If you reuse the same passwords or create ones based on personal details (like your dog’s name or a birthday), an abuser can gain access to your accounts with an educated guess. To counter this, your best option is to not know your own passwords. You can do this with a password manager, which generates strong passwords that are impossible to guess and then locks them behind a single “master password” that only you know. When you create a master password, it should be something your abuser can’t guess.
There are many different password managers out there, but Wirecutter thinks 1Password is the best option for those who are new to password managers (if you can’t afford to pay for a password manager, Wirecutter also recommends Bitwarden). Once you get it set up, go through your list of accounts, change their passwords, and update them with your new email address. If accounts have security questions (for instance, “What’s your mother’s maiden name?”), you should change those answers to a random word. (You can save these responses in a password manager, if needed.) For a walk-through on getting started with a password manager, head over to this guide on the tech website How-To Geek.
Two-factor authentication is a security feature typically available for important online accounts, including those for banks, email, and social media. When you enable two-factor authentication, you’ll need two pieces of information to sign in to your accounts: your password and a multi-digit code. The code can come from either a text message or an app. For security purposes, an app is better than a text message, and Wirecutter likes the easy-to-use Authy app. However, this type of authentication assumes that only you have access to your phone — if an abuser can still get into your phone, they may be able to access the authentication codes, so it’s important to secure your devices before you set it up. You should consider using two-factor authentication for any accounts that contain private information, including bank accounts, Google accounts, Facebook profiles, and Apple accounts. Check out Wirecutter’s guide to setting up Authy to get started. If you’re comfortable with technology, Wirecutter recommends a physical security key as an even better option, but getting the hang of using it does take some technical skill.
Check privacy settings on social media
Accounts on social media platforms like Instagram, Facebook, or Twitter can leak location data or other streams of information to an abuser without you realizing it. Take time to run through Facebook’s Privacy Checkup, and lock down who can see your posts, remove any apps that may automatically share your location, and delete any other apps, games, or tools you don’t recognize, use, or remember adding. Be sure to set up alerts for when someone logs in to your account. You may also consider making your other social media accounts, like those on Instagram and Twitter, private. If you need help navigating the settings, The New York Times (Wirecutter’s parent company) maintains a social media security and privacy checklist for journalists that includes many of the settings you should change.
Google’s not exactly a social network, but its privacy controls are worth spending some time with. By default, Google saves every search you make on Google and YouTube, and Google Maps creates a record of everywhere you’ve gone throughout the week. If an abusive partner has access to these accounts, they may find something in your history. You can pause these settings from your account dashboard at any time.
Improve your smartphone’s security and privacy
Our smartphones provide near-instant access to everything about our daily lives. To prevent that type of access in the future, you should set up your phone as securely as possible:
Enable a passcode. Some abusers may try to unlock a phone using a fingerprint or face login when you’re sleeping, so it’s best to stick with a six-digit passcode instead. If you don’t have a passcode, enable one — while it adds a mildly annoying step to unlocking your phone, it makes your phone much more secure. Most Android users can open Settings and then tap Security to create a passcode. (Depending on which Android phone you have, you may need to poke around to find this setting.) On iPhone, open Settings, tap Touch ID & Passcode, and make sure the passcode option is enabled. (If you have a newer iPhone, you might see Face ID & Password instead.) Disable any Touch or Face ID options while you’re there.
Change notification options. Notifications on your phone may reveal personal information, like the first few lines of a text message or email, to anyone who happens to catch a glance at your device. To protect yourself on an Android phone, open Settings, tap Notifications, and choose Hide Content for any apps that might include personal information. On iPhone, open Settings, tap Notifications, and change the Show Previews option to Never.
Check location settings. Location stalking is a way to see where someone is throughout the day, so it’s a good idea to identify which apps have access to your location and make sure you want them to have that info. On Android, open Settings, tap Location, tap App permission, and then review the apps that have access. On iPhone, open Settings, tap Privacy, and then tap Location Services.
See which apps are installed. An abuser may install something on your phone to spy on you, or use dual-purpose apps, like child-monitoring software, to track your location. To see everything that’s installed on an Android phone, open the Google Play Store, tap the three-line icon, tap My apps & games, and then tap Installed. On iPhone, open Settings, tap General, and then tap iPhone Storage. If you see anything you don’t recognize, you may want to delete it, but beware the abuser may get an alert when you do.
Update the operating system. Updating your phone’s operating system improves security and wipes out certain types of stalkerware, so set your phone to update automatically. On Android, open Settings, select About Phone, and make sure Check Automatically is set under Software Update. On iPhone, open Settings, tap General, tap Software Update, and scroll down to Automatic Updates to make sure it’s enabled.
Smartphone security is also about recalibrating how you use your phone. Train yourself to avoid clicking links sent through email or text, change your passwords when you notice strange activity on your accounts, and be mindful of what information you store (and share) on your phone.
If you need to communicate privately with a friend, investigator, or counselor, it’s worth considering switching to a secure messaging app like Signal. Signal works exactly like Apple Messages or WhatsApp but offers privacy- and security-focused features like encryption, a second lock screen to open the app, disappearing chat history, and the ability to rename message threads to obscure a contact’s name.