If you use the same username and password on more than one website or app, this consumer alert warning is for you! Cybercriminals could attempt to log in to online accounts using login credentials stolen from other online services. 

If you’re looking to safeguard your online accounts follow the steps below from the New York attorney general:

1. Never re-use passwords

While reusing login information may be convenient, it also puts consumers at risk. Consumers are encouraged to always create a unique password for each of their online accounts.

2. Use a password manager

A password manager on a phone or computer can keep track of a consumer’s passwords, automatically filling them in when they log in to a website or an app. Many modern web browsers include this functionality. Browsers and other password managers can also check if a consumer’s passwords have been stolen in a data breach, and even generate new passwords when creating new online accounts.

3. Enable two-factor authentication 

Two-factor authentication can provide an extra layer of security by requiring anyone logging in to an account to provide another credential, such as a one-time code sent by SMS or email. Most attackers that have access to a stolen password will not have access to a secondary credential.

4. Check regularly for unauthorized activity

Not all companies will notify their users when their online accounts have been compromised. Consumers are encouraged to regularly check their online accounts for unauthorized transactions and activity, and immediately contact their online service (and credit card company, if appropriate) if they see something suspicious.

5. Sign up for updates

Consumers should register with a breach notification service, like Have I Been Pwned, that will send them a notification if an account associated with their email or phone number has been compromised.

6. Take Suspicious Activity Seriously

If an online service notifies a consumer of suspicious activity on their account, they should immediately change their password. If consumers use the same password for other accounts, they should be sure to change the password for those accounts as well.