The main ways accounts get hacked
To gain access to your accounts, hackers mostly rely on:
- Keylogger 'malware' – malicious software that finds its way on to your computer and logs every keystroke you make.
- Leaked passwords – many online providers are not very good at keeping their clients' account details safe.
- Phishing scams – typically a fraudulent email or social media post that tricks you into parting with your password.
- Harvesting information from your public profile that could help them get past security questions and into your account.
How to make your online accounts more secure
The protection provided by online service providers is extremely variable, so you should make it your business to put in place the account security you need.
Create different and strong passwords for every account. Criminals can access whole databases of leaked or stolen passwords on the internet. If yours is on one of them, they could use it to try and gain access to every account you have.
Use two-step login verification to add an extra layer of security to your accounts. Each time you log in, the service will send a code to your phone via an app or SMS that's needed to complete the process. This means no one can access your account without having your phone, too.
Set up account recovery options, so that if you forget your password or lose your device, you have another means of getting into your account. Google, for example, offers to help you recover your account via your phone, an alternative email address and security question, and pre-printed codes.
Set strong answers to security questions. These are often incredibly weak – things like "Where were you born?" and "What high school did you go to?" – just the kind of information a standard social media profile makes widely available. Pick questions that can't be easily guessed.
Check your account for unusual activity (for example, if someone has attempted to log in from an unknown location). Many service providers have functionality to let you check for this (Dropbox, for example). Good providers may let you know by phone or email (but fraudsters may also imitate this tactic, so follow our phishing advice before responding).
Install the latest security updates and patches to keep your computer and browser up-to-date and virus-free.
Only use trusted devices to access your accounts (in other words, your own), and never log in to critical accounts such as online banking from public computers. You simply don't know what nasty spyware could be lurking on them.