Last updated May 2024
Most people use the same password for multiple accounts. Bad idea. If criminals steal your password from one company, they can use it to hack into your other accounts.
“It’s like having the same key to start your car, unlock your house, open your safe deposit box, and lock your desk at work,” said cyber security expert Adam Levin, author of the book Swiped.
Here are better ways to protect your online accounts from hackers.
Use Multi-Factor Authentication
You should use a strong and unique password for each of your financial accounts (see below). But because even the best password can be compromised (or stolen during a data breach), sign up for multi-factor authentication (MFA).
MFA means that to log into an account, you’ll enter both a password and use at least one other identifying factor (fingerprint, facial recognition, or entering a code from a text, email, or authentication app). It’s not foolproof, but MFA can stop most hackers from using stolen passwords.
Get Smart About Passwords
At the very least create unique passwords for your most sensitive accounts, such as bank, credit card, investment, government benefits, and social media. They should be long (at least 10 to 12 characters—longer is better) and strong (include random numbers, uppercase and lowercase letters, and special symbols). Avoid common phrases such as LetMeIn, ILoveYou, or LukeIAmYourFather. Don’t use song lyrics, or names of pets or sports teams.
A better option is to use a password manager, which will automatically generate strong passwords and store them in an encrypted digital vault that can be accessed only with the master password you create.
Consumer Reports regularly evaluates password management apps. It currently recommends 1Password Families (from $60/year), Dashlane Premium (from $60/year), Keeper Unlimited (from $34.99/year), and Keeper Free Version.
Your phone, tablet, and computer probably already have password managers. Apple’s embedded password manager is called FileVault. Most internet browsers also employ them, with options to sync passwords across multiple devices. While these features are convenient, they’re not as robust as a dedicated password management program. Even so, “any tool that encourages you to use unique passwords, and hopefully complex ones, is a win,” said Chester Wisniewski, director and global field CTO at IT security company Sophos. “If you decide to use the password storage feature on Firefox, be sure to set a ‘master password’ to ensure the passwords will be stored safely.”
Especially Guard Investment and Retirement Accounts
By law, you are largely protected from fraudulent activity on credit card, checking, and savings accounts. If a crook obtains your credit card number and goes on a shopping spree, or steals money from your checking account, you usually won’t be responsible for those losses.
But investment and retirement accounts don’t automatically get regulatory protection from fraud losses, leaving your life savings exposed and vulnerable. And, unfortunately, if theft occurs many investment companies have absurd requirements their customers must meet to qualify for reimbursement.
A few years ago, Consumers’ Checkbook reviewed the websites of nine major investment firms and found two lacked specifics about any policies that might protect their customers from theft. Meanwhile, companies that explicitly offer such coverage often have dozens of requirements to qualify for reimbursement if there’s a problem. You might, for example, have to log in to your account at least once per month, enable MFA, and report theft within a few days. And many investment companies won’t reimburse victims who unwittingly provided their log-in information during phishing attacks or over the phone to con artists.
Enable MFA for these accounts and use your password manager to create and use strong unique passwords for them. Check account activity regularly, and immediately report possible theft or fraud. And check your mail and email often for alerts about potentially suspicious activity.
Contributing editor Herb Weisbaum (“The ConsumerMan”) is an Emmy award-winning broadcaster and one of America's top consumer experts. He has been protecting consumers for more than 40 years, having covered the consumer beat for CBS News, The Today Show, and NBCNews.com. You can also find him on Facebook, Twitter, and at ConsumerMan.com.