Account Security
TLDR
Use a unique password for each account that is:
At least 12 characters long
Not a dictionary word
A mixture of uppercase letters, lowercase letters, numbers, and symbols
Use a password manager to help remember all those passwords
Enable MFA on all accounts (especially your email account!)
Passwords
Passwords are your first line of defense on your online accounts. Having strong, unique passwords for your online accounts will reduce the likelihood that attackers can gain access to your accounts without any action by you.
I recommend using the following guidelines when creating a password:
At least 12 characters long
Not a dictionary word
A mixture of uppercase letters, lowercase letters, numbers, and symbols
An easy way to accomplish this while still being able to remember a password is to use a "passphrase", or sentence, as your password, while replacing some letters with numbers and symbols. For example, the password "mYc@tisth3bes7!" is very strong, yet easy to remember because it uses the phrase "my cat is the best" with a few letter replacements.
But how am I supposed to remember all these long, unique passwords?
The easiest way to keep track of your passwords is to use a password manager, which is an app that you can securely store all your passwords in. If you have an iPhone, you have a built-in password manager on your phone. Just search your settings app for "passwords" and you will see a setting with a small key icon. In these settings, you can view, edit, and add passwords for your online accounts securely. Just make sure you have a passcode on your phone.
Multi-Factor Authentication (MFA)
Sometimes called two-factor authentication (2FA), MFA puts an extra layer of security on your online accounts. It does this by requiring multiple authentication factors, or proofs that you are the one attempting to access the account. This is one of the most important parts of account security, because even if an attacker obtains your password, they will not be able to access the account without the second factor of authentication.
You may be familiar with MFA if you use online banking, where after you input your password, you need to provide another one-time code sent to your phone or email.
If you use an app for MFA, it is important that you choose one that is trustworthy. I recommend using Google Authenticator or Microsoft Authenticator.
Identify Your Most Important Accounts
If you don't already follow the above guidance with passwords and MFA, it can be a huge project to edit the settings for all your accounts. To break it up, start by identifying your most important online accounts. These are things such as:
Email accounts
Financial accounts
Work accounts
Your email account is the most important account you have. It is more important than any social media account or financial account. This is because if an attacker gets access to your email account, they will be able to reset the passwords for all of your other accounts tied to that email address. You also will not be able to get access back to those accounts, since you would need your email account to reset the passwords again.
If you don't do anything else, make sure you have a strong password and MFA set up on your email account.