Security & Safety Resource Center

Mobile payment apps make splitting dinner, paying a babysitter or sending rent money incredibly easy. But that convenience comes with a big catch: once you send money to the wrong person, getting it back can be difficult — and sometimes impossible. A simple typo in a username, phone number or email address can send your cash to a stranger instead of your friend.

The safer move? Ask your friend to request the payment first. Then you can respond to the request and confirm the money is going to the right account.

Why payment app mistakes are risky

Apps like Venmo, Zelle, Cash App and PayPal are designed for fast payments between people who know and trust each other. That speed is convenient, but it leaves very little room for second guessing. In many cases, completed peer-to-peer payments can’t be easily reversed unless the recipient cooperates or the transaction qualifies under specific protections.

Zelle transfers that have already reached an enrolled recipient generally cannot be reversed or recalled by the sender, according to LegalClarity’s explanation of Zelle payment disputes. If a payment is still pending because the recipient has not enrolled, cancellation may be possible, but completed payments are much harder to recover.

That means prevention matters more than cleanup.

Ask for a payment request first

Before sending money, ask the recipient to send you a payment request from their account. This adds a simple verification step and reduces the chance of sending funds to the wrong person.

Here’s why it works:

• You don’t have to type the recipient’s username manually.
• You can confirm their name and profile before paying.
• You reduce the risk of sending money to a lookalike account.
• You get a clearer transaction trail in the app.

This is especially useful when paying someone for the first time, sending a larger amount or using a phone number or email address you haven’t saved before.

Mobile payment fraud is growing

Payment fraud is not limited to mistakes — scammers are also targeting peer-to-peer payments aggressively. NiCE Actimize reported that Zelle transactions saw a 26% increase in value and a 34% rise in attempted fraud in 2024, based on its analysis of banking and payments transactions.

The FTC also reported that consumers lost more than $12.5 billion to fraud in 2024, a 25% increase from the prior year, and said consumers reported losing more money to scams paid by bank transfers or cryptocurrency than all other payment methods combined.

Those numbers show why it’s worth slowing down before tapping “send.”

What to check before sending money

Use this quick checklist every time:

• Confirm the recipient’s full name. Don’t rely on a profile photo alone.
• Check the username, phone number or email carefully. One wrong character can matter.
• Send a small test payment first if you’re paying a new person a larger amount.
• Avoid paying strangers with peer-to-peer apps. Use payment methods with stronger buyer protections when purchasing goods or services.
• Never send more money to “fix” a mistake. Scammers sometimes claim they received an accidental payment and ask you to send funds back. Verify inside the app before doing anything.
• Save trusted recipients so you don’t have to search for them again later.

What to do if you sent money to the wrong person

Act quickly:

• Contact the recipient through the app and politely request a refund.
• Report the issue to the payment app.
• Contact your bank or credit union if the payment came from a linked account.
• Save screenshots of the transaction, username, date, time and any messages.
• Report fraud to the FTC at https://reportfraud.ftc.gov/ if you believe you were scammed.

Federal Regulation limits consumer liability for unauthorized electronic fund transfers in certain circumstances, but those protections depend on the situation and how quickly the consumer reports the issue.

Before you send money through Venmo, Zelle or another payment app, ask your friend to request the payment first. It takes an extra moment, but it helps confirm the recipient and prevents a costly typo. With payment app fraud and mistaken transfers on the rise, a quick verification step can save you a lot of stress.

Scam calls work because they catch you in the moment. Your phone rings, the number looks familiar, and the caller sounds urgent. Before you know it, you’re answering questions, confirming details, or listening to a fake warning about your bank account, package delivery, computer, or taxes. One simple way to lower that risk is to stop unknown callers from interrupting you in the first place.

That’s where your phone’s Do Not Disturb, Silence Unknown Callers, or call screening features can help.

Why silencing unknown callers helps prevent scams

Most phone scams start with an unexpected call. The scammer may spoof a local number, pretend to be from a trusted company, or use pressure tactics to get you to act quickly. If the call goes straight to voicemail, you get time to think before responding.

That pause matters. Scammers want a live conversation because it lets them push emotional buttons — fear, urgency, curiosity, or excitement. Sending unknown callers to voicemail removes that pressure and gives you control.

The problem is widespread. The FTC reported that the National Do Not Call Registry had about 258.5 million active registrations as of September 30, 2025, and robocalls continued to make up most Do Not Call violation complaints. The FTC also listed calls about debt reduction, imposters, and medical or prescription issues among the most frequently reported call topics in FY 2025.

How to turn on call filtering on iPhone

Apple gives iPhone users several ways to manage unknown callers. According to Apple Support, you can silence unknown callers so calls from numbers not saved in your contacts are sent to voicemail. Apple also recommends adding important numbers — such as family, your child’s school, or your doctor’s office — to Contacts so those calls still come through.

To manage unknown callers on iPhone:

• Open Settings
• Tap Apps
• Tap Phone
• Find Screen Unknown Callers
• Choose the option that best fits your needs, such as Silence or a call screening option if available on your device

Apple notes that unknown calls can be silenced and sent to voicemail, and missed calls or voicemails from unknown numbers can be moved to an Unknown Callers list when filtering is enabled.

How Android users can reduce unwanted calls

Android settings vary by phone model and carrier, but many Android phones include spam protection, caller ID features, or options to block unknown numbers. Some Android devices using Google’s Phone app include caller ID and spam protection tools that can help identify suspected spam before you answer.

Look in your phone app settings for options such as:

• Caller ID and spam protection
• Block unknown numbers
• Call screening
• Do Not Disturb
• Allow calls from contacts only

If you use Do Not Disturb, set it so calls from saved contacts can still ring while unknown numbers stay quiet.

Don’t forget your voicemail

This strategy only works if you check voicemail regularly. A real caller — like a doctor’s office, school, delivery service, or business contact — may leave a message if they can’t reach you.

Make these habits part of your routine:

• Empty your voicemail inbox so important callers can leave messages.
• Listen before calling back and verify the caller’s identity.
• Never call back using a number provided in a suspicious voicemail.
• Look up the official number yourself if the message claims to be from your bank, insurance company, or government agency.
• Save trusted numbers in your contacts so they can bypass call filtering.

You don’t need to answer every call to stay reachable. Turning on Do Not Disturb or unknown caller filtering helps stop scammers from catching you off guard. Let unknown callers go to voicemail, review messages on your terms, and only call back after you verify the source. It’s a simple phone setting that can protect your privacy, your money, and your peace of mind.

Your email inbox can be one of the best early-warning systems for protecting your social media accounts. Many platforms let you receive an email when someone logs in from a new device, browser, or location. If a cybercriminal gets your password, that alert may be the first sign that someone is trying to take over your account.

The key is simple: turn on login alerts, check them regularly, and don’t forget to look in your spam or junk folder too.

Why login attempt alerts matter

Account takeovers often start quietly. A scammer may steal your password through a phishing email, a fake login page, malware, or a data breach. Then they test that password on your social media accounts. If they get in, they can lock you out, message your friends, post scams, or use your account to trick others.

Login alerts help you spot this activity quickly. If you receive an email saying someone logged in from a device you don’t recognize, you can take action before the attacker does more damage.

According to Kasada’s 2025 Account Takeover Attack Trends, 67% of tracked account sales in Q1 2025 targeted webmail, retail, and social platforms, showing how valuable everyday online accounts are to criminals.

What login alert emails can tell you

A legitimate login alert may include helpful details such as:

• The device used — such as a phone, tablet, or computer
• The browser or app — like Chrome, Safari, or the social media app
• The approximate location — based on the login’s IP address
• The time of the login
• A link or button to secure your account

Be careful, though: scammers also send fake login alert emails. Don’t click links blindly. If you’re unsure, open the social media app directly or type the official website into your browser.

How to use login alerts safely

Use this simple checklist for every major social account you own:

1. Enable login alerts
   Go into the privacy, security, or account settings for each social media platform and turn on alerts for new logins or unrecognized devices.
2. Check your inbox regularly
   Make it a habit to scan your inbox for security notices. Look for subject lines about new logins, password changes, recovery email changes, or suspicious activity.
3. Check your spam folder too
   Security alerts sometimes get filtered incorrectly. Review your spam or junk folder so you don’t miss an important warning.
4. Act fast on anything suspicious
   If you see a login you don’t recognize, change your password immediately from the official app or website. Then sign out of all devices if the platform offers that option.
5. Turn on two-factor authentication
   Login alerts are useful, but two-factor authentication adds another layer of defense. Use an authenticator app when possible instead of relying only on text messages.

What to do if someone logged into your account

If you receive a real alert for a login you don’t recognize:

• Change your password immediately
• Use a strong, unique password
• Turn on two-factor authentication
• Review connected devices and active sessions
• Remove unknown recovery emails or phone numbers
• Warn friends not to trust strange messages from your account
• Report the incident to the platform

Also change the password for any other account where you reused the same login. Password reuse is one of the easiest ways attackers spread from one account to another.

Your inbox can help you catch account takeovers before they spiral. Turn on login alerts for every social media account, check your inbox and spam folder often, and act immediately if something looks wrong. A few seconds of attention can save you from losing control of your account.

Every app on your phone is a doorway—and not all of them lead somewhere safe. When you download a new app, it almost always requests access to personal information on your device: your camera, contacts, location, photos, and more. If you deny those permissions, the app may limit its features or stop working altogether. That puts you in a tough spot—which is exactly why you need to be selective about what you install in the first place.

Why third-party apps are a growing security risk

Not every app in the store is what it claims to be. Cybercriminals routinely disguise malware as everyday tools—flashlight apps, PDF readers, QR code scanners, and productivity utilities. Once installed, these apps can steal your data, spy on your activity, serve aggressive ads, or even drain your bank account.

The scale of this threat is massive. According to a 2025 report by Zscaler ThreatLabz, researchers identified 239 malicious apps on the Google Play Store that were collectively downloaded over 42 million times, with Android malware transactions surging 67% year-over-year. And that’s just what made it past official store protections—apps downloaded from third-party sources outside the Play Store or App Store carry even greater risk.

How to decide if an app is worth downloading

Before you tap “Install,” run through this quick checklist:

• Have you heard of it before? Stick to apps you recognize or that come recommended by trusted sources. A well-known app with millions of downloads is far less likely to be hiding malware than an obscure one with a handful of reviews.
• Who made it? Check the developer’s name. Reputable companies have verified developer profiles and a track record of other published apps. An unknown developer with only one app in the store is a red flag.
• Do the reviews look real? Watch out for apps with suspiciously generic five-star reviews or very few ratings. Legitimate apps typically have detailed, mixed feedback from real users.
• Are the permissions reasonable? A photo editing app needs your camera and photos—that makes sense. A calculator app asking for your contacts, microphone, and location? That doesn’t.
• Is there a simpler alternative? If your phone already has a built-in tool that does the same thing—like a flashlight, calculator, or notes app—skip the third-party download entirely.

What to do after you install a new app

Even after you’ve done your research, stay vigilant:

• Review permissions immediately. Go into your phone’s settings and check exactly what access you’ve granted. Revoke anything that doesn’t match the app’s core function.
• Monitor your device’s behavior. If your phone suddenly slows down, heats up, or starts showing unexpected ads after installing an app, uninstall it right away.
• Keep apps updated. Legitimate developers push regular updates to patch security vulnerabilities. An app that hasn’t been updated in months may no longer be safe.
• Delete what you don’t use. Every unused app is a potential attack surface sitting idle on your device. If you haven’t opened it in a month, remove it.

Your phone holds your most personal information—from banking details and private messages to photos and location history. Every app you install gets a piece of that access, so treat each download like a decision that matters. Stick to well-known, reputable apps, scrutinize permissions before you grant them, and when in doubt, skip the download entirely. A little caution upfront is always easier than dealing with malware after the fact.

If your bank calls you, they already know your account number. If your insurance company calls, they already have your policy details on file. So why would they ask you to verify that information over the phone? The short answer: they wouldn’t. If a caller is asking you for details they should already have, you’re almost certainly dealing with a scammer.

How the phone impersonation scam works

This scam relies on one simple trick: trust. The caller imposter pretends to be from your bank, credit card company, utility provider, or another institution you have an account with. They sound professional, they may even spoof their caller ID to display the company’s real phone number, and they create a sense of urgency to get you talking before you have time to think.

Then comes the ask. They’ll request personal information like:

• Your full account number
• Your Social Security number or the last four digits
• Your PIN, password, or security questions
• Your date of birth or billing address

Here’s the red flag: a legitimate institution that’s calling you already has this information in their system. They don’t need you to recite it back. If someone is asking for details they should already know, it’s a scam—hang up immediately and block the number.

Phone scams are surging at an alarming rate

Impersonation scams have become one of the most costly forms of fraud in the country. According to the FBI’s 2025 Internet Crime Report, government and business impersonation scam complaints nearly doubled between 2024 and 2025, resulting in approximately $797 million in reported losses from government impersonation alone. And those numbers only reflect what victims actually reported—the true cost is likely far higher. [

How to protect yourself from phone impersonation scams

Follow these rules every time you receive an unexpected call:

• Never share personal information with an inbound caller. If someone calls you and asks for account numbers, passwords, or other sensitive details, treat it as a red flag—no exceptions.
• Hang up and call back directly. If you think the call might be legitimate, hang up and dial the official number on the back of your card, on your statement, or on the company’s website.
• Don’t trust caller ID. Scammers use spoofing technology to make it look like the call is coming from your bank, the IRS, or any number they choose. Caller ID is not proof of identity.
• Watch for urgency and pressure. Phrases like “your account has been compromised” or “we need to verify your identity immediately” are designed to make you panic and act without thinking.
• Register with the Do Not Call Registry. While it won’t stop scammers entirely, it reduces legitimate telemarketing calls—making it easier to spot the fraudulent ones. Report violations at https://www.donotcall.gov.

What to do if you’ve already given information to a scammer

If you realize you’ve shared sensitive details with a suspicious caller, act fast:

• Contact your bank or financial institution immediately and alert them to potential fraud on your account.
• Change your passwords and PINs for any accounts that may have been compromised.
• Place a fraud alert or credit freeze with the three major credit bureaus—Equifax, Experian, and TransUnion.
• Report the scam to the FTC at https://ReportFraud.ftc.gov and the FBI’s IC3 at https://www.ic3.gov.

Legitimate companies calling you will never ask you to provide information they should already have on file. That one rule alone can protect you from the vast majority of phone impersonation scams. If something feels off, trust your gut—hang up, look up the real number, and call them back yourself.

Imagine getting a call or email from what appears to be a tech support company offering you a refund for services you previously paid for. Sounds like a nice surprise, right? Don’t fall for it. The “fake refund” scam is one of the most devious tricks in a cybercriminal’s playbook—and it’s costing victims billions.

How does the fake refund tech support scam work?

The scam follows a carefully rehearsed script designed to build trust and then exploit it:

1. The scammer initiates contact. You receive an unsolicited phone call, email, or pop-up message from someone claiming to represent a well-known tech company—Microsoft, Apple, Norton, or your internet provider. They tell you they owe you a refund for a past service, subscription, or overpayment.
2. They request remote access. To “process the refund,” the scammer asks you to download a remote desktop tool like AnyDesk, TeamViewer, or UltraViewer. This gives them full control of your screen.
3. They ask you to log into your bank. Once they have remote access, they instruct you to sign into your online banking so they can “deposit” the refund directly. This is the trap.
4. They manipulate what you see. While connected, the scammer edits the webpage or transfers money between your own accounts to make it look like they accidentally refunded too much. Then they pressure you to “return” the difference—usually via gift cards, wire transfer, or cryptocurrency.

The result? The criminal now has access to your device, your banking credentials, and potentially your entire financial life.

Tech support scams are a billion-dollar problem

This isn’t a small-time hustle. According to the FBI’s 2025 Internet Crime Report, tech and customer support scams accounted for more than $2.1 billion in reported losses in 2025, making it one of the costliest cybercrime categories tracked by the bureau. And those numbers only reflect what was actually reported—the true toll is likely much higher.

Red flags that signal a fake refund scam

Watch for these warning signs every time:

• Unsolicited contact. Legitimate tech support, security, and customer service companies do not call, email, or message you out of the blue offering refunds.
• Requests for remote access. No real company will ask to remotely connect to your computer to process a payment or refund.
• Pressure to log into your bank. A legitimate refund would never require you to open your online banking while someone else controls your screen.
• Urgency and panic tactics. Scammers create artificial time pressure—”this offer expires today” or “we need to fix this immediately”—to stop you from thinking clearly.
• Requests for gift cards or wire transfers. No legitimate business processes refunds through gift cards, cryptocurrency, or wire transfers. Ever.

What to do if you’re targeted

If you receive a suspicious refund call or email, take these steps:

• Hang up or delete the message immediately. Do not engage.
• Never grant remote access to anyone who contacts you unsolicited.
• Contact the company directly. If you think the refund might be real, look up the company’s official phone number yourself and call them.
• Report the scam. File a complaint with the FBI’s IC3 at https://www.ic3.gov and the FTC at https://ReportFraud.ftc.gov.
• If you already gave access, disconnect your device from the internet immediately, run a full antivirus scan, change your banking passwords from a different device, and contact your bank.

The golden rule is simple: legitimate companies will never initiate unsolicited contact to offer you a refund. If someone reaches out claiming to owe you money and asks for remote access to your device or wants you to log into your bank, it’s a scam—every single time. Hang up, delete the message, and protect your accounts.

Your Social Security number is the master key to your identity. It unlocks access to your credit, bank accounts, tax filings, medical records, and more. So why do so many organizations ask for it so casually—and why do so many of us hand it over without a second thought? Here’s the truth: most of the time, you have every right to push back.

Who actually needs your Social Security number?

Very few organizations legally require your SSN. The short list includes:

• Your employer — for tax reporting and payroll purposes
• The IRS — for filing taxes and managing your tax account
• Your bank or financial institution — for opening accounts and reporting interest income
• Government agencies — for benefits like Social Security, Medicare, or unemployment

Beyond that? Most requests for your SSN are a matter of convenience for the organization, not a legal requirement for you.

The four questions the FTC says you should ask

The FTC recommends asking these four questions any time an unfamiliar organization asks for your Social Security number:

• “Why do you need my Social Security number?” — Make them explain the specific reason. If they can’t give you a clear answer, that’s a red flag.
• “How will you keep this information safe?” — Ask about their data security practices. You deserve to know how your most sensitive identifier will be stored and protected.
• “Can you use a different identifier instead?” — Many organizations can use an account number, customer ID, or other reference number in place of your SSN.
• “Can I provide just the last four digits?” — In many cases, the last four digits are sufficient for verification purposes without exposing your full number.

You have every right to ask these questions—and any legitimate organization should be willing to answer them.

Why protecting your SSN matters more than ever

Identity theft is surging at an alarming pace. According to the Identity Theft Resource Center’s 2025 Annual Data Breach Report, there were 3,322 data compromises recorded in 2025—a 79% increase over the past five years—with a notable shift toward the theft of static identifiers like Social Security numbers. Once your SSN is exposed in a breach, criminals can use it for years to open fraudulent accounts, file fake tax returns, or steal your benefits.

What to do if you’ve already shared your SSN

If you’ve given your SSN to an organization, you’re now unsure about, take these steps right away:

• Freeze your credit at all three bureaus—Equifax, Experian, and TransUnion. It’s free and prevents anyone from opening new accounts in your name.
• File an IRS Identity Protection PIN to block fraudulent tax filings using your Social Security number.
• Monitor your credit reports regularly through https://www.annualcreditreport.com for any accounts or inquiries you don’t recognize.
• Set up fraud alerts with any of the three credit bureaus—one alert automatically applies to all three.

Just because someone asks for your Social Security number doesn’t mean you have to give it. Pause, ask the FTC’s four recommended questions, and only share your SSN when there’s a clear, legitimate reason. In a world where data breaches are hitting record highs, a little skepticism goes a long way toward keeping your identity safe.

Here’s something most people don’t realize: every time your Windows laptop or tablet scans for a Wi-Fi network, it broadcasts a unique identifier called a MAC (Media Access Control) address. Think of it as a digital fingerprint for your device. And just like a fingerprint, it can be used to track your movements as you move between Wi-Fi networks—at airports, shopping malls, coffee shops, and other public spaces. The good news? Windows gives you a built-in tool to stop it.

What is a MAC address and why does it matter?

A MAC address is a unique hardware identifier assigned to your device’s network adapter at the factory. It’s a 12-digit code (something like 00:1A:2B:3C:4D:5E) that your device shares every time it connects to—or even searches for—a Wi-Fi network.

The problem is that this address never changes by default. That means anyone monitoring Wi-Fi traffic in a public space can log your MAC address and use it to:

• Track your physical movements across multiple locations over time
• Build a profile of your habits—which stores you visit, how long you stay, and how often you return
• Correlate your device with other data points to identify you personally

This isn’t hypothetical. According to WiGLE (Wireless Geographic Logging Engine), the world’s largest crowd-sourced wireless network database, over 1.9 billion Wi-Fi networks have been mapped globally, with more than 25 billion Wi-Fi observations logged—demonstrating just how extensively wireless signals are being cataloged and tracked across public spaces. How random hardware addresses protect you

Windows 10 and 11 include a feature called Random Hardware Addresses that generates a unique, randomized MAC address each time your device scans for or connects to a Wi-Fi network. Instead of broadcasting your real hardware fingerprint, your device presents a different identity every time—making it significantly harder for anyone to track you.

How to enable random hardware addresses on Windows 11

It takes less than a minute:

1. Open Settings (press Win + I)
2. Click Network & Internet
3. Click Wi-Fi
4. Toggle Random hardware addresses to On to enable it for all networks

To enable it for a specific network instead:

1. In the same Wi-Fi settings, click Manage known networks
2. Select the Wi-Fi network you want to protect
3. Under Random hardware addresses, choose On or Change daily

How to enable random hardware addresses on Windows 10

1. Open Settings
2. Click Network & Internet
3. Click Wi-Fi
4. Toggle Use random hardware addresses to On
5. For individual networks, click Manage known networks, select a network, and enable the setting there

A few things to keep in mind

Random hardware addresses work great for public Wi-Fi, but there are some situations where you may want to leave the feature off:

• Home and office networks that reserve IP addresses based on your MAC address
• Captive portals (like hotel or airport login pages) that authenticate devices by MAC address
• Corporate networks where IT administrators manage device access through MAC filtering
• Software licenses tied to your device’s physical MAC address

For everyday use on public networks, though, turning this feature on is a no-brainer.

Your Windows device doesn’t have to leave a trail of digital breadcrumbs everywhere you go. Enabling random hardware addresses takes just a few clicks and gives you a powerful layer of privacy against Wi-Fi-based surveillance. Turn it on for public networks, keep your real MAC address private, and take back control of your digital footprint.

TikTok makes it incredibly easy for people to find you on the platform—maybe a little too easy. If you’re over 16, TikTok automatically turns on a feature called “Suggest your account to others,” which means your profile can be recommended to people based on your phone contacts, Facebook friends, and shared link activity. If you’d rather control who discovers you, here’s how to turn it off.

What does “Suggest your account to others” actually do?

When this setting is enabled, TikTok actively recommends your profile to other users. The platform uses several signals to make these suggestions, including:

• Your synced phone contacts. If someone in your contacts joins TikTok (or already uses it), your account may pop up as a suggestion for them.
• Facebook friends. If you’ve linked your Facebook account, TikTok cross-references your friends list and suggests your profile to mutual connections.
• Shared links. People who have opened or sent TikTok links to you—or received links from you—may see your account as a suggestion.
• Mutual connections. TikTok also factors in accounts you both follow or interact with to surface recommendations.

For users under 16, TikTok disables this feature by default. But if you’re 16 or older, it’s switched on automatically—and many people have no idea it’s there.

Why you should consider turning it off

With nearly 2 billion users reachable on TikTok’s platform as of early 2026, discoverability cuts both ways. Sure, it’s great if you’re a creator building an audience. But for everyday users, having your account suggested to coworkers, distant relatives, ex-partners, or complete strangers can feel like an invasion of privacy.

Turning off this setting gives you more control over who finds your profile and helps you maintain boundaries between your personal life and your online activity.

How to turn off “Suggest your account to others” on TikTok

The process takes less than a minute:

1. Open the TikTok app and tap your Profile icon in the bottom right corner.
2. Tap the three-line menu (☰) in the top right corner.
3. Select Settings and Privacy.
4. Tap Privacy.
5. Tap Suggest your account to others.
6. Turn off the toggles for Contacts, Facebook friends, and People who open or send links to you.

That’s it—TikTok will stop recommending your profile to others based on those connections.

Take it a step further: disable contact and Facebook syncing

Even after turning off the suggestion setting, TikTok may still hold previously synced data. To fully clean the slate:

• Go to Settings and Privacy > Privacy > Sync contacts and Facebook friends.
• Turn off Sync contacts and Sync Facebook friends.
• Tap Remove previously synced contacts to delete any stored contact data from TikTok’s servers.

This ensures TikTok can’t use your address book or social connections to make future suggestions—even if you re-enable the feature later.

Other TikTok privacy settings worth checking

While you’re in your privacy settings, take a few extra minutes to tighten things up:

• Set your account to Private if you only want approved followers to see your content.
• Turn off Activity Status so others can’t see when you’re online.
• Disable Profile Views and Post Views to browse anonymously without alerting other users.
• Enable two-factor authentication under Security & Permissions for an extra layer of account protection.
• Review third-party app access and revoke permissions for any apps you no longer use.

TikTok’s “Suggest your account to others” feature is designed to help people connect—but not everyone wants to be found. If you value your privacy, take 60 seconds to turn off this setting and disable contact syncing. It’s a small change that gives you much bigger control over who discovers your profile and how.

If you’re looking for an easy way to improve your everyday security, your Apple Watch can do more than track steps—it can help protect your Mac.

Let’s break down how this feature works, why it matters, and how to use it as part of a smarter cybersecurity routine.

What does unlocking your Mac with Apple Watch do?

Apple’s Auto Unlock feature lets you log into your Mac automatically when your Apple Watch is:

• On your wrist
• Unlocked and authenticated
• Close to your Mac

Instead of typing a password, your watch securely verifies your identity in the background.

This not only saves time—it also reduces risky habits like reusing weak passwords or disabling login security altogether.

Why this feature is more than just convenience

Many users think Macs are inherently safe, but that’s no longer true at scale. In fact, 66% of Mac users reported encountering a cyber threat in the past year, according to a 2025 macOS threat report.

That means basic protections—like strong authentication—matter more than ever.

Using your Apple Watch to unlock your Mac adds a layer of protection because:

• It relies on proximity-based authentication
• It reduces password exposure (no typing in public)
• It requires secure Apple ID settings behind the scenes

How does Auto Unlock improve your overall security?

It enforces two-factor authentication (2FA)

To enable Apple Watch unlock, Apple requires:

• Two-factor authentication on your Apple ID
• A passcode on your watch
• Secure device pairing

This is a big deal. Accounts protected by 2FA are up to 99% less likely to be compromised, based on industry analysis from WorldMetrics.

It minimizes human error

Most cyber incidents come down to user behavior:

• Weak passwords
• Password reuse
• Shoulder surfing in public spaces

Auto Unlock removes these risks from your daily workflow.

It strengthens your device ecosystem

Apple’s security model works best when devices cooperate. Using Apple Watch unlock means:

• Your identity is verified across trusted devices
• Your login process is harder to intercept
• You reduce reliance on a single password

How to enable unlock with Apple Watch

Follow these steps on your Mac:

1. Open System Settings (or System Preferences)
2. Go to Touch ID & Password (or Security & Privacy)
3. Turn on “Use Apple Watch to unlock apps and your Mac”
4. Enter your Mac password to confirm

Make sure:

• Bluetooth and Wi-Fi are enabled
• Your watch is signed into the same Apple ID
• Your devices are up to date

When should you use this feature?

This feature is especially useful if you:

• Work in shared or public environments
• Unlock your Mac frequently throughout the day
• Want stronger security without extra friction

It’s a perfect example of “low effort, high impact” cybersecurity.

Smart habits to pair with this feature

To maximize protection, combine Apple Watch unlock with:

• ✅ A strong, unique Mac password
• ✅ Automatic macOS updates
• ✅ FileVault disk encryption
• ✅ A password manager
• ✅ Awareness of phishing attacks

Cybersecurity doesn’t always require complex tools. Sometimes, it’s about using the features you already have—correctly.

Unlocking your Mac with your Apple Watch gives you:

• Faster access
• Less password exposure
• Built-in two-factor authentication

That’s a win for both convenience and security.