ROCHESTER, N.Y. – Have you bought anything online yet? If you said no, you’re definitely in the minority. Millions are shopping in their pajamas, but you have to do it safely. And the best person from which to get advice is a hacker.           

I interviewed a fascinating guy named Luke Secrist. He created a company called BuddoBot and brought together this team of professional hackers. Companies hire them to essentially hack into their systems to show them how to improve their cybersecurity. And Secrist says there is one key thing you need to do before you start shopping online, create a shopper identity.

“It’s actually quite easy. It starts with your email. Create an email with your preferred email vendor and create an email that does not identify you in any way,” he said.

Not only will all that unwanted spam now go to your shopping email, but also potential scammers don’t have access to your real email. Then instead of using your credit card, use express pay-out whenever possible. That allows you to use your digital wallet or online payment service like Apple Pay, PayPal or Google Pay, which all encrypt your data, thereby allowing you to avoid putting any of your personal information on a retail site.

Secrist says creating difficult passwords is also key. Hackers know one trick we all try to do to remember our password.

“If your password was puppydog back in the day, and that was compromised, and you said oh I’ll make it secure. I’ll add a capital P and a capital D and maybe 123 afterward. So, these are common traits that we look out for. Instead use auto generators. Use a password manager and remove any kind of duplicative usage out there.”

Admit it. We’ve all done it. You find out your password has been compromised so you change it ever so slightly.  Secrist says hackers know that. Instead use a password generator. You already have one on your iPhone. If you have an android, you can use Google Password Manager.