Photo of someone protecting their online accounts.

4 ways to protect your online information

We bank and pay our bills online. We shop online. We transfer money to friends and access investment and credit cards and 401(k) accounts online.

Think of all the information you share on your social media accounts. What could someone piece together about you that would allow cybercriminals to hack into your email or other accounts? (And if you also use the same, simple password for multiple accounts, you’re making it even easier for them.)

If the bad guys hack into your digital world, you’d have a problem, but you wouldn’t be alone.

Hackers stole nearly 447 million consumer records containing sensitive personal information last year. That’s a jump of 126% from the prior year.1

Nearly 60 million Americans were affected by identity theft last year, an increase from 15 million in 2017.2

Make securing access to your financial accounts a priority

We’d all love a virtual watchdog guarding the front door to our computer files and account information. But you’re the best person to defend your accounts, so take matters into your own hands to keep the cybercriminals far, far away.

Here are 4 ways to protect your online information.

1. Take advantage of two-factor authentication (2FA), also known as multifactor authentication (MFA).

This extra layer of security during the login process requires a password, username, and either a personal piece of information only you know, or a physical token that you possess. Together, this combination makes it more difficult for potential intruders to gain access and steal your personal data or identity—even if they have (or guess) your password.

  • Using MFA is the best way to secure your financial accounts. For example, customers who have an account with Principal® (whether it’s an IRA, a retirement account, or life insurance) can set up MFA for their personal login. In fact, we strongly encourage it.
  • To learn more, read Keep prying eyes out of your online accounts.
  • You can use MFA for your email accounts, too, and it’s a good idea. More than 92% of data breaches are due to compromised email accounts.3

Graphic of a thumbtack. Tip: Do you have an account with Principal? Make access to it even more secure by setting up MFA. Log in now to get started.

2. Protect your account numbers, PINs, and passwords.

  • Good: Write ‘em down and find a (very) secure place in your home to store all your financial records. The most common passwords in North America and Western Europe in 2018 were “123456” and “password.” You can do better!
  • Better: Use a unique, complex password. Make it as long as you can without using common phrases or quotes. Include characters, numbers and upper/lower case letters.
    • For example: come up with a phrase like My little Blue Dog has a funny nose, too! Use the first letters of each word and add characters, numbers, and both upper/lower case letters. In this case, “MlBDhafn2!” could be your password. (Now, don’t use this example at home.)
  • Even better: Use a long, complex passphrase. Take the example above and turn it into: “MiL!ttL3BLUd@gHa$afu^^yN*se2.” Who could guess that?
  • Best: Use a password safe or vault. You can find these apps or sites through an online search. (LastPass, Dashlane, 1Password are some common examples.) You set up a master password, and then the “vault” remembers and auto-fills all passwords you put into it. These programs can even be used to generate and remember complex passwords for nearly any site.

3. Practice smartphone and mobile device security.

  • Use a passcode to access your phone. Yes, it may slow you down, but it’s more secure. Newer phones offer biometric authentication like fingerprints or facial recognition, which is even better.
  • Never send sensitive data like credit card info via text message.
  • Check that all apps you download are from reputable sources.
  • Be on the lookout for “shoulder surfers” and anyone listening to your conversations.
  • Physically secure your devices. Don’t leave them in public places, your car, your unattended backpack. You get it.
  • Cover your camera on your laptop or mobile device for more privacy.
  • Don’t use public wi-fi networks. They’re everywhere. Think coffee shops and lunch spots. The security is not as strong as private networks, so hackers often target public wi-fi users to access their sensitive information.

What if you do get hacked?

To help you report and recover from identity theft, read this article from the Federal Trade Commission’s (FTC) site,

Report scams and file a complaint with the Federal Bureau of Investigation’s (FBI) Internet Crime Complaint Center, called IC3.

4. Be careful what you download. No matter who it’s from.

  • Don’t take the bait! Meaning, don’t click on links in emails, give out login credentials, or open attachments. It can be a way around your anti-virus software and infect your computer or mobile device.
  • Listen to your gut if something doesn’t seem right. If your dad wouldn’t normally email you weight loss tips, chances are he’s been hacked. Don’t click! Call and let him know so he can secure his account. Take this quiz to learn about how to avoid phishing scams.

Next steps


2 Based on an online survey of 5,389 U.S. adults conducted for Symantec by The Harris Poll, January 2018.


The information for your accounts with the Principal Financial Group® is kept secure and confidential through multiple security features and procedures. It’s one of our highest priorities. You can read more about our security policies on

Insurance products and plan administrative services are provided by Principal Life Insurance Company, a member of the Principal Financial Group® (Principal®), Des Moines, Iowa 50392.

The subject matter in this communication is educational only and provided with the understanding that Principal® is not rendering legal, accounting, investment advice or tax advice. You should consult with appropriate counsel or other advisors on all matters pertaining to legal, tax, investment or accounting obligations and requirements.

LastPass, Dashlane, and 1Password are not an affiliate of any company of the Principal Financial Group®. The links in this article are provided as a courtesy and should not be taken as a recommendation to use or purchase these services.