Making your devices, online identity, and activities more secure really doesn’t take much effort. In fact, several of our tips about what you can do to be more secure online boil down to little more than common sense. These 12 tips for being more secure in your online life will help keep you safer.
Ransomware attacks, identity theft, and online credit card fraud can be devastating, and these are just a few of the many types of malicious software and network attacks. If you’ve never been the victim of a breach, count yourself lucky, but don’t let your luck lead you to complacency.
1. Install an Antivirus and Keep It Updated
We call this type of software antivirus, but it actually protects against all kinds of malicious software. Ransomware encrypts your files and demands payment to restore them. Trojan horse programs seem like valid programs, but behind the scenes they steal your private information. Bots turn your computer into a soldier in a zombie army, ready to engage in a denial of service attack, or spew spam, or whatever the bot herder commands. An effective antivirus protects against these and many other kinds of malware.
In theory, you can set and forget your antivirus protection, letting it hum along in the background, download updates, and so on. In practice, you should take a look at it every now and then. Most antivirus utilities display a green banner or icon when everything is hunky-dory. If you open the utility and see yellow or red, follow the instructions to get things back on track.
Whether you’ve chosen a simple antivirus or a full security suite, you’ll need to renew it every year. Your best bet is to enroll in automatic renewal. With some security products, doing so enables a malware-free guarantee. You can always opt out later, if you get the urge to switch to a different product.
One more thing. If your antivirus or security suite doesn’t have ransomware protection, consider adding a separate layer of protection. Many ransomware-specific utilities are entirely free, so there’s no reason not to try a few of them and select the one that suits you best.
2. Use Unique Passwords for Every Login
One of the easiest ways hackers steal information is by getting a batch of username and password combinations from one source and trying those same combinations elsewhere. For example, let’s say hackers got your username and password by hacking an email provider. They might try to log into banking sites or major online stores using the same username and password combination. The single best way to prevent one data breach from having a domino effect is to use a strong, unique password for every single online account you have.
Creating a unique and strong password for every account is not a job for a human. That why you use a password manager. Several very good password managers are free, and it takes little time to start using one. For-pay password managers generally offer more features, however.
When you use a password manager, the only password you need to remember is the master password that locks the password manager itself. When unlocked, the password manager logs you into your online accounts automatically. That not only helps keep you safer, but also increases your efficiency and productivity. You no longer spend time typing your logins, or dealing with the time-consuming frustration of resetting a forgotten password.
3. Use Two-Factor Authentication
Two-factor authentication can be a pain, but it absolutely makes your accounts more secure. Two-factor authentication means you need to pass another layer of authentication, not just a username and password, to get into your accounts. If the data or personal information in an account is sensitive or valuable, and the account offers two-factor authentication, you should enable it. Gmail, Evernote, and Dropbox are a few examples of online services that offer two-factor authentication.
Two-factor authentication verifies your identity using at least two different forms of authentication: something you are, something you have, or something you know. Something you know is the password, naturally. Something you are could mean authentication using a fingerprint, or facial recognition. Something you have could be your mobile phone. You might be asked to enter a code sent via text, or tap a confirmation button on a mobile app. Something you have could also be a physical Security Key; Google and Microsoft have announced a push toward this kind of authentication.
If you just use a password for authentication, anyone who learns that password owns your account. With two-factor authentication enabled, the password alone is useless. Most password managers support two-factor, though some only require it when they detect a connection from a new device. Enabling two-factor authentication for your password manager is a must.
4. Clear Your Cache
Never underestimate how much your browser’s cache knows about you. Saved cookies, saved searches, and Web history could point to home address, family information, and other personal data.
To better protect that information that may be lurking in your Web history, be sure to delete browser cookies and clear your browser history on a regular basis. It’s easy. In Chrome, Edge, Firefox, Internet Explorer, or Opera, simply press Ctrl+Shift+Del to bring up a dialog that lets you choose which elements of browser data you want to clear.
Deleting cookies may cause trouble for some websites you may lose any personalization you’ve applied. Most browsers let you list favorite websites whose cookies shouldn’t be tossed.
For a complete guide to getting started, you can read our feature on how to clear your cache in any browser.
5. Turn Off the ‘Save Password’ Feature in Browsers
Speaking of what your browser may know about you, most browsers include a built-in password management solution. Which is not recommended, however. It’s best to leave password protection to the experts who make password managers.
Think about this. When you install a third-party password manager, it typically offers to import your password from the browser’s storage. If the password manager can do that, you can be sure some malicious software can do the same. In addition, keeping your passwords in a single, central password manager lets you use them across all browsers and devices.
6. Don’t Fall Prey to Click Bait
Part of securing your online life is being smart about what you click. Click bait doesn’t just refer to cat compilation videos and catchy headlines. It can also comprise links in email, messaging apps, and on Facebook. Phishing links masquerade as secure websites, hoping to trick you into giving them your credentials. Drive-by download pages can cause malware to automatically download and infect your device.
Don’t click links in emails or text messages, unless they come from a source you’re sure of. Even then, be cautious; your trusted source might have been compromised, or the message might be a fake. The same goes for links on social media sites, even in posts that seem to be from your friends. If a post seems unlike the style of your social media buddy, it could be a hack.
7. Use Different Email Addresses for Different Kinds of Accounts
People who are both highly organized and methodical about their security often use different email addresses for different purposes, to keep the online identities associated with them separate. If a phishing email claiming to be from your bank comes to the account you use only for social media, you know it’s fake.
Consider maintaining one email address dedicated to signing up for apps that you want to try, but which might have questionable security, or which might spam you with promotional messages. After you’ve vetted a service or app, sign up using one of your permanent email accounts. If the dedicated account starts to get spam, close it, and create a new one. This is a do-it-yourself version of the masked emails you get from Abine Blur and other disposable email account services.
Many sites equate your email address with your username, but some let you select your own username. Consider using a different username every time—hey, your password manager remembers it! Now anyone trying to get into your account must guess both the username and the password.