Photo of a woman protecting her online accounts.

5 ways to protect your online information

We bank and pay our bills online. We shop online. We transfer money to friends and access investment and credit cards and 401(k) accounts online.

Think of all the information you share on your social media accounts. What could someone piece together about you that would allow cybercriminals to hack into your email or other accounts?

1 in 4 U.S. adults are a victim of cybercrime each year.1

“If you use the same, simple password for multiple accounts, then you’re making it even easier for them,” says Meg Anderson, vice president-chief information security officer at Principal®.

Make securing access to your financial accounts a priority.

We’d all love a virtual watchdog guarding the front door to our computer files and account information. But you’re the best person to defend your accounts, so take matters into your own hands to keep the cybercriminals far, far away.

Anderson offers five ways to protect your online information.

1. Take advantage of two-factor authentication (2FA), also known as multifactor authentication (MFA).

Whenever it’s available, you should use 2FA. That means you’ll need more than just your username, password, or passphrase to log in, giving you an extra layer of security. A common 2FA approach is for a passcode to be sent to an app on your smartphone.

Using 2FA is the best way to secure access to your financial accounts. It simply makes it more difficult for potential intruders to gain access and steal your personal data, money, or identity—even if they have (or guess) your password.

We strongly encourage customers who have an account with Principal (whether it’s an IRA, a retirement account, or life insurance) to set up 2FA for their personal login. To learn more, read “Keep prying eyes out of your online accounts.”

Graphic of a thumbtack. Tip: Do you have an account with Principal? Make access to it even more secure by setting up MFA. Log in now to get started.

2. Turn your passwords into “passphrases.”

If you find passwords hard to remember, one way to make them easier to recall is to use a passphrase instead. (Passphrases are stronger, too.)

Just come up with a phrase that is easy for you to remember, but hard for others to guess. Maybe something like “My little Blue Dog has a funny nose, too!” Make it even stronger by adding some characters, numbers, and both upper/lower case letters. In this case, “My1itle(Blue)D0ghas^FunnyNose2#” could add more complexity without making it too hard to remember.

3. Protect your account numbers, PINs, passwords, and passphrases.

We recommend using a password safe or vault. You can find these apps or sites through an online search. (LastPass, Dashlane, 1Password are some common examples.) You set up a master password, and then the “vault” remembers and auto-fills all passwords you put into it. These programs can even be used to generate and remember complex passwords for nearly any site.

4. Practice smartphone and mobile device security.

“Use public wi-fi networks with caution,” Anderson says. “Coffee shops, airports, and other public places sometimes offer free internet access. Think twice before connecting to networks that don’t require any type of registration or access code and use them only as a last resort.”

She says to avoid handling financial transactions or completing forms that require personal information when you’re on any public network.

Anderson offers other phone and mobile device security tips:

  • Use a passcode to access your phone. Yes, it may slow you down, but it’s more secure. Most phones now offer biometric authentication like fingerprints or facial recognition, which is even better.
  • Never send sensitive data like credit card info via text message.
  • Check that all apps you download are from reputable sources.
  • Be on the lookout for “shoulder surfers” and anyone listening to your conversations.
  • Physically secure your devices. Don’t leave them in public places, your car, your unattended backpack.
  • Cover your camera on your laptop or mobile device for more privacy.

What if you get hacked?

Learn how to report and recover from identify theft at the FTC site,

Report scams and file a complaint with the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center, called IC3.

5. Be careful what you download. No matter who it’s from.

Don’t take the bait! Meaning, don’t click on links in emails or texts, give out login credentials, or open attachments that look suspicious—or that you’re not expecting.

“Listen to your gut if something doesn’t seem right. If your dad wouldn’t normally email you weight loss tips, chances are he’s been hacked. Don’t click, but call and let him know so he can secure his account by changing his password,” Anderson says.

Take the FTC's quiz to learn about how to avoid phishing scams.

Next steps

1 Cybercrime Support Network:

Insurance products and plan administrative services are provided by Principal Life Insurance Company, a member of the Principal Financial Group® (Principal®), Des Moines, Iowa 50392.

The subject matter in this communication is educational only and provided with the understanding that Principal® is not rendering legal, accounting, investment advice or tax advice. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, investment or accounting obligations and requirements.

Cyber Readiness Institute,  LastPass, Dashlane, and 1Password are not an affiliate of any company of the Principal Financial Group®. The links in this article are provided as a courtesy and should not be taken as a recommendation to use or purchase these services.