How to keep all of your accounts safe in a world where people want your data

Web security has never been more important.
A laptop in the dark
Lock it down. Jay Wennington/Unsplash

This post has been updated. It was originally published on March 21, 2017.

It seems like barely a week goes by without some data hack or leak hitting the headlines. With so much of modern life now stored and managed online, it’s vital that you keep your most important accounts locked up and as well-protected as possible—which is what we’re here to help you with.

A lot of security measures will be the same across all of your major online accounts, it’s just a question of knowing where to find them and how to switch them on. In general, choose long, strong passwords, pick different ones for each service, and change them regularly… and if that sounds like a lot of memorization, make use of a password manager. This password-choosing guide is a good resource as well.

Also switch on two-factor authentication wherever possible. Two-factor authentication (or verification) forces anyone trying to access your account to provide more than just a username and password—your account will also require a secondary code or verification process, often provided on another device. This does give you another hoop to jump through when you’re signing in, but what’s inconvenient to you is a much bigger hurdle to somebody who has stolen your password.

Finally, take advantage of each service’s security options, which often let you detect an unknown machine that may be signed into one of your accounts.

How to secure your Google account

A Google account settings page showing connected devices.
Check out your list of connected Google devices to make sure you recognize all of them. David Nield

Google has made it possible to use one central portal—your Google account page on the web—to manage all of the various apps and services it develops. There’s even a helpful Security Check-up wizard you can run through, which is available from the main page. This wizard lets you review your recovery information (the phone number and email you can use to get back into your account if it’s compromised), as well as check up on devices and apps connected to your account (remove any you don’t recognize).

We’d also advise turning on two-step verification—click on the Security option in the menu on the left, then find the Signing in to Google section. Doing so means that anyone trying to sign into your account on a new device will need another code (sent via a text message or an app on your phone), in addition to your username and password.

[Related: The complete guide to securing your Google account]

How to secure your Apple accounts

An Apple ID verification code on a macOS computer screen.
It’s harder for people to use your Apple ID if they don’t have the verification code. David Nield

Apple takes a different approach than Google does, focusing on hardware first and online apps second. That means the options you can get at through your browser aren’t quite as comprehensive as the ones that Google gives you. To get started, sign into the Apple ID website. The most important change you can make here is to switch on two-factor authentication, which works in a similar way to the technology Google uses: When signing in on a new device, you’ll need your Apple ID, your password, and a code sent to your other registered devices (such as a MacBook or an iPhone).

You can also review the rest of your security settings from here and see which computers, phones, and tablets you’re already signed in on. If you see a device you don’t recognize, click on it, then choose Remove from account. You can also sign out of all other active iCloud sessions by logging in at and visiting the settings page.

[Related: The complete guide to securing your Apple and iCloud accounts]

How to secure your Microsoft account

Microsoft security basics
The basics of Microsoft’s security features are clearly laid out. David Nield

Microsoft offers similar security settings to Google and Apple, including options to review your active devices and set up two-step verification. There are a few different ways to get to the pages you need online, but the easiest is just to head to your Microsoft account page. Once you’ve logged in with your username and password, you’ll see all the computers and other hardware linked to your Microsoft account under the Devices heading. Click any one of the entries, then select Manage to open a drop-down menu that offers the option to remove it.

Click Security to access password options and view recent activity. This gives you another way of spotting suspicious comings and goings on your account. Click on Advanced Security Options to see more features and to set up two-step verification, so a trusted smartphone becomes an extra requirement to get into your account, beyond your username and password.

[Related: The complete guide to securing your Microsoft account]

How to secure your Facebook account

Facebook's security options settings page.
Facebook helps you understand where you’re logged in. David Nield

On the world’s biggest social network, there are an impressive number of ways to protect your account besides just having a strong and hard-to-guess password. You can find most of them on the Security and Login tab of the Facebook settings page. You can review where you’re logged in and on what devices, for example, and get alerts about unrecognized logins on new devices.

Facebook also lets you specify “trusted contacts” who can prove to Facebook you are who you say you are if you ever get locked out of your account. Our old friend two-factor authentication option appears again, and it works just as it does on the services mentioned above. To recap: You’ll need a code from your phone as well as your username and password if you want to log into Facebook in a new location. Once you mark a computer or device as trusted, you won’t need to repeat this step again.

[Related: The complete guide to securing your Facebook account]

How to secure your Twitter account

Twitter's security settings
A secure Twitter account means you’re the only one to blame for any bad tweets, though. David Nield

Twitter doesn’t offer quite as many security layers as Facebook does, but the main safeguards are still available if you open up the Twitter Settings page on the web. Two-factor authentication is there, under Security and account access > Security, and you can choose how you want to prove you’re you (via text message, authentication app, or a security key). If someone else is trying to get into your account, this should protect your privacy and alert you at the same time. It’s also a good idea to tick the box under Additional password protection on the same Security page. This means Twitter will ask for additional information (such as your phone number) if anyone tries to start the reset process.

[Related: How to make your Twitter account more secure]

How to secure your Yahoo account

Yahoo's App Password option.
When you log into a separate app or service with your Yahoo account, a so-called App Password can help you stay secure. John Kennedy

Once the most-used search engine on the web, Yahoo’s services have fallen far behind Google in popularity. If you haven’t abandoned the company’s online services completely, you can try to minimize the risk of future hacks by visiting the Yahoo account page in your browser. Click Account Security to get to the main settings you need to know about—you can switch on the ubiquitous two-step verification feature, as well as set up an App Password, which is a one-time, Yahoo-generated password for a specific app or service that’s linked to your Yahoo account.

How to secure other accounts

Tumblr security settings
If your other accounts are light on security, it might be time to consider cutting them loose. David Nield

Your other online accounts will usually have options similar to the ones we’ve already mentioned—dig around in the various settings and see what you can find. Two-step verification is available on most accounts, for example. Unfortunately, nothing can make you 100 percent safe online, so don’t get cocky. New security vulnerabilities are discovered all the time, and there’s not always anything you can do about them. You just have to stay vigilant and try to minimize your risk as much as possible. With that in mind, keep an eye on tech security news and be wary of attempts to try to steal your login credentials through phishing emails or other types of social engineering. It’s also important to keep your operating system, browser, and antivirus package up to date too. Updates often patch security flaws, so the latest versions of software will also be the safest.