How to protect all of your accounts online

Web security has never been more important

It seems like barely a week goes by without some data hack or leak hitting the headlines. With so much of modern life now stored and managed online, it’s vital that you keep your most important accounts locked up and as well protected as possible—which is what we’re here to help you with.

A lot of security measures are the same across all of the major accounts: It’s just a question of knowing where to find them and how to switch them on. In general, choose long, strong passwords for all your accounts, pick different ones for each service, and change them regularly…and if that sounds like a lot of memorization, then make use of a password manager. This password-choosing guide is a good resource as well.

Also switch on two-factor authentication wherever possible. Two-factor authentication (or verification) forces anyone trying to access your account to provide more than just a username and password—your account will also require a secondary code or verification process, often provided on another device. This does give you another hoop to jump through when you’re signing in, but what’s inconvenient to you is a much bigger hurdle to somebody who has stolen your password.

Finally, take advantage of each service’s security options, which often let you detect an unknown machine that may be signed into one of your accounts. For more details, read on.


In recent years Google has made it easier for you to manage all of the various apps and services it develops through one central portal—your Google account page on the web. There’s even a helpful Security Check-up wizard you can run through, which is available from the front screen. This wizard lets you review your recovery information (the phone number and email you can use to get back into your account if it’s compromised), as well as checking up on devices and apps connected to your account (remove any you don’t recognize). We’d also advise turning on two-step verification—choose Signing in to Google from the front page to find it. This means that anyone trying to sign into your account on a new device will need another code (accessed through an SMS or an app on your phone), as well as your username and password. For more information, check out this full guide to securing your Google account.


Apple takes a different approach than Google does, focusing on hardware first and online apps second. So the options you can get at through your browser aren’t quite as comprehensive as the ones that Google gives you. To get started, sign into the Apple ID website. The most important change you can make here is to switch on two-factor authentication, which works in a similar way to the technology Google uses: When signing in on a new device, you’ll need your Apple ID, your password, and a code sent to your other registered devices (like a MacBook or an iPhone). You can also review the rest of your security settings from here and see which computers, phones and tablets you’re already signed in on. If you see a device you don’t recognize, click on it then choose Remove. You can also sign out of all other active iCloud sessions by logging in at and visiting the Settings page. For more information, check out this full guide to securing your Apple devices and iCloud account.


Microsoft offers similar security settings to Google and Apple, including options to review your active devices and set up two-step verification. There are a few different ways to get to the pages you need online, but the easiest is just to head to your Microsoft account page. Once you’ve logged in with your username and password, you’ll see all the computers and other hardware linked to your Microsoft account under the Devices heading, and clicking any one of the entries lets you remove it. Click Security to access options for reviewing your personal information (which will be used to recover your account if you ever get locked out) and recent activity. This gives you another way of spotting suspicious comings and goings in your account. Follow the link to see more security options and to set up two-step verification, so a trusted smartphone becomes an extra requirement to get into your account, together with your username and password. For more information, check out this full guide to securing your Microsoft account.


On the world’s biggest social network there are an impressive number of ways to protect your account besides just having a strong and hard-to-guess password, most of which you can find on the Security tab of the Facebook Settings page. You can review where you’re logged in and on what devices, for example, and get alerts about unrecognized logins on new devices. Facebook also lets you specify “trusted contacts” who can prove to Facebook you are who you say you are if you should ever get locked out of your own account. Our old friend the two-factor authentication option appears again, and works just as it does on the services mentioned above. It means you’ll need a code from your phone as well as your username and password if you want to log into Facebook in a new location. Once a computer or device is marked as trusted, you don’t need to repeat this step again. For more information, check out this full guide to securing your Facebook account.


Twitter doesn’t offer quite as many security layers as Facebook does, but the main safeguards are still available if you open up the Twitter Settings page on the web. The same two-step protection is included, which here is just called Login verification—tick the box and you’ll get a code sent to your phone via SMS next time you log in on a new device with your username and password. If someone else is trying to get into your account, it should protect your privacy and alert you at the same time. It’s also a good idea to tick the box marked Require personal information to reset my password, which means Twitter asks for additional details (such as your phone number) if anyone tries to start the reset process.


From a security standpoint, it hasn’t been the easiest few years for Yahoo. But if you haven’t abandoned the company’s online services completely, then you can try and minimize the risk of future hacks by visiting the Yahoo account page in your browser. Click Account security to get to the main settings you need to know about—you can switch on the ubiquitous two-step verification feature, as well as set up something called Yahoo Account Key, which essentially adds some extra protection via a Yahoo app installed on your trusted phone. In light of recent data breaches, Yahoo also recommends that users disable their security questions, as some of this information might be out in the public domain—and hackers could potentially use it to pretend to be you.

Other accounts

Your other online accounts will usually have options similar to the ones we’ve already mentioned—have a dig around in the various settings and see what you can find. The two-step verification facility is now available on most accounts. Unfortunately, nothing can make you 100 percent safe online, so don’t get cocky. New security vulnerabilities are discovered all the time, and there’s not always anything you can do about them. You just have to stay vigilant and try to minimize the risk as much as possible. With that in mind, keep an eye on tech security news and be wary of attempts to try and steal your login credentials through phishing emails or other types of social engineering. It’s also important to keep your operating system, browser, and antivirus package right up to date too. Updates often patch security flaws, so the latest versions of software will also be the safest.
David Nield

David Nieldis a tech journalist from the UK who has been writing about gadgets and apps since way before the iPhone and Twitter were invented. When he's not busy doing that, he usually takes breaks from all things tech with long walks in the countryside.