doteveryone explains

Access security

A website will often verify that you are who you say, before allowing you access to your account.

You can think of this as the website providing the window lock, with you as the user bringing the key. If your key doesn't fit, you won't be able to enter.

The most familiar method of authentication for websites is a password. Phones often have passcodes. Some devices now even use biometric identification, like thumb-print unlocking on iPads.

Two-factor authentication adds an extra layer of checking. The person logging in needs to know the password and have access to a second device which is used to verify the password. That verification could happen by text message, by a smartphone app, or it could be performed on a dedicated device like a bank secure key.

Two-factor authentication can be verified by text messages or dedicated apps.

Accounts and logins

Protect your accounts and logins with strong passwords, using a different strong password for each account. This makes them harder to guess. Find out what makes a strong password in this guide from MoneySavingExpert.

Don’t share your passwords with other people or write them down. This makes it much less likely for someone you don’t want to know them, to find them out.

A password manager like 1Password or LastPass is really helpful here. You can use these tools to generate strong, random passwords which they then save securely using encryption. You only have to remember one master password for your password manager account. Once you’ve logged into it, you can retrieve and use all the others.

Don’t click links in emails from senders you don’t know, or which contain content that looks strange or that you weren’t expecting. Scammers send emails like this, to trick you into visiting a fake website – when you enter your account details, they take your password. This is known as ‘phishing’ – this brief BBC video explains more.

Other aspects of security:
Computers and devices