Skip to content ↓

5 Things You Must Do To Protect Yourself Online

7 min read

A couple of years ago an unknown person hacked my GMail account. I had been lazy, I had used a low-quality, low-security password, and I paid the price. Within seconds the person had changed my password, locked me out, and deleted all my archived email. I tried everything I could to attract the attention of Google’s support team, but to no avail. It was only when I asked for help from my Twitter followers that I regained access to the account. In other words, if I didn’t have so many Twitter followers, I would have permanently lost my account.

This event and a hundred headlines convinced me of the need for better security. Recent news stories have once again shown the importance of properly securing accounts, apps and services behind best practices. Here are 5 steps you need to take to protect yourself online.

#1. Use Good Passwords

Surely you know by now that a bad password is, well, bad. You make a criminal’s life exponentially more difficult if you determine you will use stronger and better passwords. Of course it’s not always quite so simple, as there is endless debate over what constitutes a good password. But whatever camp you represent, a good password is one that protects your account and one that you can actually remember.

I think xkcd gets it roughly correct here, though. Find a password that is long but also easy to remember. Four random words strung together will protect your account better than a much shorter string of random numbers, letters and other characters; a mnemonic device of some description should help you remember those words. As he suggests in his comic, consider putting together a silly little story or scenario to help you retain it. You can use this random word generator to get you started. If you want to kick it to the next level, consider Jesse’s advice. (Also, make the first or last letter a capital since some sites require at least one upper-case character.)

So go ahead and make yourself a password and, for now, write it down on a piece of paper. We will get back to it in a minute.

#2. Use Unique Passwords

Creating one good password is a good start, but if you want to be ultra-secure should consider creating unique passwords for each of your important accounts. We can consider this an optional step if (and only if!) you are going to be sure to follow step #3 below.

If you want to be ultra-secure, here’s how to proceed. I’m sure you have a number of low-security accounts—they don’t have much personal information, they don’t have access to your credit card, and so on. For these accounts you can maintain a single password that spans all of them. But for each of your accounts that would really hurt to lose, you should consider a unique password. Otherwise, a criminal who gets that one password will have access to all of your accounts and, trust me, he’ll try. You probably have a lot of these accounts that really matter: email, Evernote, iCloud, Facebook, Twitter, Dropbox, banking, Paypal, and so on.

So go ahead—figure out the sites that need strong, unique passwords, and get to it. Create those passwords, write them on your piece of paper, and visit each site to change your account accordingly.

#3. Use Two-Factor Authentication

By now you have (hopefully) created unique and high-quality passwords for each of your important sites. Or, at the very least, you’ve got one great password that is protecting all of your accounts. Already you’ve gone a long way to protecting yourself online, but there is still some work to do. The next thing you’ll want to do is find which of your sites and applications support two-factor authentication. Two-factor authentication is a login system that requires a password plus another piece of information before you can access an account or change any of its information (hence the “two factors.”) The second piece of information is usually a code that will be generated by your mobile phone or sent to your mobile phone. You’ll find two-factor authentication supported by Google, Apple, Evernote, Dropbox, Facebook, Twitter, and most other major services. It will take a minute or two to set up each of them, but it is time well-invested. Once you have done this, a criminal not only needs your login name and password, but he also needs access to your cell phone (at least in theory).

#4. Use a Password Manager

OK, so now you’re all protected. But you’re still weak in one area—your passwords are complex and unprotected, just sitting there on that piece of paper. So let’s put those passwords in a vault. You can always put that paper in a safe place and return to it if and when you forget a password, but there is a better option: a password manager. There are many of them available. I recommend 1Password and have relied on it for many years, but you are free to check out others like Lastpass and Keepass. They all offer similar features, and what they do at heart is secure all of your passwords behind one master password. So go ahead and create one more password. Once you’ve done that, install your password management software and lock it with that password. Then take a few minutes to transfer all the passwords from your paper to your password manager. I will leave it to you to figure out what else these programs can do for you—like automate your logins and fill out forms. You may want to write down that master password and stick it somewhere you will remember but no one else will ever think to look (which does not include a Post-It note on your monitor).

So let’s see where we’ve come: You’ve created good passwords and updated all of your accounts with them. You’ve added two-factor authentication to all your most important accounts. You’ve stored all those passwords in a very safe place. Now just one thing remains, and you don’t even need to worry about it for a bit.

#5. Schedule An Audit

The last step is to occasionally do a password audit—to look for passwords that are known by other people, that are very old, or that are still very weak. If you use a password manager, it may have an auditing function that will do this for you. If you create good, unique passwords and treat them carefully, you should not need to change them more than every couple of years.

And that’s that. With so much of your life recorded and stored online, you will not regret taking a bit of extra time, and expending a bit of extra effort, in securing your accounts.

(One final note: Do not rely on security questions and answers to protect your account. If someone wants to know your mother’s maiden name, ten seconds at Facebook or Ancestry should find that information and more. When you encounter those questions, consider adding false answers and then recording those false answers in your password vault. Whatever you do, do not rely on them for your protection; they have proven themselves untrustworthy.)

Internet security image courtesy of Shutterstock.

Share
  • Expectations

    Why We Ask So Little of God

    Most Christians expect little from God, ask little, and therefore receive little, and are content with little. Though the Bible calls us to pray and though it promises that “the prayer of a righteous person has great power as it is working,” we can still have very modest expectations of what God will accomplish through…

    2 min read
  • A La Carte Collection cover image

    Weekend A La Carte (April 19)

    A La Carte: Why man needs God / Why nails matter / Kids’ picture books / MLK’s famous letter changed a DC church / How to mentor / A tearless eternity / and more.

    3 min read

  • Free Stuff Fridays (TGBC)

    This weeks Free Stuff Friday is sponsored by The Good Book Company. They are giving away a bundle of their best-selling Good Book Guides that are designed to guide your head and your heart through God’s word. Each Good Book Guide includes a concise leader’s guide in the back.  The Bundle includes: Giveaway Rules: You…

    2 min read
  • A Light on the Hill

    A Light on the Hill

    In early 2020, CHBC, along with almost every other church in the world, was forced to contend with the opening days of the COVID-19 pandemic. At that time Caleb Morell was working as Pastor Mark Dever’s personal assistant. Dever tasked him with finding out how the church had responded to the Spanish flu epidemic a…

    5 min read
  • A La Carte Friday 2

    A La Carte (April 18)

    A La Carte: John Piper on being a loner / Snapchat is harming children / The most radical thing / How not to be secular / Three commentary mistakes / Jesus, your sorrow-bearer / and more.

    4 min read
  • A La Carte Thursday 1

    A La Carte (April 17)

    A La Carte: The vibe shift / The Jurassic Park principle of Christian freedom / This is what power looks like / Don’t stay in the puddles / The awkwardness of Easter / Kindle deals / and more.

    3 min read

Explore More

Collections & Series

Articles Collection cover image

Articles

Resources Collection cover image

Resources

Book Reviews Collection Cover Image

Book Reviews

A La Carte Collection cover image

A La Carte

All collections and series →

Top Topics

Bible biography Bonhoeffer books Christian living church current issues disability marriage parenting personal prayer sin suffering theology

All topics →

Top Scripture References

Genesis 1 Genesis 3 Psalm 119 Matthew 18 John 3:16 John 10:10 Romans 1 Romans 8:28 Romans 12:2 Ephesians 5 Philippians 4:8 Colossians 3:16

All Scripture references →

Recent Dates

All dates →

Tim Challies

Tim Challies  •  I’m a pastor, speaker, and author. I’ve been blogging daily since 2003 and have written several books, including Seasons of Sorrow: The Pain of Loss and the Comfort of God. My family and I reside near Toronto, Ontario. Learn more.

Subscribe by Email

Receive every article in your inbox by subscribing below. Unsubscribe at any time.

Kindle Deals

My Books

Books I Recommend

Best Commentaries

Become a Patron

Advertise

Contact

Informing the Reforming Daily Since 2003
7,842 consecutive days of blogging

All content © Tim Challies, 2002–2025. As an Amazon Associate I earn from qualifying purchases.
Privacy Policy