Mr. Klosowski is a staff writer at Wirecutter.

What little privacy people don’t give away, companies tend to take.

Given this unfortunate reality, to get complete privacy you’d need to install a labyrinthine series of software tools that make the internet slow and unusable — think specialty Web browsers, encrypted email and chat; virtual private networks; and security-focused incognito operating systems. Or you’d need to stay off the internet altogether.

But don’t lose hope. Although total privacy is all but unattainable, you can protect yourself in two ways: Lock down your devices and accounts so they don’t give away your data, and practice cautious behavior online.

Getting started is easy. By making a few simple changes to your devices and accounts, you can maintain security against outside parties’ unwanted attempts to gain access to your data as well as protect your privacy from those you don’t consent to sharing your information with. You really can take back some control over who has access to your data.

Here’s how, according to the experts at Wirecutter, a product recommendation site owned by The New York Times Company.

Start with these tools, but keep in mind that behavior matters just as much.

Password manager: LastPass or 1Password

Browser extensions: uBlock Origin (Chrome, Firefox, Microsoft Edge, Safari), HTTPS Everywhere, Privacy Badger

Antivirus: Windows Defender and Malwarebytes Premium

1. Secure your accounts

Why: In the past decade, data breaches and password leaks have struck companies such as Equifax, Facebook, Home Depot, Marriott, Target, Yahoo and countless others. If you have online accounts, hackers are likely to have leaked data from at least one of them. Want to know which of your accounts have been compromised? Search for your email address on Have I Been Pwned? to cross-reference your email address with hundreds of data breaches.

How: Everyone should use a password manager to generate and remember different, complex passwords for every account. This is the most important thing people can do to protect their privacy and security today. Wirecutter’s favorite password managers are LastPass and 1Password. Both can generate passwords, monitor accounts for security breaches, suggest changing weak passwords, and sync your passwords between your computer and phone. Password managers seem intimidating to set up, but once you’ve installed one you just need to browse the internet as usual. As you log in to accounts, the password manager saves your passwords and suggests changing weak or duplicate passwords. Over the course of a couple of weeks, you end up with new passwords for most of your accounts. Take this time to also change the default passwords for any devices in your house — if your home router, smart light bulbs or security cameras are still using “password” or “1234” as the password, change them.

Everyone should also use two-step authentication whenever possible for their online accounts. Most banks and major social networks provide this option. As the name suggests, two-step authentication requires two steps: entering your password and entering a number only you have access to. For example, step one is logging in to Facebook with your user name and password. In step two, Facebook sends a temporary code to you in a text message or, even better, through an app like Google Authenticator, and you enter that code to log in.