Select Page
This post may contain affiliate links, which means I’ll receive a commission if you purchase through my links, at no extra cost to you. Please read my disclosure for more info.


You may think that improving the security of your private information online may take too much effort, but there are simple steps that will help tremendously. If you haven’t taken the time to protect your online activity, the following suggestions are a good place to start.

1. Unique Strong Passwords

If you are using weak passwords containing common words or personal information such as your dog’s name and your birthday, and then you’re using that same password for every account you have.. please stop! Change each one of your passwords to a strong, unique one and never use the same password for more than one account. If someone gets one of your passwords, they will not succeed in gaining access to your accounts by trying those same login credentials  on other popular sites such as banks or social media.

I get it. Managing dozens, or even hundreds, of different passwords is difficult. The more passwords you have, the more you will need a way to securely keep track of them all.

Luckily, a password manager app such as Bitwarden or 1Password will manage all of them for you. A good password manager will generate a strong password and store your login credentials for each of your online accounts in a secure vault. The only password you will need to remember is the one to log into Bitwarden or password manager of your choice.


2. Two Factor Authentication (2FA)

Two factor authentication is a process that requires a second form of authentication before access to your account is given. After entering the correct username and password, you are then required to provide a second form of authentication, such as a code sent to your phone via SMS, sent to your email, or one that is generated by an authentication app. It can also be one that uses a biometric factor like a fingerprint or face recognition, or a physical security key. While it is not foolproof, using 2FA does add another layer of security, making it more difficult to gain access to your accounts.

2FA codes sent via both SMS and email can be more easily intercepted than other options, as they are generated elsewhere and then sent to you electronically. I recommend methods that generate this authentication in a device in your possession, such as an authenticator app like Authy or Microsoft Authenticator. You install one of these apps on your phone, go through the process of turning on 2FA in each account, and will it have a time sensitive code ready when you need to use it. I also recommend using a 2FA device that is separate from your password manager, even though some do offer both services.


3. VPN Service

Use a VPN (Virtual Private Network) on all devices that use Wi-Fi outside of your home. Any data that is sent from your device can possibly be read by either the Wi-Fi owner or other people using that Wi-Fi connection. Texts, passwords, documents and any other information that is being transmitted over the Wi-Fi connection are at risk.

To ensure that data sent to and from your device is secure, the VPN will encrypt all data and it will be unreadable by anyone trying to snoop on your activity.


4. Email Security

Vulnerabilities are so often introduced by you clicking on links or opening attachments received in your email. When choosing to follow a link or open a file, be sure it is legitimate. If you’re unsure of a link, go directly to the website of who you believe is the sender, rather than clicking on a link in the email.
If you’re unsure of an attachment, or not expecting one, just don’t open it. Also have Virus Scan software installed which should alert you when something appears sketchy.

Another good practice is to have multiple email addresses, one for your financial accounts, one for social media, another for friends and family, and maybe another for retail or newsletters. For example, when you get an email that appears to be from your bank but was sent to your newsletter address (which your bank doesn’t have), you know it’s not valid. If you have your own domain name, and don’t want multiple addresses to have to log into, set up aliases that will send to one email account and then you can at least see the address that the sender was emailing.


5. Device Updates

Be vigilant in updating the operating systems on your computer, phone, and any other device you use online. Also, keep your apps up to date so when any bugs or vulnerabilities are found and fixed, you have the most recent and secure version.