How do I protect my identity online?
Minimise public personal information, use strong unique passwords with 2FA on every account, freeze your credit proactively, and monitor for breaches regularly.
Last reviewed: 10 June 2026
Explanation
Online identity protection is less about installing a single product and more about layering several habits that together significantly reduce your attack surface. Scammers and identity thieves assemble profiles from multiple sources: data brokers, social media, phishing emails, and data breaches. Each piece of information you share publicly makes it easier to impersonate you or answer security questions.
Audit what is publicly visible about you. Run your full name in a search engine and review results. Many data-broker sites aggregate your address history, phone numbers, relatives, and approximate income from public records — you can opt out of the major ones (Whitepages, Spokeo, BeenVerified, Intelius). This takes time but reduces the raw material available to scammers who target you specifically.
For account security: use a password manager to maintain unique strong passwords across all accounts, enable two-factor authentication using an authenticator app on your most important accounts, and review the 'connected apps' and active sessions in each account's security settings annually to revoke anything you no longer use. Be particularly careful with your email account, as it is the master key: compromise of your email allows password resets everywhere.
Financially, a proactive credit freeze costs nothing and prevents the most damaging form of identity theft — new accounts being opened in your name. Pair it with annual free credit report checks at annualcreditreport.com to catch any fraudulent accounts that preceded the freeze. Sign up for breach monitoring at haveibeenpwned.com so you learn about relevant breaches within hours rather than months.
Common red flags
- Your full address, phone number, and relatives' names are easily found via a search engine
- You use the same password across multiple sites
- Important accounts have no two-factor authentication enabled
- You have not checked your credit report in over a year
- An email breach alert appears on haveibeenpwned.com for your address
- New credit applications appear on your report that you did not initiate
What to do now
- Opt out of major data-broker sites (Whitepages, Spokeo, BeenVerified)
- Install a password manager and audit reused passwords
- Enable two-factor authentication on email, banking, and social media
- Freeze your credit at Equifax, Experian, and TransUnion
- Check your credit report at annualcreditreport.com
- Register your email at haveibeenpwned.com for breach notifications
Frequently asked questions
Do identity-protection services work?
Paid identity-protection services can add monitoring depth and offer restoration assistance, but the core actions — credit freeze, unique passwords, 2FA, breach monitoring — are free and provide most of the protection. Read exactly what a paid service covers before subscribing.
How long does identity-theft recovery take?
Recovery from identity theft can take months to years if fraudulent accounts or loans were opened in your name. Acting quickly and keeping meticulous records — every call, every letter, every account reference number — speeds the process significantly.