New Ways to Keep Online Accounts Safe
As cybercrime evolves, the strategies you use to protect yourself need to evolve, too.
Last year, in one of the largest data breaches in history, more than 16 billion log-in credentials were exposed from Apple, Facebook, Google and other platforms. Add that to the long list of recent cyber threats putting your personal online accounts at risk.
All told, the internet privacy and security company NordVPN reports that more than half of Americans say they’ve been the victim of a data breach. And two-thirds suspect their personal information could be for sale on the dark web. Advances in technology make these cyberattacks increasingly easy to execute, says Robert Raymond, first vice president at HUB Private Client, a high-net-worth insurance provider.
"It used to be that all of this criminal activity was done by hobbyists who were tech experts. Now you can be a nobody," using software from the dark web, he says. The result is that the traditional steps you may be taking to protect yourself — say, using varied and complex passwords as well as two-factor authentication — are likely no longer sufficient to thwart the bad guys.
From just $107.88 $24.99 for Kiplinger Personal Finance
Become a smarter, better informed investor. Subscribe from just $107.88 $24.99, plus get up to 4 Special Issues
Sign up for Kiplinger’s Free Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
According to a 2025 report from the Federal Bureau of Investigation, Americans lost $16 billion to internet crime in 2024, a 33% increase from the year before, with adults over age 60 filing the most complaints. Meanwhile, a November 2025 study from the financial industry research group PYMNTS Intelligence found that 30% of victims never recover a dime.
Fortunately, just as tech developments have enabled cybercrime to grow, there are now more technologically sophisticated ways to fight back. Here’s what experts advise.
Set up multifactor authentication.
For years, two-factor authentication — say, having to enter a one-time-use code, sent by e-mail or text, in addition to your password before you can log in — has been the gold standard in protection.
Experts say that’s not exactly true anymore. "Two-factor has evolved," says Michael Sherwood, vice president of consumer product at cybersecurity company Malwarebytes. The new iteration is multifactor authentication, or MFA, which mostly relies on more than two steps — maybe requiring a password and code sent to your phone, but one that can only be accessed with your fingerprint or an app. Some forms require using more than one device, such as a push notification sent to your phone when you log in to an account on your laptop.
"The fact that you’re asked to show that you’re the same person on two different systems that are uncorrelated gives confidence that it’s really you," says Ran Canetti, codirector of the Center for Reliable Information Systems and Cyber Security at Boston University.
If you’re prompted to set up multifactor authentication at a trusted site when you log in, it’s smart to do so, experts say. Or go to the security settings on your account; if multifactor authentication is supported, you’ll be able to find and enable it.
Download an authenticator app.
These apps are one of several methods used in MFA to verify your identity. They work by generating a new code, typically on your mobile device, each time you log in to an online account. After you enter your password, you’ll get a prompt to enter the code. This is more secure than verification protocols that use e-mail or text messages, which can be intercepted by criminals.
Typically, each code is good for only 30 seconds, which further narrows the window of opportunity for crooks, says Eva Velasquez, CEO of the Identity Theft Resource Center, a nonprofit organization.
"If someone’s trying to brute-force their way in, the codes aren’t good for long." How you access an authenticator app depends on your mobile device platform and manufacturer.
Options include using built-in authenticator software or downloading an app such as Cisco’s Duo Mobile from Apple’s App Store or Google Play.
Enable biometric identification.
Biometric identification uses unique physical characteristics such as your fingerprints, voice or face to verify you are who you say you are when you log in to an online account.
"I’m not going to say biometric IDs are a silver bullet," Velasquez says. "But they do eliminate an entire source of account access because you can’t self-compromise" — meaning that you can’t easily be tricked into giving a criminal your fingerprint.
You should back up biometric authentication with a secondary means of access, such as a PIN. Then share that method with a trusted individual, such as your spouse, suggests Patrick Simasko, a financial adviser and elder and estate law attorney in Mount Clemens, Michigan.
Otherwise, he says, if you suddenly die or become incapacitated with no backup access, "that’s an absolute nightmare for families. They need some other method to get into those accounts."
Use a passkey, when prompted.
A passkey is like a password, but with a lot more sophisticated computer firepower behind it. Each one is unique to your device and to the platform using it, and you have to be in physical possession of your phone, tablet or computer for a passkey to work.
If a criminal gets hold of your username and password, he or she can log in to an account from anywhere; if passkeys are enabled, though, the prompt is pushed to your physical device, which the criminal wouldn’t have.
Each passkey consists of a pair of encrypted keys, one stored on your device and the other on the platform’s server. When you attempt to log in, the remote server sends a cryptographic "challenge," often via text or push notification, to request access to your device. You’ll be prompted to perform an action such as entering a single- use code or using your fingerprint, which sends your device’s half of the passkey back to the remote server to unlock access.
Crucially, because half of the passkey is held by the platform, you can’t access it — which means you can’t give a criminal access to it unwittingly, either. Says Raymond, "A passkey is the best way, I believe, to secure your online identity."
Related Content
Note: This item first appeared in Kiplinger Personal Finance Magazine, a monthly, trustworthy source of advice and guidance. Subscribe to help you make more money and keep more of the money you make here.
-
The Merger Market is Heating Up. Here's How to Cash InInvesting in takeover deals can be a low-volatility way to diversify your portfolio.
-
Can Your Car Insurance Add Strangers to Your Policy? A Florida Class Action Lawsuit Could DecideA Florida driver says GEICO added complete strangers to her car insurance policy and jacked up premiums as a result.
-
Vanguard Cuts Fund Fees Again. Here's Why That's Important for YouVanguard recently cut fees on dozens of ETFs and mutual funds, which is great news for investors. Here's why.
-
Can Your Car Insurance Add Strangers to Your Policy? A Florida Class Action Lawsuit Could Decide
A Florida driver says GEICO added complete strangers to her car insurance policy and jacked up premiums as a result.
-
Life Loves to Throw Curveballs, So Ditch the Rigid Money Rules and Do This InsteadSome rules are too rigid for real life. A values-based philosophy is a more flexible approach that helps you retain confidence — whatever life throws at you.
-
The Best Short-Term CD for Your Cash in 2026This strategy can help you earn thousands in months.
-
Samsung Galaxy S26 Ultra: What to Know Before You UpgradeThe Galaxy S26 Ultra brings new features and strong launch deals, but whether it’s worth upgrading depends on what you already own.
-
What Is an Assumable Mortgage and Could It Save You Thousands?With mortgage rates still elevated, taking over a seller’s existing home loan could lower monthly payments — if the numbers work.
-
Have You Fallen Into the High-Earning Trap? This Is How to EscapeHigh income is a gift, but it can pull you into higher spending, undisciplined investing and overreliance on future earnings. These actionable steps will help you escape the trap.
-
I'm a Financial Adviser: These 3 Questions Can Help You Navigate a Noisy Year With Financial ClarityThe key is to resist focusing only on the markets. Instead, when making financial decisions, think about your values and what matters the most to you.
-
Where Olympians Store Their Medals is a Great Lesson For Your Valuables and CashWhat you can learn about protecting your cash and values from where Olympians store their medals.
