PassMonitor logo PassMonitor
PT EN
Practical guide

Protect your data
in 6 simple steps

You don't need to be a tech expert to stay safe online. This guide shows you what to do, step by step, in plain language.

1

Check if your data has been leaked

The first step is knowing if you've already been affected. Use PassMonitor to check your email for free. If it appears in any breach, you'll know exactly what data was exposed and when.

Check my email now
2

Create strong, unique passwords

Most people use the same password across multiple sites. If one leaks, all of them become vulnerable. A strong password has at least 12 characters and mixes uppercase, lowercase, numbers and symbols.

  • Never reuse passwords across different sites
  • Avoid personal data like your name, birthday or pet's name
  • The longer the better. Passphrases work really well
  • Change it immediately if you learn of a breach
3

Enable two-factor authentication (2FA)

Two-factor authentication adds an extra layer of protection. Even if someone discovers your password, they can't access your account without the second factor, which can be a code on your phone or a security key.

  • Enable it on email, banking, social media and any important account
  • Prefer apps like Google Authenticator or Authy over SMS
  • Keep your recovery codes in a safe place
  • Never share verification codes with anyone
4

Use a password manager

Nobody can memorize dozens of strong, unique passwords. A password manager does it for you: it creates, stores and auto-fills passwords across all your devices.

Bitwarden Free and open source
1Password Intuitive interface, great for families
Google Password Manager Built into Chrome, no install needed
5

Learn to spot scams (phishing)

Scammers impersonate companies, banks and even friends to steal your data. These messages look real, but there are always signs that give away the fraud.

  • Messages with extreme urgency: "your account will be locked in 24h"
  • Links that don't match the company's official website
  • Requests for passwords, verification codes or banking details
  • Spelling errors or strange email addresses
  • Deals that seem too good to be true
6

What to do if your data was leaked

If you've discovered you were a breach victim, don't panic. Follow these steps in order:

  1. 1 Change the password for the affected service immediately
  2. 2 If you used the same password elsewhere, change it on all of them
  3. 3 Enable two-factor authentication wherever you haven't yet
  4. 4 Monitor your bank statements for unusual activity
  5. 5 Be suspicious of unexpected contacts in the days following the breach

Quick checklist

Mentally check off what you've already done. The goal is to reach 100%:

  • Checked if my email appears in data breaches
  • I use different passwords for each site
  • My passwords are at least 12 characters long
  • Enabled 2FA on my email
  • Enabled 2FA on my banking apps
  • Enabled 2FA on social media
  • I use a password manager
  • I can identify phishing emails
  • I don't click on suspicious links
  • I keep my apps and system updated

Frequently asked questions

What is the ideal length for a secure password?

At least 12 characters, but the longer the better. Passphrases with 4 or more words (e.g. 'CoffeeWithMilk@Night!') are easy to remember and extremely hard to crack by brute force.

Is SMS a good option for two-factor authentication?

SMS is better than nothing, but not the safest option. Scammers can clone your SIM card (SIM swap) and intercept codes. Prefer authenticator apps like Google Authenticator, Authy, or physical security keys (FIDO2).

Are password managers really safe? What if they get hacked?

Password managers use end-to-end encryption - even if the server is breached, your data remains encrypted with your master password. The risk of using a password manager is much lower than reusing weak passwords across multiple sites.

Is public Wi-Fi dangerous? How can I protect myself?

Yes. On public Wi-Fi networks, attackers can intercept your data. Avoid accessing banks or entering passwords on open Wi-Fi. If you must, use a trusted VPN to encrypt your connection.

How can I tell if a website is safe before entering my data?

Check if the URL starts with https:// (with a padlock icon). Verify the domain is the company's official one. Be suspicious of sites with poor design, spelling errors, or excessive pop-ups.

Should I keep my apps and operating system updated?

Yes, always. Updates fix security vulnerabilities that hackers exploit to break into devices. Enable automatic updates on your phone and computer.

What is social engineering and how can I protect myself?

Social engineering is when scammers psychologically manipulate you to obtain data. It can be a phone call pretending to be your bank, an urgent email, or a message from a 'friend'. Be suspicious of any unexpected contact requesting personal information.

Received a suspicious message?

Vigarista.com is our intelligent online scam detector. Paste any suspicious link, message or offer and our AI analyzes it in seconds to determine if it's fraud. While PassMonitor takes care of the after (has your data been leaked?), Vigarista.com takes care of the before (is this message a scam?).

Check on Vigarista.com

Start with step 1

Find out now if your data has been exposed. It's free, takes less than 30 seconds and requires no signup.

Check my email now Read FAQ