A Tech Developer's 5 Rules for Keeping Your Finances Safe Online

Most financial security advice comes from banks and credit card companies. This comes from someone who spends his days thinking about how systems get compromised.

A developer on our team shared five things he personally does to protect his finances. They're not complicated, but most people are skipping at least two of them.

1. Turn on two-factor authentication for everything financial

Two-factor authentication, or 2FA, means that logging into an account requires your password plus a second verification, usually a text message code or an app like Google Authenticator. If someone gets your password, they still can't get in without that second step. And while getting a text message is a great level of security, using something like Google Authenticator is the safest option.

The rule here is no exceptions. Email, bank accounts, brokerage accounts, credit card portals, whatever has a password and has anything to do with your money, 2FA should be on. Most people turn it on for their bank and stop there.

2. Never enter your card number directly when shopping online

Every time you type your credit card number into a website, that number lives somewhere in that system. The more places it lives, the more ways it can be stolen.

When you check out online, opt for a third-party service like PayPal, Apple Pay, or Google Pay. These services pass a token to the merchant rather than your actual card number, which means the retailer never sees your card details. One breach at a retailer you've never heard of can't touch you if they never had your number.

3. Change the default password on your home devices

Everything today is connected: Smart TVs, routers, security cameras, thermostats, refrigerators. And most home devices come with a default password like "admin" or "changeme." Those defaults are often published in the device manuals, which are freely available online. Someone who gets onto your home network has a much easier path to anything connected to it, including devices you use for banking.

Change the default password on every device that connects to your home wifi. It takes two minutes and closes a door most people don't know is open.

4. Give the card reader a tug before you use it

Skimming devices steal your card number when you swipe or insert it and get placed over legitimate card readers, most commonly at gas pumps. They're designed to look like part of the machine.

A quick tug on the card reader before you use it is enough to detect most of them. A legitimate reader is bolted down. A skimmer usually isn't. It's a small habit that takes half a second and has a real track record of catching fraud before it happens.

You also want to never use your debit card at the gas pump. Credit cards add extra layers of protection and don't give thieves direct access to your bank account. Compare some of the best cards to use for your next fill-up right here.

5. Don't use your phone to pay at the register

Mobile payment security has improved, but the risk profile is different from a physical card. Devices exist that can intercept a phone's payment signal within a few feet. If your phone is compromised or intercepted, the exposure is different than a single card number.

Using a physical credit card at the register keeps your phone's payment system out of the transaction entirely. You still get your rewards, and you remove a variable that isn't fully under your control.

The pattern behind all five

None of these require technical knowledge. They're all about reducing the number of places your financial information can be stolen or exposed. Each one closes a specific door, and none of them take more than a few minutes to set up.

The best way to prevent fraud is to make yourself a harder target; luck will only take you so far.