How do you protect yourself online without having to remember a million impossible passwords?
This is an (actually) easy to implement guide, which is the digital equivalent of locking your house when you leave.
Taking these steps won’t make you hack-proof (just as locking your house won’t make your house burglar-proof) but it will make you much safer online. It also won’t make your digital life any harder than carrying keys makes your day-to-day life.
If you're convinced that this is too much work, start with one item at a time. If you're really insistent on not reading the whole list, start with the first 5 items here.
How to Protect Yourself Online
Set Passwords on All Your Devices
Setting passwords on all your devices – like laptops, phones, tablets, routers, and so on – is the first order of business.
For any devices which still have default passwords enabled, change them (think about your wifi router, a home camera system like Amazon’s Blink, or a smart TV).
Don't reuse your passwords. That can be very difficult, but a tool like a password manager can make that much easier. Which brings us to...
Use a Password Manager
Password managers let you create one ‘master password’ and then securely store (and generate) your strong, unique passwords for each account. They give you the security of having separate passwords for every account, but the convenience of only having to remember one password.
I love 1Password ($3/month) as it has an app and a browser extension (so it can autofill your passwords for you across apps and devices), but KeePass is a secure free option.
Password managers also allow you to securely store all kinds of information such as insurance numbers, bank account data, and so on. Think of it as the digital equivalent of having a fire-proof box with all your important documents.
Setting it up the first time (and putting all your accounts and passwords into it) is a giant pain. So go do it now. Seriously, I’ll wait.
Go back and do step 2.
At least put your bank and credit card accounts, email accounts, and social media into your new password manager. Spend 5 minutes a day adding new accounts to your password manager. Over time, it will save you a significant amount of time and stress.
Why? Often when passwords are leaked in a breach, hackers will use something called ‘credential stuffing’. That means they will take that password and plug it into an automated tool which will try using it in as many accounts as possible. If all your accounts have the same password, either your accounts could get breached, or you have to change ALL of your passwords every time you hear about a new breach.
Skip the stress and get a password manager (also, set up (free!) alerts here so you know when your account data has been leaked).
Update EVERYTHING.
Don’t click postpone or ignore on those pop up updates. Software updates are most often released in response to reported security vulnerabilities. Leaving your devices unpatched can leave them vulnerable to attack.
Back Up Your Data Regularly
You'll want to back up your data in case you are infected with malware. You can use iCloud (but make sure you've used a secure password!), other cloud service, or a physical hard drive (I use this one).
Use Antivirus Software (and Update it Regularly).
If you can afford it, antivirus is a good idea. It's not perfect, but it's better than nothing and typically a good idea for the average user. I use Malware Bytes.
Limit the Number of Internet-Connected Devices You Have.
Think before purchasing devices with internet connectivity. Is an internet connected kettle worth the potential security vulnerabilities (spoiler alert: it usually isn’t.)?
Internet of Things devices are rarely updated and generally aren’t designed with security in mind. That means they’re often riddled with vulnerabilities. And if they’re on your home wifi network, can leave hackers an easy way in.
Often (but not always), more expensive devices will do a better job of protecting your security.
Regularly Review Your Social Media Privacy Settings.
You might be surprised at how much information is being shared. When creating new social media accounts or posts, think before you post it. The more information hackers have on you, the easier their job is.
Try to avoid posting too much personal information on your social media pages, as well as avoiding posting things like pictures of your credit card or boarding pass.
For folks who rely on social media as an income stream, wipe the metadata from your photos and videos before posting (metadata can include specific location and device information which can be accessed by anyone viewing the photo/video).
Avoid Connecting to Free Wifi Hotspots.
Free wifi hotspots are often targeted by hackers and can put you at risk of MitM attacks (Man in the Middle Attacks) where a hacker spies on your internet traffic, and may even modify it without you knowing.
If you can’t avoid connecting to these hotspots, buy a VPN service.
Buy a VPN service.
A VPN (virtual private network) provides online privacy and anonymity. This can protect you, even when you connect to public wifi hotspots.
I recommend using one which you can install it on multiple devices, enable automatic connection (so as soon as you connect to the internet you are automatically connected to the VPN), and select which country you want your traffic to come from.
The TOR browser is a free service, however it is less convenient, and can slow down your connection speed.
Enable Multi-Factor Authentication on Your Primary Email Account.
Also known as MFA, or 2FA for 2 Factor authentication. This means that even if someone has your password, they can’t access your account.
Multi-factor authentication requires that you have two things to login: something you know (your password) and something you have (a code from an SMS, a code from an app like Google Authenticator, or a hardware key like YubiKey).
A hardware key is best, followed by an app, followed by SMS (which is still better than nothing).
If you’re feeling really motivated, also do so on your other accounts, but at least do so on your most important accounts. For a full list of websites which support 2FA, check here.
Use an End to End Encrypted Chat Application.
End to end encryption means that your data is encrypted on the device, and that no one can read or change your message in transit (not your internet service provider (ISP), hackers, and so on).
In order for someone to read this type of message, generally a hacker would have to have access to your device already. iMessage, WhatsApp, Wickr, and Signal are all free options, and Facebook Messenger is secure if you choose the ‘secret’ option when starting a chat.
Personally, I highly recommend Signal, as it’s open-source, free, and not owned by any major tech companies.
Check out MySudo and Privacy.
MySudo provides phone numbers via an app with plans starting at $0.99/month.
These are really great for using on dating apps, food delivery apps, or any other time when you may not want to give out your personal number (because your personal phone number is being used as a password reset option or as a form of multifactor authentication).
They also provide virtual debit cards (though Privacy offers better virtual card options for free). Think of this as the online version of paying with pre-paid Visa cards. You can have a unique debit card number for every single purchase online so you don't have to worry the next time a vendor gets breached and credit card details are stolen.
Finally, Be Careful Online.
Be wary of clicking links from unknown senders (in strange social media requests, texts, or emails), avoid running programs like Adobe Flash (which is notoriously insecure), and avoid websites which might give you malware (adult video streaming sites are often loaded with malicious content, as are free streaming or download sites).
If you need to access the link in an email (such as an alert from your bank or social media accounts), navigate to the app or website directly, rather than clicking the link in the email.
At the end of the day, don’t overthink it.
Want to learn more?