Protecting your valuable information online

Why is this important?

Protecting your online accounts is critical to keeping your valuable information safe. If a criminal accesses your online accounts, they could:

• Access private information about you (including banking and financial details)
• Send emails and messages pretending to be from you
• Reset your account passwords and gain access to other important online services.

How can criminals gain access to your accounts?

Criminals will use the most common passwords to try and access your accounts. Or use information about you available online – such as from social media accounts – to try and guess your password. If successful, they could then try use this same password to access your other online accounts.

Criminals will also try and trick victims into giving up their passwords by creating fake emails – known as phishing – that link to dodgy websites, or use other persuasive methods, like contacting you through social media.

However, even if you create strong passwords, they can still be stolen if an organisation holding your details suffers a data breach. Criminals can try and use these stolen customer details (such as username and passwords) to try and access systems and accounts (known as credential stuffing).

How can you protect yourself?

Create strong passwords. It’s important to create strong, yet memorable, passwords to use on important online accounts.

• Do: use “Three Random Words” (such as coffeetrainfish), then swap some letters for numbers, capital letters and special characters. Check out the National Cyber Security Centre’s (NCSC) guidance on “Three Random Words” ^{Footnote [1]}  
• Don’t: use predictable passwords (such as information available on your social media, like dates, names, favourite sports teams) or passwords that could be easily guessed (such as “Password1”)
• Don’t: re-use the same password across important accounts, as this could allow criminals to access many of your important accounts if they get a hold of that one password.

Protect your passwords. If you store passwords somewhere safe, this means your need to rely less on remembering them, allowing you to set unique and strong passwords for your accounts.

• If you need to write passwords down, make sure you keep them safe, out of sight, and most importantly – away from your computer
• You could also use a password manager application to help you create and store strong passwords.

Use Two-Step Verification to protect online accounts. Many online services allow you to set up “Two-Step Verification” (also known as “multi-factor authentication (MFA) or 2FA) to help protect your accounts. This helps to keep cyber criminals out of your accounts, even if they know your passwords. With Two-Step Verification, you’ll be sent a PIN or code, often by SMS or email. You then need to enter this PIN or code into the login page to prove that it's you before you’ll be given access to the account.

• You should be able to easily set up Two-Step Verification on many online services, particularly on important accounts such as finance, social media and email.
• The NCSC provides up-to-date information on how to set Two-Step Verification up across popular services here. ^{Footnote [1]}  

Protect your devices. The devices we use (such as phones, tablets and laptops) can be targeted both remotely and physically, putting our valuable information at risk. For example, criminals could try and exploit weaknesses in software on the devices you use, which could allow them to take over your device - or even steal your device itself. However, there are some ways to protect yourself from these types of attacks: 

• Stay on top of software updates – software providers issue “fixes” for weaknesses, preventing criminals from exploiting them and helping to secure your device. If you’re prompted to install these, don’t ignore them! Ensure you are also using the most up to date Anti-Virus (AV software). 
• Beware of fake apps – only use official app stores (like Google Play or Apple App Store), which will help protect you from viruses and malware. Don’t download apps from unknown sources, especially if directed there from a link in a suspicious email. 
• Lock your device – you should use a PIN, password or fingerprint/face ID to secure your device when not in use. This will make it hard for criminals to access your device if lost or stolen.

What can I do if my password is stolen?

• If you suspect your password has been stolen, you should change it as soon as possible. If you know you have used the same password on other accounts, ensure you change these too
• You should also report this to the service provider, who may be able to provide further guidance and enable additional services, such as fraud monitoring for online banking (if available).

You can also check if your information has even been made public in a data breach.