The best way to keep your online account secure is by using strong, unique passwords. That means that your password has to be complex enough that it’s hard to crack. You should also use a different password for each account in case one gets compromised. An easy way to memorize complex passphrases (which could be combinations of symbols and numbers and random letters) is to let a password manager do it for you.
You can apply for free accounts for you or your team from 1Password if you are a journalist or activist working on elections, pro-democracy efforts:
Download a password manager such as as 1Password (around $50) or LastPass (which includes a free option or a $12/year one). Start generating new, unique passwords for your credit cards, bank accounts, social media accounts, email, domain registrar, hosting provider, cell phone company, etc. Accounts that are linked to your bank account, such as ones you buy books or food from, should also be changed. Changing passwords on all of your accounts can be time-consuming, but if you install a password manager, you can just change them as you use them. Make sure to save the new passwords to your password manager.
Password managers like 1Password can also be used as an authenticator app, allowing you to receive codes for any accounts that you have enabled two-step verification/two-factor authentication.
In addition to changing your password for each site you use, you may want to change your recovery email address for them as well. Consider creating a separate email account for password recovery requests, so that if you are somehow hacked, you can see all of the password reset requests in this email account and have a checklist for what needs to be reset. Keep this account secret. (Remember that keeping the password for your recovery email account secure is paramount, since all other accounts use password reset emails as a verification mechanism.)
Check out more digital hygiene tips:
- Removing public data
- Privacy protection on domain names
- Https everywhere
- Anonymous “Tor” cloak or VPN
- Prepare for a DDos attack
- Two-step verification
- Privacy plug-ins/cookies
- Third-party permissions
- Image “hidden pixels”
- Links and attachments
- Install patches and updates
- Use a password manager/strong password
- Strengthen security questions
- Encrypt hard drive/backup data
- Click to play
- Use end-to-end encryption