How to keep your online account secure

Learn how to keep your accounts and sensitive data safe and secure online.

Password security

In most cases, your password will be the only thing protecting your online accounts, which is why you should always make sure you have a strong password.

We have provided a few helpful hints and tips on how to make your password as secure as possible.

It’s so easy to use the same password for all your accounts, but this can be dangerous.

Hackers know that many of us use the same (or similar) passwords for most of our online accounts. If they manage to get hold of a password for one account, they will often use an automated process to try and log in to as many online services as they can using that password.

If you use the same password for your email account, online shopping websites, social media and your online bank – the hacker would only need to find the password for one of these to be able to login to all your online services. That’s a lot of information.

To make your password as strong as possible, we recommend you use a combination of uppercase and lowercase letters, numbers, and even special characters. This makes it much more difficult for automated programs and hackers to guess your password. Check out the Learn how accounts become compromised section below to understand how hackers get hold of account passwords.

Do not use real words in your password. Hackers will often use an automated software that attempts to guess account passwords using dictionary words. If your password is based on a dictionary word, it’ll be much easier a hacker to work it out.

A good way to secure your password is to substitute some of the letters in your password for numbers. For example, instead of writing the letter 'S', you could use the number 5, which looks very similar. The same applies for other letter and number combinations.

It may sound a bit obvious, but you should never share your password with anyone - even if you trust that person. They may not mean to, but a mistake could compromise your accounts. They could enter your details into a computer that is infected with malware; or if a hacker manages to break into one of their accounts, the hacker might then be able to use the information they find to hack you too.

Trusted people includes professionals like Technical Support Agents, or your computer engineer. You should never share your passwords with anyone.

You should regularly change your passwords – even if your passwords are strong and unique.

Even if you don’t have any reason to believe any of your accounts have been compromised, it’s still worth changing your passwords regularly. Sometimes, when a hacker gains access to an account, they may just monitor it until something valuable appears. For instance, they may watch an email account until a password reset link for a bank appears.

It may not seem that your account has been compromised at all, so changing your password regularly is a good way of minimising the risk of this happening.

It’s up to you how often you change your passwords, but it's generally a good idea to change them every few months.

Password managers are software applications that store your login information for all the websites you use. This way, you’ll be able to create a complicated and original password for each of your services without having to write it down anywhere.

Because you’ll be using them to store such sensitive information, you should make sure you do your research before you select a password manager. Many reputable security suites, such as Norton, include a password manager as part of the service.

How does a password manager work?

Password managers making it easier for you to create unique login details for all your online services by remembering your login details for you. These will be encrypted in a database, protected by a master password.

When set up, your password manager will handle all the logins for all your online services for you. When you try to access one of your accounts, you’ll be prompted enter your master password into your password manager. The password manager will then retrieve your login details for the service you’re trying to access.

The best password management services use two-step authentication. With two-step authentication, a hacker will still need to complete a second step (which is usually linked directly with one of your devices) before they can log in – even if they have your password.

It’s very important that you use a completely unique and very complex master password. If your master password is obtained by a third party, and you don’t have two-step authentication, a hacker could gain access to all your online accounts through the password manager.

Most online services have password recovery options. These are used to regain access to your account if you forget the password. These questions normally ask for things like your favourite football team or your mother’s maiden name.

To be as secure as possible, make sure these questions and answers as hard as possible to guess. You don’t want to use information that people can easily find out about you online.

Install an anti-virus software

You should make sure that you have anti-virus software installed on all the devices you use online. Computers, tablets and mobile phones can all be infected with malware, which hackers use to farm sensitive information like your logins, passwords and even your financial information. If you don’t have any online security yet, you can try our Virgin Media Internet Security on PC or Mac. Get Internet Security powered by F-Secure on unlimited devices for £30 a year, with your first 3 months free. It’ll automatically detect and remove viruses, malware, ransomware and spyware. What’s more, it’s compatible with all device types, from your laptop or MacBook to your Android or iPhone. Log in to your account to activate Virgin Media Internet Security.

Update software on your devices

Operating systems and software applications sometimes have vulnerabilities in their code. These can be exploited by a third party to steal personal information. When these weaknesses are discovered, they’ll usually be fixed by developers with a software update or a patch. That’s why you should always make sure your software as been updated to the latest version. Most operating systems have an automatic update system, so you should make sure that’s activated. When you’re busy, it’s very easy to keep putting an update on snooze. To keep as secure as possible, you should run the installation as soon as you can. Learn how to update software.

Get familiar with two-factor authentication

You may see that some companies will ask you to set up two-factor authentication (or multi factor authentication) after creating a password. This means that when you sign in you’ll need to enter your password and a second piece of information – usually a one-time code from a text or mobile app.

Encrypt sensitive information

Encryption is the most effective way to properly secure your data. To read an encrypted file, you must use a security key or password to decrypt it. There are a number of ways to encrypt files. You can get specialist encryption software and applications. Some computer operating systems can be set to encrypt your hard drive’s contents when the machine is not being used. You can also find secure note functions on some password managers, which allows text to be held securely.

Maintain fraud awareness

Hackers will frequently use fraudulent emails and texts to try steal your sensitive information. We have provided some help and advice on how to avoid this kind of fraud below.

Emails and texts can be written to look like they’ve come from a trusted company or individual when in fact they haven’t.

By pretending to be reputable companies, hackers will try to trick you into revealing your sensitive information – either by entering it into fraudulent sites or sending it to them directly. Alternatively, they will attempt to trick you into downloading some malicious software that will attempt to farm sensitive information from your device.

If you have any suspicions that the message could be fake, you should never click any links or download any software contained within the message. You should also never reply to the message with any sensitive information.

If you are worried, you can always contact the company or individuals the email claims to be from to ask if the message is genuine.

There are also a few things to look out for in a message that can help you identify it as a scam:

  • Does the email address or number the message not look quite right?

  • Is it asking for personal information like bank details or your NI number?

  • Is the message poorly written or contain lots of spelling mistakes?

Find out what else can help you identify scam emails and texts, or learn more about how to prevent scams.

Stopping scam emails

Usually, these kinds of scams are sent through spam emails. While most will be safely filtered into your junk folder, some can still get through. Don’t worry, we have a guide that can help you manage these unwanted messages. Learn how to stop spam emails.

If you’ve been a victim of cybercrime, or if you’ve spotted any potential cybercrime online, then you should report it. Visit Action Fraud, the police’s online national fraud and cybercrime reporting site.

You can also report an incident to the Internet provider that owns the IP address that is responsible for the abuse. All reputable Internet providers forbid users from committing abuse over their networks – and can disconnect those who do. You can identify who the Internet provider is by running a Whois lookup on the IP.

Keep physical security in mind

Personal and financial information isn’t only stolen through hacks. It’s always important to keep your devices secure, and never give out sensitive account information to anyone – even those you trust.

We recommend you do the following to help you keep your accounts safe:

  • Always lock your computer when you’re not using it, even if you’re just leaving it for a minute or so to grab a coffee

  • Never set your web browser and other applications to remember your account passwords, unless you are the only person that uses that computer

  • When using a computer you share with others, always log out of any online services after using them

  • Don’t write your passwords down on paper. Burglars are becoming increasingly aware that people keep passwords written down

  • Never provide information or data to someone you do not trust – if you have any suspicions that someone is not legitimate, ask for identification or contact the company they claim to represent

Learn how accounts become compromised

Online accounts can become compromised in a number of ways. We have outlined the most common techniques used by hackers below:

  • Malware – Often referred to as viruses, malware is malicious software designed to steal personal and financial data or use your computer in order to commit abuse such as participating in network attacks. Malware is often installed without a user’s knowledge – it’s often bundled with illegal downloads of media or downloaded from untrustworthy websites

  • Phishing – Malicious third parties may send emails or other types of messages that are written to look like they have been sent by a reputable source to steal information from you or to infect your machine with malware. An example is an email that appears to come from your bank asking you to update your online password

  • Social Engineering – This is where a malicious third party uses social techniques to get information out of someone or to trick someone into doing something for them. A good example is someone calling you saying they’ve noticed your computer is infected with malware and they require access to your computer to resolve it. Once given access, they will be able to install malware, extract personal information and even hold your data to ransom

  • Password attacks – A password attack is when various techniques are used to gain access to a system or service that requires a password

  • Dictionary/Rainbow attacks – These are automated processes that attempt to access accounts using commonly used password or dictionary words, trying them one after another until access is gained.

  • Brute force attacks – These attacks will automatically try every possible combination of letters, numbers and special characters to guess the correct password for an account.

  • Password re-use attacks – Hackers know that a lot of people use the same (or similar) passwords for most of the accounts they use online. When they get hold of a password for one account, they will often use an automated process to try and login to as many online services they can think of using that password

  • Vulnerability exploitation - Software applications often have vulnerabilities in their code that can be exploited by a third party to perform malicious attacks and steal personal information

  • Data leaks - Hackers rarely keep stolen data to themselves. They will often publish or sell usernames, passwords, and any other data they’ve stolen, allowing other malicious third parties to use the credentials to access your accounts.

Always back up data

Having your device’s important information backed up and saved in a remote location means it can remain safe if something goes wrong. Sometimes, when your device gets a virus or becomes infected with malware, you might need to format it to clear the malicious software. This won’t only clear the virus, but all your personal data too. That’s why it’s so important to back up. But it’s not only through malicious software that you can lose your data. Hardware damage or other physical damage to your computer, or theft, can leave you without your data. There is plenty of data backup software out there to choose from. The most trustworthy will come as part of a larger security suite, though these can be a little more expensive.

Use a VPN

A VPN helps protect your data from prying eyes, especially when using public WiFi. It's much easier for hackers to access your online activity on a public connection than it is when you're on a private secured network. A VPN encrypts your data, so any would-be hackers won't be able to see sensitive information like your passwords or bank card numbers. You can get a VPN as part of an online security package, though you may need to pay a subscription. Usually, you'll be able to use your package across multiple devices, meaning you can protect your laptop and phone from one subscription.

Use passcodes on all your devices

Just as a strong password is important for protecting your online accounts, you should always protect your devices with a good passcode. Laptops, MacBooks and phones all generally prompt you to create passcodes during setup, so make sure you don’t ignore this step. Like with passwords, we recommend using a unique passcode on each of your devices.

More Information about keeping your account secure

You can find more help and support for security issues, including what to do if you’ve been the victim of online fraud or cybercrime, on our security hub. Learn more about online security.