Skip to main content

Identity Protection

Identity theft can happen to anyone. Strong passwords, two-factor authentication, and a few simple habits are enough to protect most people from the most common attacks.

Use strong, unique passwords

Reusing the same password across multiple sites is one of the most common ways accounts are compromised. When one site is breached, attackers try the same credentials everywhere.

  • Use a different password for every account — especially email, banking, and social media.
  • Make passwords at least 12 characters long. A phrase of random words works well.
  • Use a password manager to generate and store strong passwords — you only need to remember one master password.
  • Never use personal information (name, birthday, postcode) in passwords.

Enable two-factor authentication (2FA)

Two-factor authentication means a stolen password alone isn't enough to access your account. Even if attackers get your password, they can't get in without your second factor.

  • Enable 2FA on your email account first — it's the key to all your other accounts.
  • Use an authenticator app (not SMS if possible) — SMS codes can be intercepted.
  • Enable 2FA on banking, social media, and any account storing personal or financial information.
  • Store backup codes in a safe place in case you lose access to your authenticator.

Protect your personal information online

The less personal information is publicly available about you, the harder it is for attackers to impersonate you or guess your security questions.

  • Review what information is visible on your social media profiles — date of birth, address, and phone number are particularly sensitive.
  • Be cautious about what you share in public online forums or communities.
  • Avoid using real answers to security questions — use a random phrase and store it in your password manager.
  • Shred physical documents containing your name, address, or financial details before disposing of them.

Check if your details have been leaked

Data breaches happen regularly. Your email address and passwords may have been exposed without you knowing. Checking allows you to act quickly before attackers do.

  • Use a reputable breach-checking service to see if your email appears in known data breaches.
  • If a service you use announces a breach, change your password there immediately.
  • Use your password manager to identify accounts where you've reused a compromised password.
  • Consider signing up for breach alert notifications so you're informed promptly.

What to do if your identity is compromised

Acting quickly limits the damage. If you suspect your identity has been stolen, there are clear steps to follow.

  • Change passwords on any affected accounts immediately, starting with your email.
  • Contact your bank or card provider if you suspect financial fraud — they can freeze accounts and investigate.
  • Report identity theft to Action Fraud (UK's national fraud reporting centre) at actionfraud.police.uk.
  • Place a notice of correction on your credit file through UK credit reference agencies if you suspect credit fraud.
  • Keep a record of all communications — dates, times, and what was said.

Ready to protect your home?

Start free — no credit card needed