Password Security
Passwords remain the first line of defense for most accounts. The problem? Most people use weak passwords and reuse them across sites. When one site gets breached, attackers try those credentials everywhere.
Use a Password Manager
Password managers generate and store unique passwords for every site. You only need to remember one master password. Popular options: 1Password, Bitwarden, Dashlane. Yes, keeping all passwords in one place seems risky, but it's far safer than reusing passwords.
Make Passwords Long, Not Clever
"correct-horse-battery-staple" is more secure and memorable than "P@ssw0rd!". Length beats complexity. If you must create a memorable password, use a passphrase of 4+ random words.
Never Reuse Passwords
Every account should have a unique password. This way, one breach doesn't compromise everything. Password managers make this practical.
Two-Factor Authentication (2FA)
Two-factor authentication adds a second verification step beyond your password. Even if someone steals your password, they can't access your account without the second factor.
Best: Hardware Keys
Physical security keys (YubiKey, Google Titan) are phishing-resistant and the strongest option. Worth it for high-value accounts.
Good: Authenticator Apps
Apps like Google Authenticator, Authy, or Microsoft Authenticator generate time-based codes. Much better than SMS.
Okay: SMS Codes
SMS 2FA can be intercepted via SIM swapping. Still better than no 2FA, but use an authenticator app when available.
Prioritize enabling 2FA on: email (most important—it's used to reset other passwords), banking, social media, and cloud storage.
Recognizing Scams and Phishing
Social engineering attacks trick you into giving up information or access. They exploit human psychology rather than technical vulnerabilities.
Common Scam Tactics
- Urgency: "Act now or lose access" pressures you to skip thinking
- Authority: Impersonating your bank, boss, or government
- Fear: "Your computer is infected" or "You owe money"
- Too good to be true: Lottery wins, inheritance, easy money
- Curiosity: "Someone shared photos of you" or package delivery notices
See real examples in our Phishing Email Examples guide.
Keeping Devices Secure
Keep Software Updated
Enable automatic updates for your OS, browsers, and apps. Most attacks exploit known vulnerabilities that patches fix. Updating is the single most effective security action.
Use Built-in Security Features
Windows Defender, macOS Gatekeeper, and Android/iOS protections are good enough for most people. Keep them enabled. Third-party antivirus is optional.
Enable Device Encryption
Modern phones are encrypted by default. For computers, enable BitLocker (Windows) or FileVault (Mac). This protects your data if your device is lost or stolen.
Lock Your Devices
Use a PIN, password, or biometric lock on all devices. Enable "find my device" features to locate or wipe devices remotely if lost.
Be Careful What You Install
Stick to official app stores. Read permissions before installing—a flashlight app doesn't need access to your contacts. Uninstall apps you don't use.
Safe Browsing Habits
- Look for HTTPS: The padlock means your connection is encrypted. Doesn't mean the site is trustworthy, but lack of HTTPS is a red flag for any site handling sensitive data.
- Type URLs directly: Don't click links in emails or texts to access banking or shopping sites. Type the address or use bookmarks.
- Use ad blockers: Malicious ads (malvertising) are a real attack vector. uBlock Origin is recommended.
- Be skeptical of downloads: "Free" software often bundles unwanted programs. Download from official sources only.
- Limit browser extensions: Extensions have broad access. Only install ones you truly need from trusted developers.
Public Wi-Fi and Network Safety
Public Wi-Fi Risks
Public Wi-Fi networks at cafes, airports, and hotels can be monitored by attackers. While HTTPS protects most traffic, risks remain.
- Avoid accessing sensitive accounts (banking, email) on public Wi-Fi
- Use your phone's mobile data for sensitive tasks
- Consider a VPN if you frequently use public networks
- Disable auto-connect to open networks
- Use "Forget Network" after connecting to public Wi-Fi
Protecting Your Privacy
Review Privacy Settings
Check privacy settings on social media, your phone, and Google/Apple accounts. Limit what data is collected and who can see your information.
Be Careful What You Share
Security questions ("mother's maiden name", "first pet") are often guessable from social media. Vacation posts tell thieves when you're away.
Use Burner Info When Possible
For signups you don't trust, use email aliases (Gmail's +alias feature or services like SimpleLogin) and consider a secondary phone number (Google Voice).
Backing Up Your Data
Backups protect against ransomware, hardware failure, theft, and accidents. Follow the 3-2-1 rule: 3 copies, 2 different media types, 1 offsite.
- Cloud backup: iCloud, Google Drive, OneDrive sync important files automatically
- Local backup: External hard drive for full system images (Time Machine, Windows Backup)
- Test your backups: Actually try restoring files periodically
For more on why backups matter, see our What is Ransomware? guide.
FAQ
Do I really need antivirus software?
Built-in protections (Windows Defender, etc.) are sufficient for most users. Good habits—updating software, avoiding suspicious downloads, not clicking phishing links—matter more than which antivirus you use.
Is it safe to use public computers?
Avoid logging into sensitive accounts on public computers (libraries, hotels, internet cafes). If you must, use private/incognito mode and log out completely. Better yet, use your own device.
Should I use a VPN?
VPNs are useful on public Wi-Fi and for privacy from your ISP, but they're not magic. They don't make you anonymous or protect against phishing. Most people don't need a VPN at home.