9to5Mac is brought to you by Incogni: a service that helps you wipe your personal data—including your phone number, address, and email—from data brokers and people-search websites. With a 30-day money-back guarantee, Incogni offers peace of mind for anyone looking to guard their privacy.
1. Use a Password Manager
The old advice to create strong, unique passwords for each website still holds true—but is only realistic if you use a password manager. Fortunately, Apple’s built-in Passwords app makes this easy, and there are many third-party options too. Use these tools to generate and save complex passwords every time you sign up for a new service.
2. Update Old Passwords
Accounts created years ago may still have weak or repeated passwords. This makes you vulnerable to credential stuffing attacks—where hackers use stolen logins from one site to access others. Prioritize updating your passwords for financial services, Apple, Google, Amazon, and any accounts that have already been compromised. To check this, enter your email on Have I Been Pwned.
3. Enable Passkeys Where Available
Passkeys are becoming the modern alternative to passwords. Instead of storing a traditional password, your device uses Face ID or Touch ID to verify your identity, and only sends confirmation of that identity to the site—never the actual password. This reduces the risk of your credentials being hacked or stolen.
4. Use Two-Factor Authentication (2FA)
2FA provides an added layer of security by requiring a rolling code each time you log in. Avoid SMS-based 2FA—it's prone to SIM-swap attacks. Instead, opt for an authenticator app like Google Authenticator or use the built-in support in Apple’s Passwords app. Set this up using the QR code provided by the service.
5. Monitor Last Login Activity
Some platforms, especially banking apps, show the date and time of your last login. Get into the habit of checking this regularly. Unexpected logins are an immediate red flag and could signal that your account has been compromised.
6. Use a VPN on Public Wi-Fi
Public Wi-Fi networks can be unsafe and vulnerable to “Man-in-the-Middle” (MitM) attacks. These involve a rogue device impersonating a Wi-Fi hotspot to intercept your internet traffic. While HTTPS reduces the risk, using a VPN is still the best protection. Choose a trusted provider that maintains a no-logs policy and undergoes third-party audits. “I use NordVPN for this reason.”
7. Don’t Share Personal Info With AI Chatbots
Conversations with AI chatbots may be stored or used as training data. Avoid typing anything sensitive, such as passwords, addresses, or identification numbers—just as you wouldn’t post them publicly online.
8. Consider Data Removal Services
Your personal information may already be listed with data brokers, exposing you to spam and scams. Manually removing this data can be tedious, but services like Incogni can automate the process and reduce your digital footprint efficiently.
9. Verify Any Request for Money
If someone asks for money—even if it looks like a friend, family member, or colleague—double-check their identity using a separate communication method.
“If they emailed you, phone them. If they phoned you, email or message them.”
Also, if you're asked to send gift cards or wire money, it's almost always a scam. Be especially cautious if you're told a bank account has changed—confirm directly before transferring funds.
