Why Account Security Matters More Than Ever

Data breaches happen regularly across major platforms. When they do, usernames and passwords often end up circulating in databases that malicious actors use to attempt logins across hundreds of sites. If you reuse passwords — and most people do — a breach on one site can compromise dozens of your accounts.

The good news: a handful of straightforward steps dramatically reduces your risk. You don't need to be a security expert to protect yourself effectively.

Step 1: Use a Password Manager

The root cause of most account compromises is weak or reused passwords. A password manager solves this by generating strong, unique passwords for every site and storing them securely — you only need to remember one master password.

Popular options include Bitwarden (free, open-source), 1Password, and Dashlane. Browser-based managers from Google and Apple work well too, especially if you stay within one ecosystem.

Action: Install a password manager and start migrating your most important accounts — email, banking, social media — first.

Step 2: Enable Two-Factor Authentication (2FA)

Two-factor authentication requires a second proof of identity beyond your password — typically a time-sensitive code from an app or a text message. Even if someone obtains your password, they cannot log in without that second factor.

  • App-based 2FA (Google Authenticator, Authy) is more secure than SMS, which can be intercepted via SIM-swapping attacks.
  • Hardware security keys (like YubiKey) offer the highest level of protection for high-value accounts.

Action: Enable 2FA on your email account first — it's the master key to everything else. Then work through banking and social accounts.

Step 3: Check If Your Email Has Been Breached

Visit haveibeenpwned.com — a free, reputable service — and enter your email address. It will show you if your credentials have appeared in any known data breaches. If they have, change those passwords immediately.

Some password managers also include breach monitoring that alerts you automatically when your saved credentials appear in new breaches.

Step 4: Review Account Recovery Options

Recovery email addresses and phone numbers are the backup keys to your accounts. If they're outdated or pointing to an old number you no longer own, someone else could potentially use them to take over your account.

  1. Log into your most important accounts (Google, Apple ID, Microsoft, banking).
  2. Navigate to security or account settings.
  3. Verify that recovery emails and phone numbers are current and belong to you.
  4. Remove any recovery options you no longer control.

Step 5: Audit Connected Apps and Permissions

Over time, you accumulate third-party apps connected to your main accounts — things you signed up for once and forgot. Each one is a potential vulnerability.

Most major platforms let you review these under Security or Privacy settings:

  • Google: myaccount.google.com → Security → Third-party apps
  • Apple ID: appleid.apple.com → Sign in with Apple section
  • Facebook/Meta: Settings → Apps and Websites

Revoke access for anything you no longer use or don't recognise.

Bonus: Use Unique Email Aliases

Services like SimpleLogin or Apple's "Hide My Email" let you create unique email aliases for different sign-ups. If one alias starts receiving spam, you know that service was compromised — and you can simply disable that alias without affecting your real email address.

A Realistic Approach

You don't have to do all of this in one sitting. Start with step one and two this week — they'll cover the vast majority of your risk. Then chip away at the rest over the following weeks. Security isn't a single event; it's an ongoing habit that gets easier as it becomes routine.