How to Protect Your Privacy Online

We’ve never been more connected—and our online privacy has never been more important.

A mom and her child play together on a tablet.
Social media, web browsing, online shopping, and even email makes our privacy more vulnerable.
Rido / Shutterstock

Our digital data is more valuable—and vulnerable—than ever before. It’s not all bad news, though: Even if you’re not particularly tech savvy, there are quick or otherwise simple things that you can do to shield your personal information.

Protect your passwords.

Passwords are your first line of defense against invasions of privacy. Make time to set them up correctly. 

1. Use strong, unique passwords.

Your online passwords should incorporate every type of keyboard combination—alphabetic, numeric, symbolic, and mixed case—recommends Abdul Rehman, a cybersecurity editor at VPNRanks, to create a nut that’s virtually impossible to crack. To slash your risk of getting hacked, resist the urge to include personal references (so no pet names or old addresses), use fewer than 15 characters, replicate the same password on different sites, and sign in to other sites using Facebook or Google. One simple way to hit all of these marks is to use a password manager to supply auto-generated passwords and encryption. 

2. Enlist a password manager.

Password managers—free or subscription-based apps and browser extensions such as 1Password and Bitwarden—provide extra security and keep you from reusing a password. These services auto-generate unique, long, and complicated passwords, and store them in an encrypted database, effectively protecting personal information, such as your address or credit card number, associated with any online accounts. “Then, all you need to remember is one master password,” says Gabe Turner, chief editor for “Or, depending on the password manager, you can access your accounts by using the TouchID on your iPhone or having a passcode sent to your mobile device.”

A woman enters her password on her computer.

A single password is not always enough to keep your data secure. 

Dragana Gordic / Shutterstock

3. Keep passwords fresh.

Change your passwords at least twice a year, up to as often as once a month—including the password to your password manager. (You can program this master password to reset every few weeks.) The more sensitive the data stored in a particular account, the more often you should update its password. It’s also advisable to change your passwords after sharing them (think WiFi or video streaming accounts you might provide to a guest), upon notification of an intruder’s attempt to access any of your accounts, or if you ever access sensitive data from a public computer, such as at a library. 

4. Enable multifactor authentication.

Multifactor authentication (MFA), sometimes referred to as two-factor authentication, puts up extra gates between you and potential hackers. In addition to your username and password, you can require a site to verify your identity by sending a code to your phone, enabling facial recognition (if available), and/or asking a question that only you can answer. (Two-factor authentication requires just two proofs of identity.) Using MFA will bulk up your security because even if someone figures out your password, they will need further verification to get into your account. Most banking apps automatically use MFA, but you can use it other places too. Go into your settings to turn it on for your email account, your medical records, and anything else that’s best kept private.

woman's hand places an American Express card in a yellow wallet

Stored and shared digital information—from a credit card number to your age—can put you at risk for identity theft.

James Bueti

Maintain your devices.

Whether you’re using a laptop, tablet, or smartphone, how it’s equipped helps determine your level of protection.

5. Turn on automatic updates.

Developers release updates for a reason—they’re often security patches for various kinds of software. “The longer you delay installing them,” says Lumena Mukherjee, a cybersecurity consultant and writer for InfoSec Insights, “the longer you remain vulnerable to attacks that can easily be prevented.” So make sure that you’re running the latest versions of any and all operating systems, and set your devices to automatically update other software in the background at a convenient time. That way, you’ll be better equipped against malware, ransomware, and other online threats.

6. Install antivirus software.

Equip all of your devices with antivirus and anti-malware software from companies like Norton and McAfee. These actively detect and remove viruses and other malware from your various devices. Viruses and ransomware can hijack your device, track your typing, slow your system, delete or corrupt important data, or damage your hard drive. Basically, they make your computer sick, changing it for the worse. Once you’ve purchased antivirus software, make sure that it updates automatically—daily, if possible. 


7. Download from trustworthy sources.

To further protect yourself from malware and privacy intrusions, stick to app stores or legitimate publishers, and always verify the source of any file before you decide to download it.

8. Secure your Wi-Fi access.

To lock down your home’s Wi-Fi network, protect it with a strong password (see no. 1 above), hide your network name, disable remote access, and get your router up to speed: Enable its encryption feature, update its software, and turn on its firewall. (The router manufacturer may be able to offer support should you hit any snafus.) An unsecured network is risky because if a stranger accesses your network, they can compromise any device that’s connected to it. When using public Wi-Fi—at a cafe or library—use VPN (a virtual private network) to encrypt your web traffic and replace your IP address; this keeps your online activity private and helps with protecting your identity. Here’s a good primer on the subject, if you want to learn how to choose a VPN and how to set one up.

9. Stop location tracking.

Many apps default to tracking your location with GPS, which means that all of your comings and goings are stored and, depending on permissions and service terms, can be bought and sold to third parties without your knowledge. To opt out of having your whereabouts tracked, navigate to Settings in your smartphone or browser and find Privacy. From there, go to Location Services and turn off or adjust your location tracking permissions as desired.

father kisses the cheek of his daughter while she looks at her phone in the family kitchen

Teach your kids online safety to protect them from cybercrime and bullying. 

IVAN GENER / Stocksy

Be mindful of your online behavior.

The websites you frequent—and the details you post—may increase your vulnerability.

10. Tighten your social media feeds.

“A would-be hacker can piece a lot of information about people who have public social media accounts,” says Turner, “including their names, addresses, birthdays, family members' names, and so on.” Change your privacy settings so that only people you know can see what you post, and minimize the amount of personal information you broadcast publicly. Consider: Do you want just anyone having access to photos of your children, the inside of your home, and your political or religious views? To thwart bad actors, never geotag your whereabouts, don’t fill out “fun” questionnaires, and decline friend requests from strangers. Keep in mind that whenever you like or share anyone else’s content, your activity is tracked and collected.

11. Protect your kids.

Make full use of the privacy settings or available parental controls on any devices and accounts that children can access, including games. This will help prevent them from landing on inappropriate content, spending money, and becoming targets of strangers’ advances. Join all of the social media sites that your kids use, and friend or follow them. Talk openly with them about online safety and good habits.

12. Surf incognito.

When you’re navigating the web, use a secure, configured browser that protects your privacy. Why? Because unsecured browsers store a lot of information about you, which can be exploited. Securing your web browser usually involves digging into its security settings, although it varies by brand—Firefox and Brave are known for being particularly oriented toward privacy and security. Whenever possible, browse in incognito or private mode so that your online actions aren’t trackable; however, understand that even when doing so, websites can still “see” your IP address and location. If you browse over an HTTPS connection, your data is encrypted and protected from modification, and you can be confident you are communicating with the site in question, not an impersonator. Give a second thought to your search engine, too: Google and its ilk are notorious for tracking users. Consider a private search engine that doesn’t collect, store, or sell your information, such as DuckDuckGo or Startpage, which return unprofiled search results.

13. Manage your cookies.

Cookies are bits of information that a website stores on your devices. Later, the website can request its own cookies from your browser to figure out how you’ve previously interacted with the site. Cookies can be helpful by keeping you logged in and “remembering” what you put into a shopping cart. But they’re also valuable to advertisers because they can personalize ads based on data you’ve provided. A cookie itself is relatively harmless, explains Ilia Sotnikov, Netwrix’s vice president of user experience, but he recommends reviewing the site’s explanation of how it uses cookies before you check “accept.” For example, you may want to grant access to personalization cookies but not allow the website to collect marketing data. And it’s good practice to always clear your cookies after using a shared computer. 

14. Outsmart phishing and other scams.

Phishing happens when cybercriminals present themselves as someone they’re not (such as a bank, government agency, or charity) to trick you into giving them sensitive information—your Social Security number or mother’s maiden name, for instance—to steal your identity or money. Sidestep phishing and other scams by being skeptical and cautious online, especially of unsolicited emails, social media outreach, and text messages that include links that take you to “log in” using personal information. “Check the sender's domain,” advises Paul Bischoff, a privacy advocate at Comparitech, “don't click on links in unsolicited emails, and never include sensitive personal info in an email.” That includes your Social Security number, credit card numbers, and passwords. Even your age and gender can be used to single you out, Biscoff says.

15. Use identity monitoring software.

“In addition to checking credit and debit billing statements for any unauthorized purchases, I strongly recommend using a credit monitoring service,” says Chris Hauk, a consumer privacy expert at Pixel Privacy. “While monitoring services don't necessarily prevent the bad guys from hacking your accounts, they do alert you when new accounts are opened in your name, which is a vital warning sign that you've been hacked. They also track data breaches and other security threats, and alert you when they occur.” Likewise, identity monitoring programs ensure that your information isn’t being used against you, and that you don’t become one of the millions of annual victims of identity theft. AAA Members get free access to AAA Identity Champion, which provides credit and identity theft monitoring.

This article was first published in August 2020 and last updated in July 2023.