Personal Improvement

Don’t Get Hacked: 9 Ways To Improve Your Online Security (and Protect Your Money)

Listen Money Matters is reader-supported. When you buy through links on our site, we may earn an affiliate commission. How we make money.
online security
Table of Contents  
  1. Money Tips
  2. Traveling
  3. No Such Thing As Perfect
  4. Show Notes

Your whole life is online, and that leaves you vulnerable. You need to lock your stuff up! Don’t get hacked; 9 ways to improve your online security and protect your money.

When we think of online security, we usually think about things like our bank accounts and other financial data. But there are so many other ways a hacker could destroy your life. And it’s easier than ever for them to do it, so it’s important to keep your information safe.

Money Tips

Of all the things that hackers could go after, our money is the scariest, so we need to be especially vigilant with our financial data.

Online Purchases

Use credit cards or PayPal when you’re shopping online, never a debit card. A credit card is the bank’s money, and if a hacker gets the number, you can just notify the credit card company, and they take it from there. You haven’t lost anything.

Credit card companies are not in the business of losing money.

Tweet This
But a hacked debit card is your money. You do have some protections. The FTC and Federal Reserve have rules to limit your loss to $50 provided you notify the bank within two business days after learning of fraud.

But you could lose as much as $500 if you do not tell the card issuer within that time frame.

These protections have their limits though. If you don’t report an unauthorized transfer that appears on your statement within 60 days after the statement goes out, you risk unlimited loss on transfers made after the 60-day period. That means you could lose all the money in your account plus your maximum overdraft line of credit.

Even if you quickly notify the bank and they correct the situation, it can take a few days. A few days during which you will have no access to your bank account so you can’t pay bills from it or withdraw cash.

While we should check our bank statements regularly, many of us don’t so by the time you notice a problem, it could be too late.

I don’t check mine often, but luckily, I use Trim. This month, Trim sent me a Facebook message that my rent had been debited from my account twice. I was able to immediately remedy this, but if it weren’t for that notification, it could have been several days before I noticed.

Turn On Purchase Notifications

You can set up alerts on most credit and debit cards to send you notifications immediately after a purchase. You can set a threshold, any purchase over $X but you should really set it up for all purchases. It can get annoying but not as annoying as trying to clean up after a hack. And really, how many times a day are you using your cards?

Monitor Your Credit

You can get a free credit report from each of the three major reporting agencies every 12 months at through this link; it’s free. But you should really check your credit report about once a month.

Credit Karma lets you do it whenever you want, for free. Many people think Credit Karma is just a place to get your credit score, but you can see your report there too. You want to look for any new accounts in your name that you did not open.

Credit Karma even sends you an alert when this happens. When my landlord changed online rent payment companies, and I made an account with the new one, I got such an alert from Credit Karma.


Foreign tourists can be an especially ripe target for pickpockets. Pickpockets aren’t sophisticated computer hackers, but if one of them gets your wallet, they could get access to a lot of sensitive information.

If you’re afraid of your own shadow, you can carry a decoy wallet and toss that at any lurking muggers and run in the opposite direction. Since most financial crimes committed against tourists are of the pickpocket rather than the mugger variety, not carrying around wads of cash, every credit card you own, and a handy list of all your passwords and PINS in your wallet is probably a better solution.

It’s also a good idea to leave your credit card numbers and the international customer service numbers with someone back home. That way if your cards get stolen you can quickly get the information you need to cancel them.

Also, remember to only use a credit card with no foreign transaction fee when you travel abroad. FTFs can be as much as 3% of each charge. Really, banks are bigger crooks than pickpockets or muggers.

General Security Tips

These tips go for any site you use that requires a password and for all of your devices.

Create Strong Passwords

The two most common ways hackers get your passwords are through brute force and dictionary attacks. A brute force attack uses a computer to calculate every possible letter, number, and symbol combination and then trying it until the right guess it made.

A dictionary attack means trying every single word in the dictionary as a method of hitting on the right password.

To guard against these attacks, use a password that is at least ten characters long and not a normally spelled word from the dictionary. A long string of unrelated words like “CorrectHorseBatteryStaple” is a definite step up from your first name followed by the month and day of your birth. You have to use a unique password for all of your accounts too. We know this sucks, but it’s a must.

You don’t have to remember all those passwords though. You can use a password manager like LastPass, KeePass, or 1Password. If hackers tried to invade these sites, they would have to get through layers and layers of encrypted vaults so while it might not be impossible to do it, it’s not exactly probable.

There are two passwords you must remember and should probably give to one person you trust as well in case you were incapacitated. The password that gets you into the vault where your passwords are. And the password to the email address you have password resets sent to (more on this below).

Secret Questions

These are things like your mom’s maiden name or your favorite food. Well, I could figure out your mother’s maiden name in about five seconds, and there are probably more than a few clues on your social media sites as to your favorite food.

So you can use lies to answer these questions. But lies are hard to remember so you can’t just make something up. For your mother’s maiden name you could use the real answer, Johnson, followed by your most and least favorite foods. So the answer would be Johnsonstrawberrycabbage.

If you carry a list of passwords around with you, well, Thomas had a suggestion for this, but I’m just going to say, don’t do this. Why would anyone do this?!

Use  Two Factor Authentication

Two-factor authentication is an extra layer of security. You need a password to get into an account, but you need one more piece of information too. Lots of times this will be a numeric code texted or emailed to you.

Multiple Email Accounts

During our credit card security episode with Farnoosh, Thomas gave us such a good idea for keeping your information secure. It’s simple and easy but brilliant, and that little throwaway comment was so intriguing that we decided to do a whole show around online security.

You should have two email accounts, one for correspondence, the one you give out freely and is pretty easily accessible to anyone who wants it and one that you use strictly for password resets. You don’t give that address out willy-nilly or indeed to anyone at all.

Viruses and Malware

It’s not just dodgy porn sites that can infect your computer. Macs are safer simply because there are fewer of them and hackers would rather fish in a well-stocked pond. But Macs certainly are not immune from being hacked or infected.

You need  Anti-Virus and Anti-Malware/Exploit software. Malwarebytes combines these now.

Use an AdBlocker. Ads come from plugins from third parties. Sometimes plugins are not secure, and a virus is installed into the ad. You go to an innocent site, click on an ad and sometimes the damn things pop up so quickly you click on them by accident, and you’ve silently downloaded a virus.

Be careful what you install. Look at the permissions the program is asking for. Some Chrome extensions can read and change all your data on sites you visit, display notifications, and read data that you copy and paste.

Harden Yourself Against Social Engineering

This basically means don’t be dumb. Your bank is not going to send you an email telling you that you need to log in and update your account information. The IRS is not going to call you up and tell you they have a warrant for your arrest and are coming to haul you off the prison unless you give them a credit card number right now to pay the back taxes you owe.

If you save your passwords with LastPass, they have a nice protection built in for that first scenario. When you log into your actual bank’s website, LastPass will enter the password. If your bank is, you can log right in. If you click on the link in the email and it takes you to, the password won’t pop up.

Harden Your Cell Phone

Call your cell phone carrier and do two things. Ensure that major changes to your account like payment information, device additions, your SIM card switches to another device, can only be done in person, at the carrier’s store, by you after presenting a valid government ID.

Hackers hit Youtuber Boogie2988 due to lax Verizon security policies. Verizon has since updated their policies, but apparently, you can’t rely on your cell phone company to protect your data.

Have a PIN added to your account that is required when you call in before ANY information can be released or changes made. The last four of your Social Security is too weak. They’re too weak to be used as any form of security.

Set your phone to lock after a short amount of time and to erase all data after ten tries to log in. And have a good phone password, not 1111 or your birthday. Your phone could be easily stolen at any time and has really become the keys to all our kingdoms.

Public Wi-fi

Tether your laptop to your cell phone if you’re going to check anything sensitive like a bank account. SSL is strong but what if it’s incorrectly set up? Or what if you get on a nefarious network masquerading as a legit one?

Back Yo Shit Up

Anything could happen. Your computer could just die or burn up in a fire or fall to the bottom of the ocean. What would you do if everything on your computer was lost and not retrievable? It doesn’t bear thinking about.

To prevent such a catastrophe, you should back yo shit up. And an external hard drive that you keep in your desk drawer is not good enough. If the computer gets burned up in a house fire, the hard drive is too. You can leave the hard drive in a safe, off-site location and back everything up using services like Library Story, Google Backup, and Sync, Backblaze, or NAS.

Get our best strategies, tools, and support sent straight to your inbox.

No Such Thing As Perfect

There is really nothing you can do to guarantee that your data is 100% secure. It’s a constant battle between hackers and the companies whose job it is to protect our information, but the bad guys seem to always be a step ahead.

But if you do everything on this list, you will go a long way towards keeping your information out of the hands of those bad guys.

Oh, and one more thing. Do all of this for yourself and then do it for your parents too. Every how tech-illiterate you think you are, they are probably one hundred times worse. So help secure their information too, or a hacker might steal their retirement money, and they will have to live with you!

Show Notes

Silva Stout: An Imperial stout

Investable: Research and evaluate rental properties.

Candice Elliott - Senior Editor
Candice Elliott is a substantial contributor to Listen Money Matters. She has been a personal finance writer since 2013 and has written extensively on student loan debt, investing, and credit. She has successfully navigated these areas in her own life and knows how to help others do the same. Candice has answered thousands of questions from the LMM community and spent countless hours doing research for hundreds of personal finance articles. She happily calls New Orleans, Louisiana home-the most fun city in the world.

What's next?

learn course podcast popular toolbox