You should always be able to make assessments based on risk.
The issue is that calculating the risk of being hacked isn't what you think it is (probably).
Most people look at the risk like this:
Why would a hacker target me? I'm nobody, I'm unimportant. This is just my fanfic account, if they want my smut, they can have it. If they want my spam mails from Amazon, they can have my email.
But that's not the actual risk.
So let's look at that together.
Let me start by asking you about your password.
How did you create it?
Do you use it anywhere else?
If it's generated by a password manager, is that password manager the one built into your browser?
How long is it?
When you added complexity to it, did you just add a 1 to the end? Your birth year? Maybe an underscore between words?
All of these things should be factoring into your risk calculation.
You can see my password advice and how easy it is to crack a password here.
So why the hell does this matter to the odds?
Let's say you use the browser-native password manager to create that password - what else could they potentially have access to, if they have that password? Your Google account? Do you have a banking app on your phone? Do you store your banking password in your browser-native password manager? What else is in there?
Risk isn't just inherent to the one thing that someone may have access to, it's lateral.
If someone gains access to one thing, what else can they gain access to?
Crowdstrike has a good summary of lateral movement here.
Effectively, any attacker, once they have access, may try to access other things - the higher the value, the higher the odds.
Do you value your banking information? Of course you do! So how can someone get from accessing your Gmail to your banking? Is the app installed on your Android phone? Is the password the same? Is the password stored in your Google password manager? All things you have to consider for risk.
I know what you're thinking: that's all well and good, but what are the actual odds someone's going to target me?
You specifically? Some random unknown person on the internet? A direct target on you yourself? Probably not that high, to be honest.
But that's not where the conversation ends.
Because you don't have to be the specific target to get hacked, you just have to be the easiest.
Let's look at an example: call centre scammers.
They have no idea who's calling them.
They didn't specifically put that fake virus message on your computer, they just put it out in the wild and let it go nuts. Whoever calls, calls.
It's the same for your online accounts and information.
A bad actor can obtain your login information from any given data breach on the dark web. (You can check haveibeenpwned to see if your email's been in a breach - if it has, change your password right away anywhere you use that password/email combination, and check your account activity/logins)
Which means that in a majority of cases, they already have your login information.
And not because you necessarily were the target, but because you were easy.
Also, you have to consider the version of something you're using.
I know we all hate updating our software.
Upgrading from Windows 10 to 11.
Installing that next update that gives the app a new look you just don't like, so you avoid it to keep the old look.
But hidden behind those updates are security patches, things that make your system more secure against attacks.
And if you're avoiding those updates and your computer is on the internet, someone can easily find you.
There's a whole-ass tool online out there that people can use to look for out of date systems.
Again, they're not targeting you, they're targeting the weakness that you're broadcasting to the world.
All it takes is one quick search and a random click on a red dot that happens to be your computer.
Update your computer, get a different operating system if you have to.
If you're not using your system for anything too heavy or Steam games, try something like Linux Mint or ZorinOS, which are designed to have a similar feel to more classic Windows experiences.
Get a password manager.
PC Mag has a list of free password managers for 2026 here, if you can't afford a paid version.
When considering risk, considering the odds that you specifically are the target, stop right there. And instead consider whether you are an easy target instead.
And FFS get MFA set up. If you don't want to use Google or Microsoft, Proton has one you can use.
Enhancing Your Security with OTP: Solutions for Better Protection
Your Accounts In today’s digital world, security is everything. As hackers and data breaches become more sophisticated every day, protecting our online accounts is not just a luxury, it’s a necessity. One of the most effective and widespread ways to protect our online identities is one-time passwords (OTP). You may have heard of them, but how much do you know about what they do? Don’t worry; I…
Android बैंकिंग मैलवेयर Google प्रमाणक कोड को चुरा सकते हैं: रिपोर्ट
Android बैंकिंग मैलवेयर Google प्रमाणक कोड को चुरा सकते हैं: रिपोर्ट
सुरक्षा विश्लेषकों का दावा है कि अपेक्षाकृत नया एंड्रॉइड मैलवेयर अब Google के प्रामाणिक ऐप द्वारा उत्पन्न वन-टाइम पासवर्ड (ओटीपी) निकाल सकता है। Google प्रमाणक ऐप को 2010 में एसएमएस-आधारित वन-टाइम पासकोड के विकल्प के रूप में लॉन्च किया गया था, और इसका उपयोग जीमेल और यूट्यूब जैसे विभिन्न Google ऐप और सेवाओं के लिए दो-कारक प्रमाणीकरण (2FA) के लिए किया जाता है। Google ने रिपोर्ट में विश्लेषकों…
Android Banking Malware Can Steal Google Authenticator Codes: Report Security analysts claim that a relatively new Android malware can now extract one-time passwords (OTP) generated by Google's authenticator app.
The single most important security precaution you can take with high-value online accounts is to enable a mobile device as a secondary ident
Adding multi-factor authentication (often called two-factor authentication, or 2FA) to high-value online accounts is probably the single most important security precaution you can take. It takes just a few minutes to set up, and the result is a layer of protection that will prevent intruders from intercepting your email, stealing funds from your bank account, or hijacking your social media.
How to Use Google Authenticator App to Secure Your Gmail Account
How to Use Google Authenticator App to Secure Your Gmail Account
Two-factor authentication is a needlessly complex sounding name for a very simple way to secure your email, social media, and most other online accounts. While two-factor authentication technically means you have two layers of security protecting your account – typically, one a password, and the second is usually a one-time password (OTP). So most people who talk about two-factor authentication…
How to Set Up Two Step Verification for your Microsoft Account
In light of recent hacks during Thanksgiving and now Christmas, I thought it appropriate to do a guide on how to arm your Microsoft account with a second layer of protection called “Two Step Verification”. That second layer is not bullet proof but it sure does make it a lot harder to get through to your precious account. You know, the one that holds all your information about you, your bank and…
