The main problem is that if, for example, a group of hackers manages, as has actually happened several times, to steal and make public the passwords of millions of accounts: if we use the same password on multiple sites, it is very easy to access even the most popular sites. important, compromising the security of all accounts in which we are registered.
Such a mistake of naivety, which practically nullifies any effort made to protect accounts and online security, only because on the other side of the world someone managed, maybe even two years ago, to violate information on a site that we use once a year or that we have used only once.
In this article, we are going to find out the effective methods for protecting website accounts not only to make at least very difficult and discouraging even for the best of hackers the possibility of being able to violate it but also to avoid a possible security incident to a single site could compromise the security of information in that and also in others account.
READ ALSO -> Google account: notification on mobile in case of suspicious logins
1) Close accounts not in use
The first online security threat comes from unused and forgotten accounts. It is very important therefore close accounts registered on unused sites so that the information entered is not in the public domain and because username and password could be “tested” by hackers to access our main accounts.
The danger is even greater in the case of accounts on very small sites now abandoned even by those who manage because they can be hacked easily.
2) Add two-factor verification
Almost all the most important accounts today allow you to activate the two-factor authentication (also called Two Way Authentication o Two-step verification) which protects the account with a one-time password (with timed expiration) to be entered after the access password.
This one-time code or password can be generated by an application on the phone (such as Microsoft Authenticator) or we can receive it as an SMS; thanks to this code, even if someone finds our password, they will still not be able to access our account if they do not have physical access to our smartphone or to the messages we receive via SMS.
To learn more, we recommend that you read our guide on how to activate two-step verification on Google, Apple, Facebook, Microsoft, and other sites.
3) Protect password reset
The trick of finding a password and asking to reset it for an account is one of the most used. For example, many do not pay attention to the configuration of the security question, whose answer goes to reveal the password if it has been forgotten. If the answer is easy to guess, then our account becomes easy prey for anyone, even for any smart friends.
It is therefore worth going to check the security settings of each web account and check the password recovery mode possibly canceling the restore via personal questions, or possibly using a restore via SMS, email, or authentication code.
4) Check the login activity on the account
On some sites (such as Facebook and Gmail) you can check the last accesses to verify that there is no strange or suspicious activity from strangers or that cannot come from us. It is worth checking this information regularly, so as to discover any unauthorized access (which we can immediately close).
To learn more we can read our guides on how to check your Facebook security settings and how to check Google and Gmail account security settings.
5) Delete external accounts or app connections
This is also a protection measure for accounts such as those of Facebook and Google, which can be used to access other sites and applications. From the security settings pages, you can check these connections and block those you no longer use.
We try to use the most important accounts (Google, Apple, Facebook, Twitter and Amazon) only on official sites, avoiding using them for quick access on other sites (with quick access via third-party accounts).
6) Never use the same password
If you always use the same password on all websites, it is enough for one of them to be hacked or hacked that our password becomes public. To stay protected, it is, therefore, necessary to always use different passwords in each individual web account.
Obviously, it can become difficult to remember all these passwords also considering that these must be difficult for anyone to understand and that they are not dictionary words and therefore there are two strategies: use a criterion, or use a password manager.
As for the password manager, we can use a free and offline program like KeePass or an encrypted cloud service such as Bitwardenwhich can be integrated on any device and on any browser.
Still on the subject of passwords, we can read our guides on how manage web account passwords and how choose passwords that are impossible to discover.
7) Change passwords regularly
If we have a password manager we can solve another big problem, namely that of having to change the password periodically. With KeePass or with Bitwarden we can generate pseudorandom passwords that the manager will memorize, so as to be able to change passwords regularly once a year (or every 6 months if we have already suffered cyber attacks on the accounts).
Alternatively, we can use the random password generator built into Google Chrome so you can use the same Google account to save your passwords.
8) Keep programs, systems and apps up to date
While that may not be enough, the foundation of online security today is the use of non-vulnerable programs against known bugs. It is therefore always necessary to check that the PC or mobile phone is updated with the latest version of the operating system in use, that the apps are up to date and that the web browser is always the latest version available.
To update the various systems, we refer you to the guides on how update Windows come update a Mac come update android and how update an iPhone; to update programs and apps, we recommend that you read the guides on how update Android apps regularly and manually and how download Updates of programs, apps and software installed on your PC.
9) Never trust anyone
Every strange Email, every message received on WhatsApp or on social apps that don’t seem natural and every offer too good to be true, even if it comes from a friend or a trusted contact, it’s almost certainly a scam or phishing attempt.
Although it may seem strange, it is better to avoid any kind of message that is too good or promising: better to live with the remorse of having rejected something indispensable (which is obviously fake) than to spend time changing passwords, recovering accounts and lost money.
10) Use antivirus and security programs
Antivirus is the basis of every computer security system and even if it is not enough, it is still indispensable. On Windows 10 and Windows 11 we have a good integrated antivirus, but we can enhance it using malware security programs.
Even on Android we risk catching dangerous viruses; if we are at risk we can install a good antivirus for android so as to block all types of threats.
11) Use a secret e-mail address
Knowing a person’s email address means you are already halfway to discovering the login credentials in a web account. If, on the other hand, we use an email address only for the registration of accounts on the internet and we keep it secret, in the sense that we do not use it to send and receive messages, it makes everything more secure.
To learn more we can read our guide on create secondary email addresses.
12) Keep your phone safe
Modern smartphones are the devices in which to receive recovery or access codes for authentication on websites (see point 2), so they must be kept very carefully. Obviously it is important to set up a screen lock with an effective code and also a location or anti-theft system.
In this regard, we invite you to read our guides on how to add fingerprint on android and how locate the mobile at home or if lost.
13) Install a VPN
For those accessing the Internet using a public hotspot or free Wi-Fi, it is important to use a VPN in order to hide the data sent, including passwords, even from the network operator who may be spying on everything we do.
On this topic we can read our guide to Best free VPN services for safe and free surfing.
14) Other useful tips
Other useful tips to avoid the hacked account are:
- Let’s add a Microsoft account on any computer you use and we use Windows Hello to secure access by fingerprint or face unlock.
- Never share a web account with someone and, above all, never send passwords via messages or email.
- We do not save codes and PINs in chat or in the address book.
- Log out of web accounts after use.
- We use the guest account on a computer to log in random people.
We also follow these simple tips to significantly increase the security of all the accounts we use.
We cannot get 100% protection against cyber attacks, especially if a hacker attacks us. But we can avoid giving away personal information, codes and passwords through fake messages, through old and abandoned accounts and poorly protected accounts. Better to always be one step ahead and prevent any possible security flaw than having to subsequently intervene to restore the damage caused by a hacker.
To learn more we can read our guides on how surf the internet safely online and how protect your PC from viruses on the internet.