The best way to keep your online account secure is by using strong, unique passwords. That means that your password has to be complex enough that it’s hard to crack. You should also use a different password for each account in case one gets compromised. An easy way to memorize complex passphrases (which could be combinations of symbols and numbers and random letters) is to let a password manager do it for you.

You can apply for free accounts for you or your team from 1Password if you are a journalist or activist working on elections, pro-democracy efforts:

computer icons task or action checklist Download a password manager such as as 1Password (around $50) or LastPass (which includes a free option or a $12/year one). Start generating new, unique passwords for your credit cards, bank accounts, social media accounts, email, domain registrar, hosting provider, cell phone company, etc. Accounts that are linked to your bank account, such as ones you buy books or food from, should also be changed.  Changing passwords on all of your accounts can be time-consuming, but if you install a password manager, you can just change them as you use them. Make sure to save the new passwords to your password manager.

Password managers like 1Password can also be used as an authenticator app, allowing you to receive codes for any accounts that you have enabled two-step verification/two-factor authentication. 


In addition to changing your password for each site you use, you may want to change your recovery email address for them as well. Consider creating a separate email account for password recovery requests, so that if you are somehow hacked, you can see all of the password reset requests in this email account and have a checklist for what needs to be reset. Keep this account secret. (Remember that keeping the password for your recovery email account secure is paramount, since all other accounts use password reset emails as a verification mechanism.)

Check out more digital hygiene tips:

  1. Removing public data
  2. Privacy protection on domain names
  3. Https everywhere
  4. Anonymous “Tor” cloak or VPN
  5. Prepare for a DDos attack
  6. Two-step verification
  7. Privacy plug-ins/cookies
  8. Third-party permissions
  9. Image “hidden pixels”
  10. Links and attachments
  11. Install patches and updates
  12. Use a password manager/strong password
  13. Strengthen security questions
  14. Encrypt hard drive/backup data
  15. Click to play
  16. Use end-to-end encryption

Published by michelleferrier

Executive Director, Media Innovation Collaboratory; Founder, Troll-Busters.com | Online Pest Control for Women Writers and Journalists;

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: