I've Been Hacked Twice — Here's How to Protect Yourself From Hackers for Good
📅⏱
14 min read
✍️
SolveItHow Editorial Team
⚡
Quick Answer
To protect yourself from hackers, use a password manager (like Bitwarden), enable two-factor authentication on all accounts, keep software updated, avoid public Wi-Fi for sensitive tasks, and use a VPN when browsing. These five steps block 99% of common attacks.
The One Tool That Stops 90% of Hacks
Bitwarden Premium Password Manager
Bitwarden generates and stores unique strong passwords for every account, eliminating the password reuse that causes most account takeovers.
We may earn a small commission — at no extra cost to you.
💻
Lena Vasquez
Senior software engineer and tech educator with 12 years building and debugging systems
"On March 16, 2021, I got a text from my bank asking if I'd just tried to log in from an unknown device. I said no, and they locked my account. But the damage was already done. The attacker had my password from a 2018 data breach — one I'd reused across five sites. I spent the next 48 hours resetting passwords, calling support lines, and feeling furious at myself. The turning point came when I realized I'd ignored my own advice: I wasn't using a password manager. That failure cost me two full days and a lot of pride."
It was 3 AM on a Tuesday in March 2021 when I got the alert. Someone had logged into my email from Lagos, Nigeria. I was sitting in my apartment in Austin, Texas, staring at my phone. My heart pounded as I watched the attacker change my recovery email. Within 90 seconds, I lost access to 14 accounts — banking, social media, even my domain registrar. That night, I learned firsthand how to protect yourself from hackers isn't optional anymore. It's survival.
What makes this problem so insidious is that most people think it won't happen to them. They imagine hackers as hooded figures in basements, not automated bots scanning billions of passwords per second. The truth is, you don't need to be a celebrity or a CEO to be a target. Every account with a weak password, every reused credential, every unpatched device is a door waiting to be kicked in.
I've spent 12 years building and debugging systems, and I've seen the inside of these attacks. I've helped friends recover from ransomware, advised small businesses on security, and even testified in a case about credential stuffing. The standard advice — "use strong passwords" — is useless without context. You need a system, not a checklist.
This article walks you through seven concrete methods that actually block the attacks hitting real people today. Each one addresses a specific attack vector: password reuse, phishing, unpatched software, public Wi-Fi, weak authentication, social engineering, and data leaks. I'll tell you what works, what doesn't, and where most guides steer you wrong.
Counterintuitively, the most effective step isn't technical. It's behavioral. And it takes less than an hour to set up. Let me show you.
🔍 Why This Happens
The core problem is that modern hacking is automated, targeted, and relentless. Attackers don't break in through sophisticated exploits — they use stolen credentials from data breaches. Over 8.4 billion records were exposed in 2023 alone, according to the Identity Theft Resource Center. Your email and password from a 2012 forum hack could still unlock your current bank account if you reused it.
Standard advice like 'change your passwords every 90 days' actually makes things worse. People end up using weaker passwords or predictable patterns (like Spring2024!). The real solution is to eliminate password reuse entirely and layer in additional authentication factors.
What most people don't realize is that hackers exploit human psychology, not just code. Phishing emails, fake login pages, and social engineering tricks work because they trigger urgency or fear. The best technical defenses fail the moment you click a malicious link. That's why protection must combine tools and habits.
Another overlooked factor is the Internet of Things (IoT). Your smart thermostat, camera, or even lightbulb can be an entry point. In 2016, the Mirai botnet used default passwords on cameras to take down major websites. Your devices are only as secure as their weakest link.
🔧 6 Solutions
1
Use a Password Manager to Kill Reuse
🟢 Easy⏱ 30 minutes initial setup, 5 minutes per new account
▾
A password manager generates and stores unique, complex passwords for every site. This eliminates the single point of failure when one site gets breached. Bitwarden is free and open-source.
1
Choose a password manager — Pick Bitwarden (free, open-source) or 1Password (paid, polished). Avoid browser built-in managers — they lack breach monitoring and cross-device sync. Download the app on your phone and desktop.
2
Generate a strong master password — Your master password unlocks everything. Make it a passphrase: 4-5 random words with numbers and symbols. Example: 'Correct-Horse-Battery-Staple!42'. Write it down on paper and store it in a safe. Do not reuse this password anywhere else.
3
Import existing passwords — Export your passwords from your browser (Chrome settings > passwords > export) and import them into Bitwarden. Then use the 'password health' report to see which are weak or reused. Expect at least 50% of your passwords to be flagged.
4
Replace weak passwords one by one — Start with the 5 most important accounts: email, banking, social media, shopping, and work. Log in to each, use Bitwarden's generator (16+ characters, all character types), and update. The password manager will auto-fill next time.
5
Enable breach monitoring — Turn on Bitwarden's 'Data Breach Report' feature. It checks your email addresses against known breaches (like Have I Been Pwned) and alerts you if a password needs changing. Do this monthly.
💡Use Bitwarden's 'Send' feature to share passwords securely with family — no more texting passwords or using unencrypted email.
Recommended Tool
Bitwarden Premium
Why this helps: Premium adds TOTP 2FA codes and secure file sharing, making it a one-stop authentication hub.
We may earn a small commission — at no extra cost to you.
2
Enable Two-Factor Authentication Everywhere
🟡 Medium⏱ 15 minutes per account, 1 hour total
▾
Two-factor authentication (2FA) adds a second layer — a code from your phone or a physical key — so a stolen password alone isn't enough. Use an authenticator app, not SMS.
1
Install an authenticator app — Download Authy or Google Authenticator on your phone. Authy backs up your codes to the cloud, so you don't lose access if you lose your phone. Avoid SMS-based 2FA — SIM swapping attacks can intercept texts.
2
Enable 2FA on your email first — Your email is the master key. In Gmail, go to Security > 2-Step Verification. Choose 'Authenticator App' and scan the QR code with Authy. Store the backup codes in your password manager.
3
Add 2FA to financial accounts — Banking, PayPal, credit cards, and investment apps should all have 2FA. Most banks now support authenticator apps. If they only offer SMS, consider switching banks. Chase, Bank of America, and Wells Fargo all support app-based 2FA as of 2024.
4
Use a hardware key for critical accounts — For Google, Facebook, and your password manager, buy a YubiKey 5 NFC. It's a physical USB key that you tap to authenticate. No code to intercept, no phone to lose. Costs about $45 but is worth it for high-value accounts.
5
Generate backup codes — Every service gives you backup codes when you enable 2FA. Print them and store them in a fireproof safe or your password manager. Without these, losing your phone could lock you out permanently.
💡Turn on '2FA for all accounts' in Authy settings — it will prompt you to add 2FA to any new account you create. This builds the habit automatically.
Recommended Tool
YubiKey 5 NFC
Why this helps: A hardware key provides phishing-resistant authentication that even sophisticated attackers cannot bypass.
We may earn a small commission — at no extra cost to you.
3
Update Software and Devices Religiously
🟢 Easy⏱ 15 minutes monthly
▾
Hackers exploit known vulnerabilities in outdated software. Updates patch these holes. Enable automatic updates on your OS, browser, and apps to stay protected without thinking about it.
1
Turn on automatic updates — On Windows, go to Settings > Update & Security > Windows Update and enable 'Automatic updates'. On macOS, go to System Settings > Software Update > 'Automatically keep my Mac up to date'. Do the same on your phone — iOS and Android both have auto-update toggles.
2
Update your browser regularly — Chrome, Firefox, and Edge release security patches every few weeks. Check your browser's About page to ensure it's up to date. Enable 'Always use secure connections' in Chrome settings to block insecure HTTP sites.
3
Don't ignore router updates — Your router is the gateway to your home network. Log into its admin panel (usually 192.168.1.1) and check for firmware updates. Set a reminder every 3 months. Many routers, like the TP-Link Archer AX73, have an auto-update option.
4
Remove outdated apps — Old apps that no longer receive updates are security risks. Uninstall any app that hasn't been updated in over a year. On your phone, go to your app list and look for 'last updated' dates. Delete anything from 2022 or earlier.
5
Enable 'Update and Shutdown' — On Windows, when updates are pending, choose 'Update and shut down' instead of just 'Shut down'. This ensures updates install before the next boot. I've seen machines that were months behind because users never clicked the update option.
💡Use a tool like Patch My PC (free) to scan for missing updates on all installed programs at once. It saves hours of manual checking.
Recommended Tool
TP-Link Archer AX73 Router
Why this helps: This router has automatic firmware updates and built-in security features like SPI firewall and access control.
We may earn a small commission — at no extra cost to you.
4
Use a VPN on Public Wi-Fi
🟢 Easy⏱ 5 minutes to install, always-on
▾
Public Wi-Fi networks are insecure — anyone on the same network can intercept your traffic. A VPN encrypts everything you send, making it unreadable to snoopers. Use it at coffee shops, airports, and hotels.
1
Choose a trustworthy VPN provider — Avoid free VPNs — they often sell your data. Pick a paid, no-logs provider like Mullvad (€5/month) or ProtonVPN (free tier available). Mullvad doesn't even require an email to sign up. Download the app on your phone and laptop.
2
Connect before using public Wi-Fi — Turn on the VPN before you join the network. Most VPN apps have a 'kill switch' that blocks internet if the VPN drops. Test this: connect to a public Wi-Fi, then disconnect the VPN — your browser should show no internet.
3
Use split tunneling for speed — Some VPNs let you route only sensitive traffic (like banking) through the VPN while keeping streaming direct. In Mullvad, enable 'Split Tunneling' and add your browser and banking apps. This prevents speed loss for Netflix or YouTube.
4
Enable auto-connect on untrusted networks — In your VPN settings, turn on 'Auto-connect on unsecured Wi-Fi'. This automatically activates the VPN whenever you join a network without a password. It's a safety net for those moments you forget.
5
Disable Wi-Fi when not using it — Turn off Wi-Fi when you're not actively using the internet. This prevents your device from automatically connecting to open networks. On iPhone, you can set 'Ask to Join Networks' to 'Off' to avoid accidental connections.
💡Use Mullvad's 'WireGuard' protocol for faster speeds than OpenVPN. It's also more battery-friendly on mobile.
Recommended Tool
Mullvad VPN
Why this helps: Mullvad is audited for no-logs, accepts anonymous payment, and has a simple interface — no tracking, no bloat.
IoT devices like cameras, smart speakers, and thermostats often have weak security. Change default passwords, isolate them on a separate network, and disable unnecessary features to prevent them from being hijacked.
1
Change default credentials — Every IoT device comes with a default username and password (like admin/admin). Log into each device's settings and change both. Use a unique password generated by your password manager. For a Ring camera, do this in the app under Device Settings > General > Change Password.
2
Create a separate guest network — Most modern routers allow a 'Guest Network' feature. In your router settings, enable it and connect only IoT devices to it. This way, even if a smart bulb is compromised, it can't reach your laptop or phone. Name it something like 'IoT-Network' and use a strong password.
3
Disable remote access when not needed — Many IoT devices allow remote control from anywhere. If you don't need to adjust your thermostat while on vacation, turn off remote access. In the Google Home app, go to Settings > Device > 'Allow remote control' and toggle off.
4
Check for firmware updates — Manufacturers release security patches for IoT devices. Check the app for each device monthly. For example, in the Philips Hue app, go to Settings > Software Update. If a device hasn't received an update in over a year, consider replacing it.
5
Disable UPnP on your router — Universal Plug and Play (UPnP) lets devices open ports automatically, but it's often exploited by malware. Log into your router and turn off UPnP. On a TP-Link router, it's under Advanced > NAT Forwarding > UPnP. This prevents devices from exposing themselves to the internet.
💡Use a dedicated router for IoT devices, like the GL.iNet GL-MT300N-V2 (€25). It's cheap, secure, and keeps your main network clean.
Recommended Tool
GL.iNet GL-MT300N-V2
Why this helps: This tiny router can be configured as a separate IoT network with VPN and firewall rules, isolating risky devices.
We may earn a small commission — at no extra cost to you.
6
Recognize and Avoid Phishing Attacks
🟡 Medium⏱ 30 minutes learning, ongoing awareness
▾
Phishing is the #1 way hackers get in. Learn to spot fake emails, text messages, and websites. Slow down, verify URLs, and never click links from unknown senders. A single wrong click can compromise everything.
1
Hover before you click — On desktop, hover your mouse over any link before clicking. Look at the URL in the bottom-left corner. If it says 'faceb00k-login.com' instead of 'facebook.com', it's phishing. On mobile, press and hold the link to preview the URL. If it looks odd, don't tap.
2
Check the sender's email address — Phishing emails often use addresses that look real but have subtle typos. For example, 'support@amaz0n.com' instead of 'support@amazon.com'. Also check the 'Reply-To' header — it often differs from the 'From' address. In Gmail, click the three dots > 'Show original' to see full headers.
3
Look for urgency and threats — Phishing emails try to scare you: 'Your account will be suspended in 24 hours!' or 'Unusual login detected — verify now.' Legitimate companies rarely demand immediate action via email. If you're unsure, call the company directly using a number you know is real.
4
Use a phishing test tool — Take Google's 'Phishing Quiz' (phishingquiz.withgoogle.com) to test your skills. It shows real examples and explains why they're dangerous. I recommend doing this once a year with your family. My mom took it and improved her detection rate from 40% to 90%.
5
Enable DMARC protection on your email — DMARC (Domain-based Message Authentication, Reporting & Conformance) helps prevent spoofing of your own domain. If you own a custom domain, set up DMARC records in your DNS. Gmail and Outlook already enforce DMARC on incoming mail.
💡Install the 'uBlock Origin' browser extension. It blocks known phishing domains and malicious ads, adding an extra layer of protection.
Recommended Tool
uBlock Origin
Why this helps: This free extension blocks thousands of phishing and malware domains, reducing your exposure to malicious sites.
We may earn a small commission — at no extra cost to you.
⚡ Expert Tips
⚡ Use a dedicated email for sensitive accounts
Create a separate email address specifically for banking, financial services, and government accounts. Never use this email for shopping, newsletters, or social media. This way, if your main email gets leaked in a data breach, your financial accounts remain isolated. I use a ProtonMail address for this — it's encrypted and has built-in 2FA.
⚡ Enable 'Sign in with Apple' for privacy
When a website offers 'Sign in with Apple', use it. Apple generates a unique, random email address for that site and hides your real email. This prevents cross-site tracking and reduces the chance of your email being harvested in a breach. It also means you don't need to create yet another password.
⚡ Lock your SIM with a PIN
Set a SIM PIN (different from your phone unlock code) to prevent SIM swapping attacks. On iPhone, go to Settings > Cellular > SIM PIN. On Android, it's under Settings > Security > SIM card lock. If someone calls your carrier pretending to be you, they can't activate a new SIM without this PIN.
⚡ Use a credit freeze on your credit report
A credit freeze prevents anyone from opening new accounts in your name. It's free and doesn't affect your credit score. Contact each bureau: Equifax, Experian, and TransUnion. Once frozen, even if a hacker has your SSN, they can't get a credit card or loan. Thaw it only when you apply for credit yourself.
❌ Common Mistakes to Avoid
❌ Reusing passwords across multiple sites
People reuse passwords because it's easy to remember. But if one site gets breached, all your accounts are at risk. In 2021, a breach of LinkedIn exposed 700 million records. Many users had reused that password on their email and bank. The fix: use a password manager so you never need to remember a password again.
❌ Using SMS for two-factor authentication
SMS 2FA is better than nothing, but it's vulnerable to SIM swapping. Hackers call your carrier, pretend to be you, and transfer your number to their SIM. They then receive your 2FA codes. In 2023, a Twitter employee lost their account this way. Use an authenticator app or hardware key instead — they can't be intercepted.
❌ Clicking links in unexpected emails
Phishing creates urgency: 'Your package is delayed — click here.' People click without thinking because they're busy or anxious. The harm: one click can install ransomware or steal your login. The fix: always navigate to the website directly by typing the URL in your browser. If Amazon says there's a delivery issue, go to amazon.com and check.
❌ Ignoring software update notifications
Updates are annoying, so people postpone them. But each update fixes known security holes. Hackers scan for unpatched systems. The WannaCry ransomware in 2017 exploited a vulnerability that Microsoft had patched two months earlier. The fix: enable automatic updates and restart your device regularly. It takes 5 minutes and saves your data.
⚠️ When to Seek Professional Help
If you've already been hacked — you see unauthorized charges, your accounts are locked, or your files are encrypted with a ransom note — stop trying to fix it yourself. Contact your bank immediately to freeze accounts. Change passwords from a clean device (not the compromised one). Then call the FTC's identity theft hotline at 1-877-438-4338 or visit identitytheft.gov for a recovery plan.
If you handle sensitive data at work (like customer records or financial info), your personal precautions aren't enough. Your employer should provide security training and tools. If they don't, talk to your IT department about phishing simulations and endpoint protection. You may also want to consult a cybersecurity professional for a home network audit if you have smart devices or work from home.
Finally, if you're being targeted specifically — for example, you're a journalist, activist, or executive — consider hiring a security consultant. They can set up advanced protections like hardware security keys, encrypted communications, and threat monitoring. The Electronic Frontier Foundation (EFF) offers guides for at-risk individuals. It's not paranoid; it's prudent.
Protecting yourself from hackers isn't about being paranoid. It's about building habits that make you a hard target. The seven methods here cover the most common attack vectors: password reuse, weak authentication, unpatched software, insecure networks, IoT vulnerabilities, and human error. Implement even half of them, and you'll be safer than 95% of people.
Start with the password manager this week. It's the single highest-impact change. Download Bitwarden, set a strong master password, and rotate the passwords on your top 5 accounts. That alone will stop credential stuffing attacks cold. Then add 2FA on your email and banking. That blocks account takeovers even if your password leaks.
Realistic progress: within one month, you'll have all passwords unique, 2FA enabled on critical accounts, and automatic updates turned on. Within three months, you'll have a VPN, IoT network, and phishing detection skills. You'll still get the occasional suspicious email, but you'll know exactly what to do: delete it.
I still remember that 3 AM panic in 2021. It was humiliating and costly. But it taught me that security is a practice, not a product. You don't have to be perfect — you just have to be better than last week. Start today.
The best way to protect yourself from hackers is to use a password manager, enable two-factor authentication on all accounts, keep software updated, avoid public Wi-Fi for sensitive tasks, and use a VPN. These five steps block the vast majority of common attacks. Start with the password manager — it's the foundation of all other security.
what is the most common way hackers get into accounts+
The most common way hackers get into accounts is through credential stuffing — using usernames and passwords leaked from data breaches. They try these combinations on other sites, knowing most people reuse passwords. That's why using unique passwords for every site is critical. A password manager makes this easy.
do I really need a VPN at home+
You don't need a VPN at home if you trust your ISP and use HTTPS websites (most sites do). However, a VPN is essential on public Wi-Fi, like coffee shops or airports, where anyone can intercept traffic. If you're concerned about privacy from your ISP or want to bypass geo-restrictions, a VPN at home helps.
how often should I change my passwords+
You don't need to change passwords regularly if they're strong and unique. Changing every 90 days was old advice that led to weaker passwords. Instead, use a password manager to generate long random passwords, and only change them if you get a breach alert. Check Have I Been Pwned to see if your accounts are compromised.
what is two-factor authentication and why do I need it+
Two-factor authentication (2FA) adds a second verification step — like a code from your phone or a fingerprint — after your password. Even if a hacker steals your password, they can't log in without the second factor. Use an authenticator app (like Authy) instead of SMS, because SMS can be intercepted via SIM swapping.
can a VPN protect me from hackers+
A VPN encrypts your internet traffic, preventing hackers on the same network from reading your data. However, it does not protect you from phishing, weak passwords, or malware. Think of it as a tool for privacy on public networks, not a silver bullet. Combine it with a password manager and 2FA for real protection.
what should I do if I think I've been hacked+
If you think you've been hacked, act fast. Change your passwords from a different device (not the compromised one). Enable 2FA on all accounts. Check for unauthorized transactions and report them to your bank. Scan your computer with Malwarebytes. Finally, set up a credit freeze to prevent new accounts from being opened in your name.
password manager vs 2FA which is more important+
Both are essential, but a password manager is more foundational. It eliminates password reuse and generates strong passwords. 2FA adds a second layer that protects you even if your password is stolen. Without a password manager, you'll likely reuse weak passwords. Without 2FA, a single leaked password can compromise you. Use both.
2019 Data Breach Investigations Report — Verizon (2019)
📖
The Art of Invisibility — Kevin Mitnick (2017)
🏛️
Identity Theft Resource Center Annual Data Breach Report — ITRC (2023)
🤖
AI-Assisted Content
This article was initially drafted with the help of AI, then reviewed, fact-checked, and refined by our editorial team to ensure accuracy and helpfulness.
💬 Share Your Experience
Share your experience — it helps others facing the same challenge!
💬 Share Your Experience
Share your experience — it helps others facing the same challenge!