Follow these ten easy steps to improve your online security and privacy quickly. The first five steps will help you to strengthen your online accounts. The other five will focus on hardening your computer.
Part I: Bulletproof your online accounts
1. Install a password manager: The golden rule for being safe online is to have a different random password for each site. Long and random passwords prevents brute-force attacks. Using a different password for each account prevents having all your accounts compromised at once when a data breach occurs because of password reuse. No one can generate and remember a gazillion random passwords, so the best way to do this is to use a password manager and just remember one very hard to guess password. My personal choice is LastPass but there are other good alternatives. 2. Update your accounts information: Take a moment to go through your most important accounts and check they have the correct information, including email address and phone number. If your password is weak, also take the time to upgrade it using your shiny new password manager. As shown in our recent research on secret questions, providing the correct phone number or email address greatly improves someones chances of recovering their account successfully.
3. Use two-factor authentication for important accounts: Add a second factor to the accounts for the services that you care the most about, such as Gmail, Dropbox, Facebook, Twitter, GitHub, iCloud and Steam. You can backup/sync your second factors for most sites using a third-party app such as authenticator plus (my favorite) or authy. In any case, dont forget to print the backup codes provided to you when you enable the second factor. You can also store them in your password manager.
4. Review your privacy settings: Review the settings on social networks and sharing sites to make sure your are sharing your data with whom you intend to. Facebook privacy setting step by step,Google+
5. Use a hardware security key for vital accounts: For the accounts that matter the most, it is worth going the extra mile and using a hardware security key as a second factor. Consider doing this for your main email account, your password manager and your recovery email address. For example, Google/Gmail uses FIDO U2F keys and LastPass uses the older Yubikey standard, but you can get the two to work with one keyusing a Yubikey Neo.
Part II: Lock your computer down
6. Backup your valuable data: Backup the data you care about, photos, videos, documents, either on an external hard drive or in the cloud (or both!). This will save you from hardware failure, unwanted deletion and even cryptolocker malware. Use an external hard drive like the Seagate backup plus(recommended by Wirecutter) and/or back up your data in the cloud, for example, using Google Drive or Dropbox.
7. Update your operating system: Keeping your computer up to date is the first step to being safe online. Start by updating your operating system and turn on automatic updates if you havent done so. Windows, OSX and Linux support this. Consider also updating to the latest version of your operating system if you havent done so yet.
8. Keep your software up to date: Make sure your software, in particular your browser, is up to date to ensure you are safe while browsing the internet. Here is how to do this for Chrome, Firefox and Internet Explorer. Make sure the auto-update option of your various pieces of software is turned on.
9. Secure your computer: Make sure your antivirus and firewall are working properly. Here is how to check if your setup if correct forWindows 10 and OSX. Toms guide and other sites have review to help you choose the antivirus that fit you the best.
10. Respect browsers security warnings: Paying attentions to warming is probably the most obvious and still one of the most overlooked advice. Every modern browsers will show you a warning when you are about to visit a dangerous website. When you see one, as illustrated above, dont ignore them. Come back another time when the site is cleaned up. Similarly dont download a program if your browser or antivirus says it is malicious.