New Ways to Keep Your Online Accounts Safe

Home
Personal Finance

As cybercrime evolves, the strategies you use to protect yourself need to evolve, too.

By Martha C. White published 27 February 2026 in Features

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

Copy link
Facebook
X

Share this article Print Join the conversation Follow us Add us as a preferred source on Google Newsletter Get the Kiplinger Newsletter

Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

Want to add more newsletters?

Delivered daily

Kiplinger Today

Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more delivered daily. Smart money moves start here.

Signup +

Sent five days a week

Kiplinger A Step Ahead

Get practical help to make better financial decisions in your everyday life, from spending to savings on top deals.

Signup +

Delivered daily

Kiplinger Closing Bell

Get today's biggest financial and investing headlines delivered to your inbox every day the U.S. stock market is open.

Signup +

Sent twice a week

Kiplinger Adviser Intel

Financial pros across the country share best practices and fresh tactics to preserve and grow your wealth.

Signup +

Delivered weekly

Kiplinger Tax Tips

Trim your federal and state tax bills with practical tax-planning and tax-cutting strategies.

Signup +

Sent twice a week

Kiplinger Retirement Tips

Your twice-a-week guide to planning and enjoying a financially secure and richly rewarding retirement

Signup +

Sent bimonthly.

Kiplinger Adviser Angle

Insights for advisers, wealth managers and other financial professionals.

Signup +

Sent twice a week

Kiplinger Investing Weekly

Your twice-a-week roundup of promising stocks, funds, companies and industries you should consider, ones you should avoid, and why.

Signup +

Sent weekly for six weeks

Kiplinger Invest for Retirement

Your step-by-step six-part series on how to invest for retirement, from devising a successful strategy to exactly which investments to choose.

Signup + An account already exists for this email address, please log in. Subscribe to our newsletter

Last year, in one of the largest data breaches in history, more than 16 billion log-in credentials were exposed from Apple, Facebook, Google and other platforms. Add that to the long list of recent cyber threats putting your personal online accounts at risk.

All told, the internet privacy and security company NordVPN reports that more than half of Americans say they’ve been the victim of a data breach. And two-thirds suspect their personal information could be for sale on the dark web. Advances in technology make these cyberattacks increasingly easy to execute, says Robert Raymond, first vice president at HUB Private Client, a high-net-worth insurance provider.

"It used to be that all of this criminal activity was done by hobbyists who were tech experts. Now you can be a nobody," using software from the dark web, he says. The result is that the traditional steps you may be taking to protect yourself — say, using varied and complex passwords as well as two-factor authentication — are likely no longer sufficient to thwart the bad guys.

From just $107.88 $24.99 for Kiplinger Personal Finance

Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues

CLICK FOR FREE ISSUE

https://cdn.mos.cms.futurecdn.net/flexiimages/y99mlvgqmn1763972420.png

Sign up for Kiplinger’s Free Newsletters

Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.

Profit and prosper with the best of expert advice - straight to your e-mail.

According to a 2025 report from the Federal Bureau of Investigation, Americans lost $16 billion to internet crime in 2024, a 33% increase from the year before, with adults over age 60 filing the most complaints. Meanwhile, a November 2025 study from the financial industry research group PYMNTS Intelligence found that 30% of victims never recover a dime.

Fortunately, just as tech developments have enabled cybercrime to grow, there are now more technologically sophisticated ways to fight back. Here’s what experts advise.

Set up multifactor authentication.

For years, two-factor authentication — say, having to enter a one-time-use code, sent by e-mail or text, in addition to your password before you can log in — has been the gold standard in protection.

Experts say that’s not exactly true anymore. "Two-factor has evolved," says Michael Sherwood, vice president of consumer product at cybersecurity company Malwarebytes. The new iteration is multifactor authentication, or MFA, which mostly relies on more than two steps — maybe requiring a password and code sent to your phone, but one that can only be accessed with your fingerprint or an app. Some forms require using more than one device, such as a push notification sent to your phone when you log in to an account on your laptop.

"The fact that you’re asked to show that you’re the same person on two different systems that are uncorrelated gives confidence that it’s really you," says Ran Canetti, codirector of the Center for Reliable Information Systems and Cyber Security at Boston University.

If you’re prompted to set up multifactor authentication at a trusted site when you log in, it’s smart to do so, experts say. Or go to the security settings on your account; if multifactor authentication is supported, you’ll be able to find and enable it.

NordVPN deal with Amazon gift card

Get up to 74% off NordVPN and receive an Amazon gift card for a limited time. The service offers fast, secure connections, added protection against phishing and scams and the ability to access your content while traveling.

View Deal

Download an authenticator app.

A businesswoman using a laptop at her desk during a late night at work.

(Image credit: Getty Images)

These apps are one of several methods used in MFA to verify your identity. They work by generating a new code, typically on your mobile device, each time you log in to an online account. After you enter your password, you’ll get a prompt to enter the code. This is more secure than verification protocols that use e-mail or text messages, which can be intercepted by criminals.

Typically, each code is good for only 30 seconds, which further narrows the window of opportunity for crooks, says Eva Velasquez, CEO of the Identity Theft Resource Center, a nonprofit organization.

"If someone’s trying to brute-force their way in, the codes aren’t good for long." How you access an authenticator app depends on your mobile device platform and manufacturer.

Options include using built-in authenticator software or downloading an app such as Cisco’s Duo Mobile from Apple’s App Store or Google Play.

Enable biometric identification.

Biometric identification uses unique physical characteristics such as your fingerprints, voice or face to verify you are who you say you are when you log in to an online account.

"I’m not going to say biometric IDs are a silver bullet," Velasquez says. "But they do eliminate an entire source of account access because you can’t self-compromise" — meaning that you can’t easily be tricked into giving a criminal your fingerprint.

You should back up biometric authentication with a secondary means of access, such as a PIN. Then share that method with a trusted individual, such as your spouse, suggests Patrick Simasko, a financial adviser and elder and estate law attorney in Mount Clemens, Michigan.

Otherwise, he says, if you suddenly die or become incapacitated with no backup access, "that’s an absolute nightmare for families. They need some other method to get into those accounts."

Use a passkey, when prompted.

A man using his phone in the airport

(Image credit: Getty Images)

A passkey is like a password, but with a lot more sophisticated computer firepower behind it. Each one is unique to your device and to the platform using it, and you have to be in physical possession of your phone, tablet or computer for a passkey to work.

If a criminal gets hold of your username and password, he or she can log in to an account from anywhere; if passkeys are enabled, though, the prompt is pushed to your physical device, which the criminal wouldn’t have.

Each passkey consists of a pair of encrypted keys, one stored on your device and the other on the platform’s server. When you attempt to log in, the remote server sends a cryptographic "challenge," often via text or push notification, to request access to your device. You’ll be prompted to perform an action such as entering a single- use code or using your fingerprint, which sends your device’s half of the passkey back to the remote server to unlock access.

Crucially, because half of the passkey is held by the platform, you can’t access it — which means you can’t give a criminal access to it unwittingly, either. Says Raymond, "A passkey is the best way, I believe, to secure your online identity."

Today's best password manager deals

1Password $2.99/mthView60% off

RoboForm Premium $11.90/yearView50% off

Keeper Family Plan $3.54/mthView

Note: This item first appeared in Kiplinger Personal Finance Magazine, a monthly, trustworthy source of advice and guidance. Subscribe to help you make more money and keep more of the money you make here.

3 Steps to Keep Your Digital Data Safe, Courtesy of a Financial Planner
Is Identity Theft Protection Worth It?
Seven Things to Do Right Away If You're a Victim of a Data Breach

Get Kiplinger Today newsletter — freeContact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

Martha C. WhiteContributor

Martha C. White has been a freelance writer for nearly 20 years, concentrating on personal finance, business and the economy. She has written for The New York Times, The Wall Street Journal, CNN, Time, Money, NBC News, Inc., AARP magazine, Slate, Inc., Fast Company, AOL and other outlets.

Her writing spans a broad range of Wall Street and Main Street issues. She has reported on credit and debt, markets and investing, retirement, jobs, real estate, small business, economic policy and business travel, among other topics.

White holds a B.A. in English from Princeton University and lives in New York's Hudson Valley.