Guide to Securing Your Online Accounts

Have you been pwned?

Thanks to security expert Troy Hunt and his website Have I Been Pwned, you can easily check if any accounts associated with your email have been exposed in known data breaches.

Passwords

If you found any compromised accounts using the first step, immediately change the passwords of those accounts.

2 Factor Authentication

The next step to securing your accounts is to utilize 2 factor authentication — an extra layer of security beyond your username and password. 2FA methods include text message or phone call, email, authenticator apps, and hardware security keys.

A photo of my YubiKey 5 NFC

Protecting Your Email

Securing your email is extremely important since gaining access to your email would effectively give access to all associated accounts via password resets. If you are using gmail, I highly recommend you use your 2 hardware security keys from earlier to join Google’s advanced protection program. Now, gaining access to your email would require your hardware security key making it virtually impossible for anyone but you to access your account. The drawback is that if you lose both keys, you will be locked out of your gmail for a few days until Google can verify the account belongs to you. I encourage you to setup the best 2FA option your email service provider offers.

Financial Information

If you have used credit before the Equifax breach, your SSN and personal information is likely out there somewhere. You can check if you were impacted by the Equifax breach by following the instructions here on the FTC gov website. If you have no immediate plans to use your credit, you should freeze your credit with the 3 major credit bureaus (Equifax, Experian, and Transunion) to help protect yourself from identity theft. If you need to use your credit after freezing, you can unfreeze it just as easily.

General Device Security

For your mobile device, ensure you have setup authentication (face ID, fingerprint, passcode, pattern, etc) for device access and for each of your financial / sensitive applications. You should also only install applications from trusted sources.

Summary

  1. Check if you have been pwned and setup notifications with HaveIBeenPwned.
  2. Get a pair of hardware security keys (the extra will be a backup).
  3. Create a private email address for financial/sensitive purposes. Setup the advanced protection program if you are using gmail.
  4. Setup a password manager such as Bitwarden. Setup your hardware security keys as 2FA if you can get Bitwarden premium or if your password manager allows it.
  5. Use the password manager to generate and store new passwords for all of your accounts except your emails, computer password, and password manager itself.
  6. Setup your private email address with any financial/sensitive accounts (banks, brokerages, credit bureaus, password managers, etc).
  7. Turn on 2FA wherever possible, preferably using hardware security keys. Consider adding login alerts as well.
  8. Turn on notification alerts for any credit card or bank transactions, as well as credit changes.
  9. Ensure your mobile device and financial apps have some form of authentication for increased security.
  10. Consider freezing your credit to help protect yourself from identity theft.
  11. Use anti-virus and keep your software up to date.
  12. Learn to avoid phishing.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abraham Yepremian

Abraham Yepremian

Software Engineer / Tech Entrepreneur with interests in full stack development, web3 technology, software scalability, fitness, and finance — abeyep.com