Do these first
Best first moves
- 1Use a password managerCreate unique passwords without needing to memorize them.
- 2Enable MFAUse an authenticator app or security key when possible.
- 3Turn on passkeysChoose passkeys wherever they are available.
- 4Stop password reuseOne compromised account should not open others.
- 5Remove saved passwords from browsersKeep passwords in one trusted place instead.
- 6Delete unused accountsOld accounts often hold personal and financial data.
Account takeover is usually the result of weak or reused credentials, not a dramatic zero-day attack.
How to think about account security
Start with the accounts that matter most: email, banking, password manager, phone carrier, cloud storage, and government portals. If one of those falls, the rest of your digital life can follow.
Use MFA on every important account. Prefer passkeys and app-based MFA over SMS when a better option exists. If a site supports a hardware security key, that is an even stronger choice.