How To Protect Your Identity Online

Lauren Sakiyama
Brandon King
December 6, 2023

What if protecting your identity online was easier than you thought? 

At first glance, figuring out how to protect your identity online feels like a monumental and complicated task. You know it’s important, but where do you even begin? 

That’s where these 12 simple steps come in. 

If you put all of these into practice, stealing your identity would be a near impossibility. And you can act on most of these in as little as a few hours. 

So, if protecting your identity online is something you’ve been meaning to get around to, there’s no better time than now. Here’s how: 

1. Invest In an ID Theft Protection Service: Takes 15 Minutes

If you only do one thing after reading this article, this should be it. Purchase the best Identity theft protection plan, and you’ll protect your entire digital footprint in one easy step. 

Good ID theft protection services watch the internet for signs of identity theft, so you don’t have to. That means they provide monitoring for your: 

  • Social Security number 
  • Credit score
  • Home title 
  • Financial transactions
  • Public Records 

They’ll also watch for USPS address changes, payday loans taken in your name, and social media accounts using your name or image. 

On top of that, these services usually offer antivirus software that blocks spyware, viruses, and phishing scams while you’re browsing the internet. So, if you’re serious about protecting your identity, first and foremost, you should be using one of these. 

2. Ensure You’re Using an Encrypted Connection: Takes 1 Minute

Check out the left-hand side of your address bar, right next to the website URL


See that little lock symbol? 

Good. That means the site you’re browsing is encrypted, ensuring any data you share is safe. 

Encryption alters text, making it near impossible for someone with ill intent to read. So, if you enter a password, credit card number, or any personal information, it’s safe. 

When encryption isn’t present, cybercriminals can read and steal any information you enter. So, ensuring your connection is encrypted is crucial, especially if you’re shopping, online banking, or filling out forms. 

If you want to go a step further than basic encryption, you could also consider a Virtual Private Network or VPN

VPNs ensure your data is encrypted on every site. They also conceal your IP address. That means even your internet service provider (ISP) can’t see your online activity. 

You can install VPNs as stand-alone software (Norton LifeLock offer the best VPNs) or opt to include one from the best protection service.

3. Create Strong Passwords: Takes 5 Minutes 

Creating strong passwords is one of the easiest things you can do to protect your identity online. 

A strong password: 

  • Uses a combination of letters, numbers, and symbols. If the site allows a mix of capital and lowercase letters, numbers, and symbols like “!” or “?”, use all of them in your password.
  • Does not use words or numbers associated with you. That means no birthdates, addresses, pet names, or children’s names. 
  • Is not a password you’re already using on another site. Your email password should be different from your banking password, and neither of those should match your Facebook password, etc. 
  • Changes regularly. You should change your password on a regular basis, as often as 3-4 times per year. 

At this point, you’re probably thinking all that sounds great, but there’s just one problem…

If I use a random combination of letters, words, and symbols not associated with me in any way and I change it regularly —How do I remember it?! 

Two words: Password Manager. 

Password managers auto-generate and securely store passwords for you, so you don’t have to remember them for each site. Plus, most of them will remind you to update your passwords regularly. 

Password managers may come with your phone or your internet browser. For example, Google has a password manager that you can use across devices, from your phone to your laptop, as long as you’re using Android or Chrome. 

4. Use 2 Factor (Or Multi-Factor) Authentication: Takes 5 Minutes

You should also opt-in for 2-factor authentication (2FA) or multi-factor authentication (Multi FA) whenever a site offers it. 2FA requires you to provide two forms of identification to log-in to your accounts. Multi-factor authentication requires you to provide at least two and sometimes more identification forms at login. 

There are several types of 2FA and Multi FA available for sites to use, but you’re most likely to run into either SMS verification or push notifications

With SMS verification you’ll receive a text message when you try to log into a site. The text will contain a code that you need to enter along with your regular password. 

Push notifications send a signal to your phone prompting you to accept or deny a login attempt. 

Both options prevent cybercriminals from accessing personal accounts. Even if a criminal manages to steal your password, unless they have your cell phone in hand, they can’t get in. 

2FA or MFA are available for online banking and most social media sites. They’re also common on popular e-commerce sites that store your credit card information. Wherever you see it as an option, you should opt-in. 

5. Set Up Bank Alerts: Takes 5 Minutes 

You may be able to stop an identity thief in their tracks by setting up bank alerts with your financial institution. Allowing the bank to alert you or freeze your account when they notice suspicious activity could stop a criminal from stealing your money or doing other damage. 

Many banks also allow you to set up daily or weekly notifications. With these in place, the bank can send you a daily or weekly summary of your accounts. 

Regularly review your accounts for transactions you don’t recognize. If you find one, let your bank know so they can take action.

6. Avoid Phishy Emails, Attachments, and Links: Takes 0 Minutes

When cybercriminals pretend to be trustworthy entities, like banks, government institutions, or hiring managers for large companies, we call it phishing

In a phishing scam, you might receive an email, text, phone call, or social media message that looks legitimate but isn’t. The message may ask for personal information like your social security number or banking information. Or, it may include a link or attachment that installs malware on your device. 

To avoid phishing scams:

  • Only open emails and messages from senders you know and trust.
  • Don’t give any personal information unless you trust the sender and are sure it’s necessary. 

Government entities like the IRS will never email or call you for tax information, and your bank probably isn’t going to ask for your social security number through a text. If you’re not sure, call the institution directly and let them know what’s going on.  

7. Make Sure Your Router Has a Secure Password: Takes 7 Minutes

Many of us choose to have professionals set up our WiFi. When they do, they usually make our passwords something easy to remember. More often than not, they use a phone number or birthdate. That may be convenient, but if your wireless router has an easy (aka weak) password, you should change it. 

Here’s why…

All of your devices connect to your router to get online. If a criminal can access your router, they can monitor all of your internet traffic and may be able to access your connected devices too. 

In some cases, they can even set things so that when you connect to the internet through that router, you end up on a phishing site. A phishing site looks legitimate, but thieves have access to the information you enter on it. 

That’s why having a secure password for your router is crucial. Use the tips we gave for strong passwords above.

✎  Related: The Risks Internet of Things (IoT) ➔

8. Configure Your Web Browser Correctly: Takes 5 Minutes 

Popular Search Engines

Identity thieves may be able to use vulnerabilities in your web browser to gather your private information.   

Fortunately, there are a few simple steps you can take to help prevent this:

  • Keep your browser up to date. If your browser recommends an update, download it. Better yet, opt-in for automatic updates. 
  • Block pop-ups and plugins. Usually, you can do this in your browser’s security settings. 
  • Turn off autofill for forms and payment information. Criminals can install invisible auto-fill forms to web pages and easily gain your information. 

9. Only Enable Cookies If You Must: Takes 3 Minutes 

Cookies aren’t bad overall. You need them for certain sites to run correctly. However, too many cookies can create security risks. 

Savvy cybercriminals can hijack your cookies. Doing so allows them to impersonate you online. They can gain unauthorized access to the sites you frequent. 

So, when you see the “accept cookies” banner on a website, think twice before saying yes. 

If cookies are necessary for the site to work properly, go ahead and allow them. If they’re not, you can always click “reject.” 

Now and then, you should also delete your cookies from your browsing history. Doing so may log you out of sites you frequent. 

Is logging back in frustrating? 

Maybe, but it’s worth the extra security. And, if you use your password manager (like we mentioned you should) it shouldn’t be too hard.  

10. Audit Your Online Presence and Credit Score: Takes 30 Minutes

If someone hacks into your Twitter account or starts racking up charges on your credit card, you’ll probably notice right away. But here’s the thing…

Most of your online identity isn’t so obvious. 

The vast majority of your digital footprint is hard to see, and you might not realize a thief is already using your information

To ensure cybercriminals aren’t already taking advantage, here are a few things you can do: 

  • Use a site like UnMask to run a background check on yourself. If you see anything online that shouldn’t be, you can take steps to get rid of it. 
  • Check your credit report. Per FTC rules, you’re entitled to a free credit report every 12 months. So get one! Then check it for inaccuracies. If you find any, reach out to the credit reporting company and relevant financial institutions. 
  • Delete unused accounts. If you’ve been online for any length of time, you probably have a bunch of social media, store, and other accounts you don’t use anymore. Your web browser’s password manager can provide a list of sites you’ve used it for. If you’re not using those accounts, go through and delete them. 

11. Be Mindful of What You Share: Takes 10 Minutes 

Social media seems like an innocent way to share news with caring family and friends. Whether it’s the birth of your first child or a silly selfie with your cat, sharing with people online is standard practice today. However, it’s not without risks. 

Sharing too much information on social media sites gives identity thieves everything they need to wreak havoc on your life. We’re not saying you should give up Instagram or Facebook altogether, but you should be mindful of what you post. 

Here’s how: 

  • Never share your address. That means you should think twice before posting a picture of you in front of your new house! 
  • Don’t share your children’s names, pet names, or birthdates. These are common security questions and passwords (though you should be using stronger passwords, like we mentioned above).

Plus, sharing a child’s name and birthdate together makes them vulnerable to identity theft. One day, your child will apply for financial aid or a credit card. The last thing you want to discover is that someone stole their identity because of something you posted.

  • Be careful of images. Make sure pictures don’t include private information in any way. Sometimes private details slip into the background without our realizing. 

If you’re thinking, well, my account’s private, so I’m not worried about all of the above

That’s not enough! 

Keeping your account private is a great security measure, but you should still follow the above best practices. 

You should also opt-in for 2-factor identification if possible. 2-factor identification can feel like a pain when you’re logging in, but, as we discussed above, it’s worth the hassle.

12. Watch For Data Breaches: Takes 10 Minutes 

Criminal hackers usually target big businesses, governments, and healthcare facilities. Usually, they’re looking for sensitive data that they can sell. That often includes personal information for private citizens. 

If your information is involved in a data breach, the company is required to inform you by law, but that can take time. And when it comes to protecting your identity, acting fast is everything, 

Larger data breach events usually make the news. If you hear about one that could have put your information at risk, here’s what you can do: 

  • Change your password immediately. Depending on the extent of the breach, changing your password for the affected site or institution could be enough to stop an identity thief. 
  • Monitor your credit report. Keep tabs on your credit report and watch for any unusual activity. If you notice anything, report it right away. 
  • Consider freezing your credit report. You can freeze your credit if you suspect that criminals have your information. Doing so isn’t without cost, though. You usually can’t apply for any sort of financing while your credit is frozen, so this only works in some situations. 

Final Thoughts 

Learning how to protect your identity online isn’t as hard as some make it appear. What seems like a huge chore is actually a pretty simple task. Using the actionable steps listed above will help you ensure your personal information stays secure. 

And if you’re afraid it’s already too late, there are things you can do. Start by reading our guide on the warning signs that your identity has been stolen. It will walk you through the symptoms of identity theft and give you tips on what to do next.