Why Account Security Can't Be an Afterthought
Customer portals hold sensitive information — billing details, personal identification data, service history, and sometimes payment methods. A compromised account can lead to financial fraud, identity theft, and loss of access to critical services. Strengthening your account security doesn't require technical expertise; it just requires knowing the right steps.
Use a Strong, Unique Password
Your password is your first line of defence. A strong password should be:
- At least 12–16 characters long
- A mix of uppercase letters, lowercase letters, numbers, and symbols
- Unique to that account — never reused across multiple sites
- Not based on personal information (birthdays, names, pet names)
The easiest way to manage strong, unique passwords is to use a password manager such as Bitwarden (free and open-source), 1Password, or your browser's built-in manager. These tools generate and store complex passwords so you don't have to memorise them.
Enable Two-Factor Authentication (2FA)
Two-factor authentication adds a second verification step beyond your password. Even if someone obtains your password, they can't access your account without also having the second factor. Here's how to set it up:
- Go to Account Settings → Security on your portal.
- Find the Two-Factor Authentication or Two-Step Verification option.
- Choose your preferred method (see table below).
- Follow the setup instructions — typically scanning a QR code with an authenticator app or confirming a phone number.
- Save the backup/recovery codes provided — store them securely offline in case you lose access to your 2FA device.
Comparing 2FA Methods
| Method | How It Works | Security Level |
|---|---|---|
| Authenticator App (e.g., Google Authenticator, Authy) | Time-based one-time codes generated on your phone | High |
| SMS / Text Message | Code sent to your registered phone number | Medium (SIM-swap risk) |
| Email OTP | Code sent to your registered email | Medium |
| Hardware Security Key (e.g., YubiKey) | Physical USB/NFC key required at login | Very High |
For most users, an authenticator app offers the best balance of security and convenience.
Recognise Phishing Attempts
Phishing is one of the most common ways accounts get compromised — attackers send emails pretending to be from legitimate companies to trick you into entering your credentials on a fake site. Watch for these red flags:
- Urgent language: "Your account will be suspended in 24 hours"
- Email sender address that doesn't match the company's official domain
- Links that look similar to official URLs but differ by a letter or use a different domain
- Requests to confirm your password or payment details via email
Rule of thumb: If in doubt, don't click any links in the email. Instead, open a new browser tab and navigate directly to the portal's official address.
Review Connected Apps & Active Sessions
Many portals show you which devices are currently logged in and which third-party apps have access to your account. Regularly audit these:
- Go to Security Settings → Active Sessions to see logged-in devices.
- Log out of any sessions you don't recognise or no longer use.
- Under Connected Apps or Authorised Applications, revoke access for any services you no longer use.
Manage Your Privacy Settings
Privacy settings control what data the portal collects and shares. To manage them:
- Navigate to Privacy or Data & Privacy in your account settings.
- Review what data is stored and request deletion of data you no longer want held.
- Opt out of non-essential data sharing or marketing profiling where the option exists.
- Check if the platform offers a data export feature — this lets you download a copy of your data at any time.
Set Up Account Recovery Options
Ensure you have reliable ways to recover your account if you're ever locked out:
- Keep your recovery email address current and accessible.
- Keep your phone number up to date for SMS recovery.
- Store backup 2FA codes in a secure, offline location (e.g., printed and stored safely).