Take two steps.
While using a strong password helps to protect your information, no password is entirely secure. That’s why it is important to take an additional step to prevent your data from getting into the wrong hands. By enabling two-factor authentication for your online accounts, you can make it harder for bad actors to log into the accounts—even if they know your password.
Two-factor authentication asks that you verify your identity after entering your password, such as by typing in a temporary code sent to your phone via text message. This requires very little extra effort on your part, but it acts as an additional bump in the road that bad actors will be less likely to traverse. Many online services and social media apps now offer this feature, and it is easy to set up. You can even choose to enable multi-factor authentication on some accounts, which provides even more protection.
Using multi-factor authentication, takes many forms. Whether it is verifying your identity by checking your biometrics, or biological data such as your fingerprint, by verifying a login through a security app on your phone, or by using a security token you physically plug into your device, multi-factor authentication is going the extra mile for your data security. By tying logging into an account to who you are or something you own, multi-factor authentication makes it much harder for bad actors to steal your data. A bad actor trying hundreds of accounts from afar to find one that is vulnerable to attack generally does not have your fingerprint, your security token, or your actual device. Without access to these, it becomes even more difficult for them to succeed in their attack. In fact, the increased difficulty may convince them to leave your account alone – there are easier, less protected accounts to attack!
A word of caution on enabling biometric authentication – know where your biological data is being stored. This is some of the most personal, unique information about you. If it is stored improperly, for example, stored in a group with other individuals’ fingerprints, it may be vulnerable to attack, presenting a rich target of login and impersonation information. Best practice is generally considered storing your biological data in a way that is spread out, so the effort bad actors must put into stealing the data is greater than the reward of the number accounts they could hack with the information. If everyone’s fingerprints, or other biological data, are stored separately, stealing them all is a lot of work. Bad actors are likely to leave them alone.