Need help?

How to Keep Personal Information Safe Online

Authored by:
Support.com Tech Pro Team
This Guided Path® was written and reviewed by Support.com’s Tech Pro team. With decades of experience, our Tech Pros are passionate about making technology work for you. We love feedback! Let us know what you think about this Guided Path® by rating it at the end.

We are online a lot. We spend hours shopping, posting on social media, playing video games, browsing the web and conducting business. It's becoming almost unavoidable.

Having your personal information stolen or leaked online is a devastating experience. It can take years to fix.

Therefore, protecting private information should be a top priority for every Internet user. Everybody can take proactive actions to protect themselves from being hacked, scammed, or doxxed. Here's how.

Regularly Audit Online Accounts

Everyone should periodically do a review of their online accounts.

For instance, you could set aside some time about once a year to look at all the sites you currently use. Take this opportunity to update your accounts with new and complex passwords and turn on two-factor authentication (if available). It may take an hour or so, but it'll potentially save you from a headache should you get hacked.

Think of all of the websites you've signed up for over the years. If one of those accounts ever got hacked, or if the site itself experiences a data breach, what personal information could be at risk? Your password, date of birth, credit card, email addresses, location and so on could be exposed. A breach on one site could spell doom for your other online accounts. Information gained in this way could give a phisher additional ammo for their attacks against you. Therefore, it's recommended to close accounts you no longer use.

Speaking of data breaches, there are online tools you can use to find out if your online accounts have been compromised. Tools like haveibeenpwned.com allow you to search your email address and review possible data breaches.

Use More than One Email Account

Email is the biggest security threat as it continues to be the most popular attack vector.

If you have more than one email address for your online accounts, you'll be at less risk should you get hacked.

The idea is to create a couple of email addresses and categorize each one. One email could be for sensitive information like banking. Another address could be dedicated to social media accounts. Why should the email I'm using for personal correspondence also be the one getting all the retail coupon spam? I can create one for both! Try to have at least two accounts.

Do you know what a temporary email address is? Ordinary folk use them all the time in order to avoid spam. Imagine you're shopping on a website and you get to the checkout. You can't proceed without putting in an email address, but you're also not interested in any marketing spam. So what do you do? I use a disposable email address provider like temp-mail.org or tempail.com. I take the address they provide and use it to fill in the form.

Use a Password Manager

It's a lot easier for me to remember my passwords when I use the same one on every site.

The obvious downside is if I get hacked on one site, I leave myself open to attack everywhere else.

Create the Perfect Password
passwordHow to Create Store and Manage Passwords Securely

A password must be strong enough to hold up to hackers and brute-force attacks. Learn about creating the perfect password, managing online accounts and two-factor authentication.

One solution is to use a password manager like LastPass. Password managers allow me to pick or generate extremely complex and randomized passwords for every website. The best part is I only need to remember the password to the password manager itself. Are password managers safe? They are, especially compared to the behaviors and practices most users employ for password management.

If password managers aren't for you, try this approach. Group passwords by function. Have a password for social media accounts, another for financial purposes, another for gaming. As always, create a strong password you can remember to make it harder to crack.

Whether you are using a password manager or not, having multiple passwords will help keep your personal information safe.

Turn on Two-Factor Authentication

Two-factor authentication (also known as 2FA, TFA, 2SV, MFA) is a method of confirming a users' identity. It combines something you know (your password) with something you have (like a phone). An example of this would be that I need my PIN (something I know) and bank card (something I have) in order to withdraw money at an ATM.

Two-factor authentication can be enabled on many popular sites such as Google, Facebook, Instagram, WhatsApp, Twitter, Amazon, Microsoft, LinkedIn, Snapchat, Reddit, Discord, Dropbox, Venmo, PayPal, and many more. Some sites and apps may even require 2FA, such as those dealing with banking or very sensitive information.

Password Protect Mobile Devices

Mobile devices put us at greater risk than say our desktops at home. If I accidentally leave my phone in class or at a coffee shop, what would the person who found it have access to? Email? Social media? Photos? Stored credit cards?

While putting a password on a home computer is a great idea, it's crucial to have one enabled on the devices we carry around with us. Smartphones, tablets, laptop computers, smart watches, E-readers and even handheld gaming devices should all be password protected.

Lock your devices when you aren't using them. Did you know you can quickly lock your Windows laptop with the Win + L keyboard shortcut? On a Macbook you'd hit Control + Shift + Power. Doing so forces the next user to re-enter the password, passcode, or biometrics to be able to use the device.

As an extra security measure, don't forget to sign out of sensitive websites and apps when you're done.

Keep Devices Updated

Sometimes it seems our devices are bombarded with updates. However, there are good reasons to get these patches installed in a timely manner. Updates can help fix potential security vulnerabilities such as zero-day exploits. If the option is available, I always enable automatic updates.

Recognize and Avoid Email Phishing Scams

Hackers are constantly coming up with new tricks to steal data.

They happen to be great impersonators. We can see this in the various types of phishing scams they use.

Phishing attacks are something I'm always on the lookout for, particularly in my email. Every day, hackers send out tons of official looking emails with alarming subject lines in order to lure victims in. Who wouldn't click an email from Amazon if it claimed something I ordered is on the way? Or that my account will soon be deleted if I don't log in now? Thieves know exactly how to manipulate people because it works.

The best advice here is to look the email over before reacting. Challenge it. Does it have any typographical errors? Inspect links to see if they link to sketchy websites. Also, pay special attention to the email address to make sure it seems legitimate. The name may say "Bank of America", but if the email address says bob@thanksforyourcreditcard.com, then somebody may be trying to phish you.

If I have any doubt as to whether the email is a scam or not, I don't click. It's as simple as that. It's better to type the address in myself, log in and verify. Worst case, I'll call the organization before clicking.

Share Less Personal Info on Social Media

There's a saying I've heard many times, "What happens on the Internet, stays on the Internet."

Once you post something online, you give up control over what happens with it next. This information can be scraped up by bots, stored on a server and get used by hackers. This is true to some extent whether your profile is private or public.

How much information you share is up to you, but there are some things to consider keeping offline. For example, birthdays, your exact location, bank information, even complaints about your boss. Review your privacy settings to make sure you aren't sharing more than you intend to. If you have kids on social media, check theirs too!

Consider the privacy of your friends as well. How? Well, we can get excited about big events in our friend's lives, such as a new baby or marriage. Try to not let the excitement make us do something thoughtless, though. Let your friends decide if they want to post about their vacation.

How to Avoid Getting Doxxed

Doxing, or doxxing may be a term you've never heard of before. It refers to the practice of scouring the Internet to find personal information on somebody, and then releasing that information publicly. The intent is always to harm the victim. In some cases, this can put the individual in real danger or even ruin their life. Online gamers and streamers need to be particularly careful because revenge can come in the form of swatting.

The type of information that is collected can be real names, other online aliases, email addresses, phone numbers, passwords, names of relatives, home address, net worth, employer information, and more.

How do they get this information? It's on the Internet. As they say, "once online, always online." Search your name or gamer tags in a search engine like Google, Yahoo! or Bing. What kind of information can you find about yourself? You may be surprised.

Removing this information from the web may be possible by contacting the website it was found on. However, this may prove extremely difficult and time consuming. Therefore, the best protection is to limit information shared online.

Use Caution on Free Public WiFi

Who doesn't love free WiFi? Turns out, hackers love it too! If you are on an unsecure network, a hacker with the right tools could be eavesdropping on what you're doing online. Right now.

While on public WiFi, don't log in to sensitive sites like banking. Why rush to place your order with your credit card? Save making the transaction for later when you're on a private and secured WiFi network.

If you have no choice and need to use public WiFi, consider using a Virtual Private Network (VPN). What is a VPN? VPNs are used by people and companies to protect sensitive data being transmitted over the Internet. When I'm on public WiFi, I use a VPN which encrypts my connection and protects me from snooping.

Only Shop on Secure Websites (HTTPS)

It's important to know how to spot the difference between secure and unsecure websites. A website is secure if it has https:// at the front of the URL in the address bar. An unsecure website will only have http:// in the address.

For security, the HTTP protocol is just fine for browsing the web. It becomes a problem when sending sensitive data. This is because data transmitted over HTTP isn't encrypted!

HTTPS uses encryption to protect sensitive information. I always check to see if a website is secure when shopping and using my credit card online. Same rule applies for any website that I'll be providing personal information to.

Guard Social Security Numbers (SSN)

Social Security Numbers are frequently used for identity theft. That's logical since it is intertwined with many other forms of identification. People and businesses also treat it as an authenticator.

There are only a handful of situations where you are actually required to share your SSN. In most cases, it is being requested but not needed. It should be guarded and shared only when necessary.

If anybody asks for my Social, I ask why they need it first. I need to know how it'll be used, how they'll protect it, and what happens if I don't share it. If I decide to not share it, typically they'll move on to another form of authentication.

Thieves who gain access to an individual's SSN can create years of credit problems for that person. Victims of identity theft should report it by contacting the Federal Trade Commission at IdentityTheft.gov.

Conclusion

The best way to keep personal information safe online is to be proactive. Set aside some time to review your accounts, passwords and privacy settings. Create multiple email accounts and separate them by function. It'll be worth it if it saves you from years of trying to get everything back.

Sharing and educating friends and family on keeping personal information safe online will benefit them, but also you indirectly. It goes hand in hand.

We're here to help!

Connect to a Tech Pro

Call or chat with a Tech Pro 24/7.

We are online a lot. We spend hours shopping, posting on social media, playing video games, browsing the web and conducting business. It's becoming almost unavoidable.

Having your personal information stolen or leaked online is a devastating experience. It can take years to fix.

Therefore, protecting private information should be a top priority for every Internet user. Everybody can take proactive actions to protect themselves from being hacked, scammed, or doxxed. Here's how.

Regularly Audit Online Accounts

Everyone should periodically do a review of their online accounts.

For instance, you could set aside some time about once a year to look at all the sites you currently use. Take this opportunity to update your accounts with new and complex passwords and turn on two-factor authentication (if available). It may take an hour or so, but it'll potentially save you from a headache should you get hacked.

Think of all of the websites you've signed up for over the years. If one of those accounts ever got hacked, or if the site itself experiences a data breach, what personal information could be at risk? Your password, date of birth, credit card, email addresses, location and so on could be exposed. A breach on one site could spell doom for your other online accounts. Information gained in this way could give a phisher additional ammo for their attacks against you. Therefore, it's recommended to close accounts you no longer use.

Speaking of data breaches, there are online tools you can use to find out if your online accounts have been compromised. Tools like haveibeenpwned.com allow you to search your email address and review possible data breaches.

Use More than One Email Account

Email is the biggest security threat as it continues to be the most popular attack vector.

If you have more than one email address for your online accounts, you'll be at less risk should you get hacked.

The idea is to create a couple of email addresses and categorize each one. One email could be for sensitive information like banking. Another address could be dedicated to social media accounts. Why should the email I'm using for personal correspondence also be the one getting all the retail coupon spam? I can create one for both! Try to have at least two accounts.

Do you know what a temporary email address is? Ordinary folk use them all the time in order to avoid spam. Imagine you're shopping on a website and you get to the checkout. You can't proceed without putting in an email address, but you're also not interested in any marketing spam. So what do you do? I use a disposable email address provider like temp-mail.org or tempail.com. I take the address they provide and use it to fill in the form.

Use a Password Manager

It's a lot easier for me to remember my passwords when I use the same one on every site.

The obvious downside is if I get hacked on one site, I leave myself open to attack everywhere else.

Create the Perfect Password
passwordHow to Create Store and Manage Passwords Securely

A password must be strong enough to hold up to hackers and brute-force attacks. Learn about creating the perfect password, managing online accounts and two-factor authentication.

One solution is to use a password manager like LastPass. Password managers allow me to pick or generate extremely complex and randomized passwords for every website. The best part is I only need to remember the password to the password manager itself. Are password managers safe? They are, especially compared to the behaviors and practices most users employ for password management.

If password managers aren't for you, try this approach. Group passwords by function. Have a password for social media accounts, another for financial purposes, another for gaming. As always, create a strong password you can remember to make it harder to crack.

Whether you are using a password manager or not, having multiple passwords will help keep your personal information safe.

Turn on Two-Factor Authentication

Two-factor authentication (also known as 2FA, TFA, 2SV, MFA) is a method of confirming a users' identity. It combines something you know (your password) with something you have (like a phone). An example of this would be that I need my PIN (something I know) and bank card (something I have) in order to withdraw money at an ATM.

Two-factor authentication can be enabled on many popular sites such as Google, Facebook, Instagram, WhatsApp, Twitter, Amazon, Microsoft, LinkedIn, Snapchat, Reddit, Discord, Dropbox, Venmo, PayPal, and many more. Some sites and apps may even require 2FA, such as those dealing with banking or very sensitive information.

Password Protect Mobile Devices

Mobile devices put us at greater risk than say our desktops at home. If I accidentally leave my phone in class or at a coffee shop, what would the person who found it have access to? Email? Social media? Photos? Stored credit cards?

While putting a password on a home computer is a great idea, it's crucial to have one enabled on the devices we carry around with us. Smartphones, tablets, laptop computers, smart watches, E-readers and even handheld gaming devices should all be password protected.

Lock your devices when you aren't using them. Did you know you can quickly lock your Windows laptop with the Win + L keyboard shortcut? On a Macbook you'd hit Control + Shift + Power. Doing so forces the next user to re-enter the password, passcode, or biometrics to be able to use the device.

As an extra security measure, don't forget to sign out of sensitive websites and apps when you're done.

Keep Devices Updated

Sometimes it seems our devices are bombarded with updates. However, there are good reasons to get these patches installed in a timely manner. Updates can help fix potential security vulnerabilities such as zero-day exploits. If the option is available, I always enable automatic updates.

Recognize and Avoid Email Phishing Scams

Hackers are constantly coming up with new tricks to steal data.

They happen to be great impersonators. We can see this in the various types of phishing scams they use.

Phishing attacks are something I'm always on the lookout for, particularly in my email. Every day, hackers send out tons of official looking emails with alarming subject lines in order to lure victims in. Who wouldn't click an email from Amazon if it claimed something I ordered is on the way? Or that my account will soon be deleted if I don't log in now? Thieves know exactly how to manipulate people because it works.

The best advice here is to look the email over before reacting. Challenge it. Does it have any typographical errors? Inspect links to see if they link to sketchy websites. Also, pay special attention to the email address to make sure it seems legitimate. The name may say "Bank of America", but if the email address says bob@thanksforyourcreditcard.com, then somebody may be trying to phish you.

If I have any doubt as to whether the email is a scam or not, I don't click. It's as simple as that. It's better to type the address in myself, log in and verify. Worst case, I'll call the organization before clicking.

Share Less Personal Info on Social Media

There's a saying I've heard many times, "What happens on the Internet, stays on the Internet."

Once you post something online, you give up control over what happens with it next. This information can be scraped up by bots, stored on a server and get used by hackers. This is true to some extent whether your profile is private or public.

How much information you share is up to you, but there are some things to consider keeping offline. For example, birthdays, your exact location, bank information, even complaints about your boss. Review your privacy settings to make sure you aren't sharing more than you intend to. If you have kids on social media, check theirs too!

Consider the privacy of your friends as well. How? Well, we can get excited about big events in our friend's lives, such as a new baby or marriage. Try to not let the excitement make us do something thoughtless, though. Let your friends decide if they want to post about their vacation.

How to Avoid Getting Doxxed

Doxing, or doxxing may be a term you've never heard of before. It refers to the practice of scouring the Internet to find personal information on somebody, and then releasing that information publicly. The intent is always to harm the victim. In some cases, this can put the individual in real danger or even ruin their life. Online gamers and streamers need to be particularly careful because revenge can come in the form of swatting.

The type of information that is collected can be real names, other online aliases, email addresses, phone numbers, passwords, names of relatives, home address, net worth, employer information, and more.

How do they get this information? It's on the Internet. As they say, "once online, always online." Search your name or gamer tags in a search engine like Google, Yahoo! or Bing. What kind of information can you find about yourself? You may be surprised.

Removing this information from the web may be possible by contacting the website it was found on. However, this may prove extremely difficult and time consuming. Therefore, the best protection is to limit information shared online.

Use Caution on Free Public WiFi

Who doesn't love free WiFi? Turns out, hackers love it too! If you are on an unsecure network, a hacker with the right tools could be eavesdropping on what you're doing online. Right now.

While on public WiFi, don't log in to sensitive sites like banking. Why rush to place your order with your credit card? Save making the transaction for later when you're on a private and secured WiFi network.

If you have no choice and need to use public WiFi, consider using a Virtual Private Network (VPN). What is a VPN? VPNs are used by people and companies to protect sensitive data being transmitted over the Internet. When I'm on public WiFi, I use a VPN which encrypts my connection and protects me from snooping.

Only Shop on Secure Websites (HTTPS)

It's important to know how to spot the difference between secure and unsecure websites. A website is secure if it has https:// at the front of the URL in the address bar. An unsecure website will only have http:// in the address.

For security, the HTTP protocol is just fine for browsing the web. It becomes a problem when sending sensitive data. This is because data transmitted over HTTP isn't encrypted!

HTTPS uses encryption to protect sensitive information. I always check to see if a website is secure when shopping and using my credit card online. Same rule applies for any website that I'll be providing personal information to.

Guard Social Security Numbers (SSN)

Social Security Numbers are frequently used for identity theft. That's logical since it is intertwined with many other forms of identification. People and businesses also treat it as an authenticator.

There are only a handful of situations where you are actually required to share your SSN. In most cases, it is being requested but not needed. It should be guarded and shared only when necessary.

If anybody asks for my Social, I ask why they need it first. I need to know how it'll be used, how they'll protect it, and what happens if I don't share it. If I decide to not share it, typically they'll move on to another form of authentication.

Thieves who gain access to an individual's SSN can create years of credit problems for that person. Victims of identity theft should report it by contacting the Federal Trade Commission at IdentityTheft.gov.

Conclusion

The best way to keep personal information safe online is to be proactive. Set aside some time to review your accounts, passwords and privacy settings. Create multiple email accounts and separate them by function. It'll be worth it if it saves you from years of trying to get everything back.

Sharing and educating friends and family on keeping personal information safe online will benefit them, but also you indirectly. It goes hand in hand.