1. Passwords & accounts
Your passwords are the keys to almost everything else. Improving them is one of the highest-impact steps you can take.
- ✅ I have a different password for email, banking, and my main cloud accounts.
- ✅ My newest passwords are 12+ characters and not just single words with “123” added.
-
✅
I avoid obvious patterns like
Summer2025!orCityName123. - ✅ I’m slowly replacing older, weaker passwords whenever I log into a site anyway (no need to do everything in one night).
- ✅ I’ve tried a password manager or I’m considering one to help me keep passwords long and unique.
If you’re unsure about password strength, try the Password Strength Helper tool on the EmailBreachGuard homepage using sample patterns (not real passwords).
2. Multi-factor authentication (MFA / 2FA)
MFA adds a second step — like a code from an app — on top of your password. It’s one of the best defenses against account takeovers.
- ✅ MFA is turned on for my main email account.
- ✅ MFA is turned on for my banking / financial accounts where available.
- ✅ MFA is on for any account that stores important documents or photos.
- ✅ I know how to use my backup codes or recovery options in case I change phones.
3. Email & phishing defense
Your email is often the gateway to resetting other accounts. It’s also where many scams arrive first.
- ✅ I pause for a moment before clicking any link in a surprising email or text.
- ✅ If a message feels urgent or threatening, I verify it by going to the official website or app, not by using the link in the message.
- ✅ I’m careful with attachments, especially if I wasn’t expecting them.
- ✅ I know basic red flags: strange sender address, bad spelling, weird links, and pressure to act quickly.
For a deeper walk-through, check the “Is This Email Sketchy?” guide on EmailBreachGuard.
4. Devices (phone, laptop, tablet)
If someone gets into your device, they can often access your email, apps, and saved passwords in one place.
- ✅ My phone and computer have a screen lock (PIN, password, or biometrics).
- ✅ They are set to lock automatically after a short period of inactivity.
- ✅ I install system and app updates regularly instead of delaying them forever.
- ✅ I’m cautious about installing apps or software from unknown sources.
- ✅ I have a simple way to back up important files or photos (cloud or external drive).
5. Browsing, Wi-Fi, and where you log in
Some attacks rely on intercepting passwords or data over insecure connections, or tricking you into entering details on fake sites.
- ✅ I’m extra careful when using public Wi-Fi (cafés, airports, hotels) and avoid logging into sensitive accounts there when possible.
- ✅ I look for https:// and the padlock icon before entering sensitive info on websites.
- ✅ My home Wi-Fi has a non-default password and isn’t something obvious like my street address.
- ✅ I close browser tabs and log out from sensitive sites on shared computers.
6. Money, credit, and fraud watching
You don’t need to obsess over statements daily, but a light monitoring habit can catch fraud early before it snowballs.
- ✅ I glance at my bank and card transactions regularly for anything I don’t recognize.
- ✅ I know how to quickly contact my bank or card issuer if I see suspicious charges.
- ✅ Where available, I’ve turned on transaction or login alerts from my bank or card provider.
- ✅ I’m aware of options like fraud alerts or credit freezes if serious identity theft is suspected.
7. Monthly or quarterly “tune-up”
A few times a year, it’s worth doing a slightly deeper check-in. You can make this a calendar reminder for yourself or your family.
- ✅ I review which devices and apps are logged into my main accounts and sign out of anything I don’t recognize.
- ✅ I remove old apps or browser extensions I no longer use.
- ✅ I check if any of my accounts have appeared in a known data breach and update passwords if needed.
- ✅ I talk through basic safety tips with family members or coworkers so everyone is on the same page.
8. If something already went wrong
If you’ve already clicked a bad link, entered details on a fake site, or noticed suspicious activity, don’t beat yourself up — it happens to many people. Focus on:
- Changing passwords on affected accounts right away.
- Turning on MFA where it wasn’t enabled before.
- Contacting your bank or card issuer if payment details were involved.
- Reviewing recent activity on important accounts for anything unusual.
For a deeper walk-through, see the “What to do after a data breach” guide on EmailBreachGuard.
Optional tools that can help
These are optional tools that make the checklist easier to follow. Some links are affiliate links, which means EmailBreachGuard may earn a small commission if you choose to sign up, at no extra cost to you.
-
Password manager – NordPass.
Create and store long, unique passwords without needing to remember them all.
Try NordPass (affiliate link) → -
Malware scan & cleanup – Malwarebytes.
Helpful if you clicked something suspicious and want to clean up your device.
Get Malwarebytes (affiliate link) → -
VPN for safer Wi-Fi – NordVPN.
Adds protection when you’re on public or shared Wi-Fi networks.
Get NordVPN (affiliate link) → -
Breach & leak alerts – Surfshark Alert.
Monitors for new leaks linked to your email and other personal data.
Learn about Surfshark Alert (affiliate link) →