Keeping yourself safe online

Two-step verification, also known as two-factor authentication (2FA), is an extra layer of security that works by asking for more information to prove your identity before accessing your account.

This can be a combination of:

• something you know, such as your password
• something you have, such as a verification code sent to your phone
• biometrics, such as an eye scan, fingerprint or facial recognition

Enabling 2SV is an easy and effective way to protect your accounts from unauthorised access, so even if a criminal knows your password, they will not be able to access your accounts.

Most online systems will tell you how to enable 2SV in your account settings.

Creating a strong password is crucial to securing your accounts.

Instead of using words that are personal to you, such as your name, date of birth, or pet’s name, use a combination of:

• three random words, for example, ‘watertablezebra’
• uppercase letters
• lowercase letters
• numbers
• symbols or special characters

Your password should be at least 14 characters long and be different from your previous passwords, as this will make it harder for hackers to guess your password.

A good password can be something that is easy for you to remember but difficult for others to guess, such as a memorable phrase.

There are many genuine password generators online, such as computer software security provider Norton.

If you want to check whether your password or email address has appeared in a data breach, use Have I Been Pwned.

Reusing the same password for multiple accounts can be risky. If a hacker gains access to one of your accounts, they can use that password to break into your other accounts as well.

To protect yourself, it is best to use a different password for each account, especially for important accounts like email, banking and social media.

Your accounts can be compromised in various ways, but one common method is through a company’s data breach.

To see if your email address has been involved in any known data breaches, use Have I Been Pwned. Change the passwords for any accounts that have been compromised.

Most smartphone’s operating system and internet browsers, such as Google and Microsoft Edge, have built-in password managers, so you do not need to worry about paying for one.

They securely store all your passwords and can fill them in automatically when you need to login, making it simpler to manage multiple passwords without having to remember them all.

With a password manager, you can:

• use different and strong passwords for all your accounts without needing to reset them every time
• generate strong and unique passwords for you

Access to your password manager is usually either through one long and strong password or biometrics, each of which are unique to you.

The best password manager to choose is the one that best meets your needs, and which you find easiest to use.

Never store your password in the browser of a shared device outside your home.