World Password Day is upon us, which means we need to chat about adhering to best practices for securing your online accounts. Most of us have countless accounts, which can span retailers, suppliers, social media, work, finance, and more. It’s simply a way of life in 2025. If you do anything online, you’re likely to require some form of account, but keeping all of these safe from prying eyes can prove challenging, especially if you use memorable passwords and no two-factor authentication (2FA). I’ll showcase some easy-to-follow strategies to protect yourself online.
6
Consider a VPN
Maximum security
Using a virtual private network (VPN) is one of the best ways to maintain secure access to the outside world. Whether you’re checking emails, browsing websites, watching videos on YouTube, or streaming from different countries, a VPN will encrypt all the data, ensuring no one can see what you’re doing. Using HTTPS and SSL certification will essentially encrypt your data twice, which can only bolster your defences against malicious parties. It’s important to consider encryption since not everything you do online is encrypted without a VPN, including DNS queries or security handshakes.
It’s also great for working around geographical blocking, enabling you to enjoy content that would otherwise be unavailable. You can often select which server you wish to use with your VPN provider, which can unlock benefits of appearing to be located in that region. A VPN should be considered a must-have for anyone connecting to external servers. Many routers will even allow you to connect to a VPN provider, protecting all devices connected to the network, saving you time by not needing to install a client on everything.
Related
Best VPN providers in 2025
VPNs have become extremely common these days, and there are almost too many options for both free and paid VPNs.
5
Update all your devices
With the latest security patches
Running outdated software or firmware can cause serious issues for the device in question and the wider local area network (LAN). Should a single device become infected with a virus, it can easily spread to other systems on the network, which could result in one or more of your accounts being compromised. It’s easy to update software, and this process should be carried out regularly, even if the operating system is configured to handle it automatically. It’s always worth checking manually, just in case.
Should you manage and run any anti-virus or security software, these should also be updated to have the latest definitions. Don’t forget device firmware! Even the UEFI/BIOS of your motherboard can be patched to help combat security vulnerabilities.
Related
Please, for the love of all things holy, update your BIOS
I’m doing you a favor, believe me.
4
2FA is your new best friend
Enable it everywhere
You’ve likely used some form of two-factor authentication (2FA) for logging into an account or service. It usually comes via a string of numbers, either generated by an app or sent to you via email or SMS. Using an app to generate a 2FA code is more secure than SMS and email, allowing you to quickly (and securely) log into your account alongside a password. It does take a few seconds longer than using a password alone, but this does provide an additional layer of security, and most 2FA generator apps allow for copy and paste.
With 2FA enabled on an account, access will only be granted if you have the password, email address, and 2FA app at hand, which makes it significantly more challenging for anyone to gain control. Even if your password is stolen or guessed, they will require the second factor to log in, but using 2FA can also shield you against phishing and reduce the risk of identity theft. 2FA isn’t required by every service or website, but I strongly advise you enable it whenever possible for extra peace of mind.
Related
4 reasons you should use 2FA apps over SMS-based authentication
2FA over SMS isn’t just unreliable, it’s also a security risk.
3
Use a password manager
This one is self-explanatory
Using a password manager is a must in 2025. These powerful tools allow you to use one memorable master password to protect all your accounts. Numerous options are available, and so long as there’s no knowledge of anything on the server end, you can enjoy a truly encrypted vault that only you can access with the correct password. The main selling point of any password manager is the ability to store credentials, allowing you to use randomized (and vastly more secure) passwords for all other accounts. But they’re much more than that. Here are some other benefits:
- Secure password generation.
- Ability to autofill login fields.
- Phishing protection.
- Compromised password and email checks.
- Cross-device synchronization
But if you’d rather not rely on a company to store all your passwords, some options even allow you to self-host your vault at home. Bitwarden is one such password manager with the excellent Vaultwarden as a community-developed option for self-hosting Bitwarden from a single-board computer (SBC), network-attached storage (NAS), or some other device through Docker containers. A password manager is an invaluable tool and could be considered the Swiss army knife of security strategies. Never try to use memorable passwords for any accounts you manage online.
Related
I self-host Bitwarden and here’s why you may wish to do the same
Bitwarden is a must-have tool in your security arsenal, and here’s why you should self-host it at home.
2
Be smarter online
Don’t get fooled by phishing scams
Image Credit: LayerX Labs
Don’t open email links from unverified senders. Delete any dodgy SMS messages you receive, and never provide any details to anyone without proof they are who they say they are. Should you be unsure about something, perhaps an email from what appears to be your bank, contact them directly to verify it’s a legitimate communication. Malicious parties are becoming more creative with their attempts to sucker you into providing access to accounts, sensetive information, and more. Even the best security measures can be compromised if you’re not smart when online.
And don’t forget your wireless network! Log in to your router periodically to check all the connected clients. Notice anything out of place or a device you don’t recognize? Kill the connection and change the Wi-Fi password. You can always reconnect the device if it turns out to be a mistake.
1
Drop passwords altogether
Passkeys are the future
Passwords are terrible. Even if you use the most secure method in creating one, it could eventually be guessed and your account compromised. They’re also impossible to remember, requiring a password manager to handle hundreds of accounts, which is where passkeys come into play. Unlike traditional passwords, passkeys are slightly different in that two keys are used for the verification process. The service where your account is held has one, and you have the other, which can be conveniently stored on your smartphone or PC.
And don’t worry if someone copies one of your passkeys, as it shouldn’t work since each one is created specifically for that device — password managers can be helpful here as they too can support the storing of passkeys. This also means a phishing site won’t work since it requires the key that the genuine company holds, so you’re safe from many of the threats that plague passwords.
Stay safe this World Password Day
It’s easy to fall victim to a scam or not update your devices regularly enough. We should all remain vigilant in this digital age, where more data is stored electronically, and we have many more accounts this year to manage and keep tabs on. Do yourself a favor and treat your family to a VPN to help keep them safe online. Set up a password manager that they can all use, and always enable 2FA where possible for that extra layer of protection. With these simple steps, you’ll have a much more secure home.
