Go Long and Complicated

“Password123” may be easy to remember, but it’s a disaster when it comes to security. Hackers like to go for the low-hanging fruit and try the obvious options first.

And despite years of warnings from security experts, “password,” or a slightly modified version of it, remains one of the most common passwords out there.

Ideally, a password should be composed of a long string of characters. Think of at least a dozen. Try stringing them together using an easy-to-remember phrase: Thequickbrownfoxjumpsoverthelazydog. (Though it’s better to choose a phrase only you know.)

Don’t Recycle

Even tech minimalists have myriad passwords to remember these days, for everything from bank accounts to Pinterest. But resist the temptation to reuse passwords on multiple accounts. You could fall victim to a credential-stuffing attack.

Billions of stolen passwords are archived in online databases, where they’re bought and sold by cybercriminals who feed them to botnets in hopes of cracking into accounts. 

So if the log-in credentials for your favorite blog are swiped, it could threaten your online banking account when you use the same email and password for both.

Always Use 2FA

Two-factor authentication (2FA)—which requires you to, say, enter a multidigit code texted to a smartphone to log in to an account—has become a must.

Also called multifactor authentication, 2FA makes it a lot harder for hackers to access your account, even if they have the password.

It’s standard practice in business, and services such as Facebook, Google, and online banking sites offer it as an option, but you frequently have to turn it on. Yes, this will slow you down a bit, but 2FA is often enough to make hackers look for another target.

Don’t Be Too Social

Be careful what you share and who you share it with.

This lesson was driven home in recent years by the revelation that about 87 million Facebook users had their profile information and “likes” harvested—without permission—by researchers using a third-party quiz app. 

If you’re going to post personal details about yourself or your family, make sure your accounts are locked down, and change your privacy settings to restrict your posts to real-life “friends.” Consumer Reports shared tips for protecting your kids’ personal information in a previous article, but here’s the short version: The entire world doesn’t need to know where they go to school and when they celebrate their birthday.

And keep in mind that even if you think you have your account locked down, nothing shared on social media is ever truly private. So think before you trade your privacy to play a Facebook game or take part in a what looks like a harmless quiz.

Passwords & Firmware 101

Online privacy and security are major issues facing a lot of people today. On the “Consumer 101” TV show, Consumer Reports expert Maria Rerecich explains why it’s not just phones and computers that people should be concerned about.