFA 

There are three types of multi-factor authentication: 

A password, pin, or phrase you have memorized or written down.

An app, time-based or QR code. You can also use a phone number, but it’s less secure than other options.  

A scan of your face or fingerprint.

MFA usually combines two of these. With MFA, even if someone has your password, they still can’t get into your account without a second step that proves it’s really you. 

Here’s how to enable MFA:

      1. Login and find MFA in your settings

        Go to the account you want to protect. In Settings, look for Security, Privacy, or Login Options. Find Multifactor Authentication, Two-Step Verification, or Two-Factor Authentication.

      2. Choose your second verification method

        Common MFA options include a code sent to your phone or email, an app that provides a time-based code, or a fingerprint or facial scan. 

      3. Finish setting up MFA

        Follow the instructions for the method you have chosen. For example, you may be asked to verify your phone number, email, or scan a QR code on an app. Remember to save any backup codes you are given. They can help you get back into your account if you lose access to your device. 

lightbulb

Want to learn more?

Read this related article on the CPPA Blog: