ActionFraud - National Fraud & Cyber Crime Reporting Centre - Call 0300 123 2040

The easy way to stop your online accounts getting hacked

Two-factor authentication (2FA) can help protect your online accounts, even if your password is stolen!

A strong password is a good start, but it doesn’t stop there…

Whether it’s your Twitter, Amazon, or Netflix account, the explosion in popularity of online apps and services means more and more of us have to remember an increasingly long list of passwords.  

Unfortunately, some of us cope with this challenge by resorting to practices that leave our data, devices and money at risk - using the same password across multiple accounts, or by creating simple passwords that could easily be guessed by a fraudster. Bad password practice is more prevalent than you might think. Data breach analysis carried out by the UK’s National Cyber Security Centre found that more than 23 million users worldwide used 123456 as a password.

But let’s say you’re not one of those people, and you use strong, unique passwords for each of your online accounts. That’s a great start, but you could still be vulnerable to phishing attacks or data breaches. Even the most complex password offers you no protection if you’ve typed it into the ‘password’ field of what you thought was your bank’s genuine website, or if a plain-text version is leaked in a data breach. That’s why an additional layer of security is essential to properly securing your accounts.

If you care about it, put 2FA on it.

Two-factor authentication (2FA) is a way of strengthening the login security of your online accounts. It's a bit like how an ATM works. You need both your debit card (first factor) and your PIN (second factor) to get access to your account. The main objective is better security. If your card is stolen, they still need your PIN. If your PIN is stolen, they still need your card. 

Online accounts with 2FA enabled work in a similar way. They require you to verify your identity using your password (first factor), as well as a randomised code (second factor) that’s delivered to your mobile phone. If your password is stolen, they still need your phone. If your phone is stolen, they still need your password. You should enable 2FA on all of your important online accounts, such as your email, or any account that holds your personal or financial details. 

For instructions on how to enable 2FA on popular online services, visit

For more simple tips on how to protect yourself online, visit

If you have been a victim of fraud or cyber crime, report it to Action Fraud at

Most shared articles

Related articles