20 tech experts share how to protect your identity online

As consumers, we’ve likely run across cautionary tales and product ads focused on identity theft in a variety of media, from television commercials to podcasts and online news sources to local radio. It’s not surprising it’s a hot topic: The Federal Trade Commission received more than 1 million reports of identity theft through its dedicated website in 2023, and that level of impact is likely to increase year over year as bad actors gain access to increasingly sophisticated tools.

Becoming a victim of digital identity theft can entail lost time and money, damage to your credit, stress and anxiety, and, sometimes, even legal liability. As consumers, we’re our own first line of defense—taking simple, practical and accessible steps to protect our identities online is not just smart, but essential. Here, 20 tech experts from Forbes Technology Council share the advice they urge every individual to follow to protect themselves online.

1. Minimize Your Digital Footprint

Audit and minimize your digital footprint by deleting old accounts, disabling unnecessary permissions and using aliases. Avoid reusing passwords, especially for email or financial services accounts, and always enable two-factor authentication. This helps protect your personal data, makes it harder for bad actors to piece together your identity, and adds an extra layer of security. – Reed McGinley-Stempel, Stytch

2. Enable MFA When It’s Available

To protect your online identity, use unique, strong passwords for each account and enable multifactor authentication when it’s available. A password manager can help you create and store these securely. MFA adds security by requiring a second verification, such as a phone code or biometric factor. Regularly update your passwords, especially for critical accounts, and be cautious about sharing personal information online. – Rush Shahani, Persana AI

3. Follow The NIST Password Guidelines

Sometimes the simplest answer is also the best answer. Make the most of your login credentials and available login processes. The NIST Password Guidelines, which are based on the quality of passwords and the behavior of users, recommend length over complexity, using a password manager to ensure a variety of passwords are used for different logins, and making use of multifactor authentication. – Piyush Pandey, Pathlock

4. Limit The Personal Information You Share

Always operate under the assumption that no technology, regardless of its advanced privacy or security protocols, is infallible. Therefore, the most effective strategy for safeguarding your identity is to limit the personal information you share on any platform. By minimizing the amount of data you provide, you reduce the risk of exposure in the event of a breach—which is ultimately inevitable. – Sean Merat, owl.co

5. Always Read Website TACs

To protect your identity online, always read websites’ terms and conditions and cookie policies. Use a separate email for e-commerce to safeguard your personal address. Avoid using your banking PIN on other devices, and enable multifactor authentication on all accounts for added security. – Uzair Ahmed, Right-Hand Cybersecurity

6. Leverage A Password Manager

My advice would be to use a password manager and enable two-factor authentication. Password managers generate and store unique, complex passwords for each account, making it difficult for hackers to gain access. Two-factor authentication adds an extra layer of security by requiring a second form of verification, such as a code sent to your phone, in addition to your password. – Ardhendu Sekhar Nanda, First Citizens Bank

7. Be Careful When Posting On Social Media

Use discretion when posting content on social networks. Do not put your home address, phone number, birthdate or when you are going on a vacation in your social media accounts. Cyber criminals can use this data to impersonate you for malicious purposes, including identity theft, social engineering or even phishing attacks. – Dr. Reji Thomas, TOL Biotech

8. Use An Authenticator App

Everyone should be using a password manager and enabling multifactor authentication whenever possible. As an extra step, you should use an authenticator app whenever possible to reduce your risk of SIM-swapping (someone stealing your phone number). – Jonathan Gillham, Originality.ai

9. Regularly Review Privacy Settings On Platforms

Use strong, unique passwords for each account and enable multifactor authentication wherever possible. Avoid reusing passwords, and consider using a password manager to keep track of your passwords. Also, be cautious about sharing personal information online, and regularly review privacy settings on social media and other platforms. This reduces the risk of identity theft and unauthorized access. – Prashanthi Reddy

10. Be Vigilant About Data Storage And Processing

Be vigilant about data storage and processing locations, prioritizing local computation or trusted remote environments whenever possible. For off-device storage, avoid keeping sensitive information in plaintext. Always consider where your data resides and how it’s processed to maintain better control over your digital identity. – Echul Shin, Eternis

11. Remove Personal Photos Posted Online

Remove any sensitive pictures of yourself that are posted on the internet. Media produced by generative AI is becoming increasingly convincing, and these images could be used to create deepfakes or manipulated content that appears to be you in false situations. – James Shi, Datacurve

12. Pay Close Attention To Permissions

Pay close attention to the permissions you’re giving to the apps and services that you’re using. Probe the services and technologies that these apps are leveraging. Understand where your data is stored—in what country, and whether it’s on the company’s premises or in the cloud. Choosing apps and services that use trusted, industry-leading security solutions and cloud providers is key to protecting your identity. – Atit Shah, Microsoft

13. Choose Service Providers With Strong Defenses

With millions of identities being stolen, trusting individuals to safeguard their identity on their own is impractical. Many rely on ISPs, banks and other service providers for cyber defense. For example, my bank verified my ID and selfie, providing comprehensive protection. In the age of AI, identity verification is an experts’ game. Choose providers with the strongest defenses against misuse of personal data. – Dan Yerushalmi, AU10TIX

14. Secure Personal Devices

Secure your personal devices, as they are often the weakest link. Ensure they are protected with multifactor authentication, up-to-date antivirus software and encryption. Additionally, use unique email aliases for different accounts. This way, if one alias is compromised, you can quickly identify which app or service was breached and limit the potential damage, reducing the overall blast radius of the breach. – Suman Sharma, Procyon Inc.

15. Consistently Clear Cookies

Good cookie management can help individuals protect their identities online. Clearing cookies consistently is vital so that your activity is not being tracked across multiple websites. Many tools can automate this process, making it easier to maintain privacy. Taking these steps reduces the risk of being tracked and ensures your online activities remain private. – Justin Rende, Rhymetec

16. Always Ask Yourself If Requested Data Is Really Needed

The first thing to do is minimize the amount of personal data that we share online. Whenever we are prompted to provide this information, we should ask ourselves if it is truly necessary: “Does this social media platform really need my mailing address?” – David Stapleton, ProcessUnity, Inc.

17. Reject Cookies Whenever Possible

Cookies are one of the threats to data privacy. My advice is to not ignore cookie notices and to reject as many as you can. Cookies have the potential to collect your personal information and behavior data, which can then be obtained by data brokers and utilized to influence consumer behavior in marketing. – Siddharth Gawshinde, Cloudtech

18. Monitor Your Credit Reports And Online Accounts

Use unique, complex passwords for every account, and enable multifactor authentication wherever possible. Regularly monitor your credit reports and online accounts for suspicious activity. Be cautious about sharing personal information online and on social media. Consider using a password manager and an identity monitoring service for added protection. – Patrick Harr, SlashNext

19. Prioritize Tech That Emphasizes Transparency And Privacy

To maintain control over your identity and personal data, prioritize using technologies that emphasize transparency and privacy. Ensure they support anonymous browsing and encrypted communications. When used effectively, VPNs, Web3 applications and good judgment can be your best allies in staying safe and anonymous on the Web. – Anton Umnov, Helika

20. Be Cautious About Downloading And Using Third-Party Software

Be cautious with any third-party software, apps, browser extensions and so on. Double-check which permissions you are giving to each, as they often ask for way more access and data than they actually need. Data selling and viruses are more common in “regular” digital products than we think. A simple text highlighter browser extension can access your Web history. – Yuriy Berdnikov, Perpetio

Successful CIOs, CTOs & executives from Forbes Technology Council offer firsthand insights on tech & business.