How to stay safe online (internet safety tips)

This article provides internet safety tips to help you stay safe online.

Almost everyone uses the internet now, but not everyone is aware of its dangers.

Internet threats are increasing, with new ones emerging every day.

From computer viruses to hackers to scammers to stalkers, you can encounter them all on the internet.

That's why you should educate yourself and your family about how to stay safe online.

Tips for staying safe online

1. Keep your web browser up to date

Most web browsers receive regular updates. These updates may include patches to fix security vulnerabilities, preventing hackers or malware (malicious software) from exploiting these security holes.

2. Use caution when using browser extensions

Browser extensions can be useful because they extend the functionality of a web browser by adding features and tools that enhance the user experience. However, there are malicious browser extensions that can capture your passwords, track your internet browsing activity, insert advertisements into web pages you visit, and infect your computer with malware (e.g., computer viruses, spyware, Trojan horses, etc.).

Even a popular and widely recommended browser extension can one day be hacked or sold and turned into a malicious browser extension.

Below are three examples of popular browser extensions that turned bad.

Web Developer for Chrome was hijacked to inject advertisements into browsers, and potentially run malicious JavaScript. [source]
Particle for YouTube was sold to a new developer who immediately turned it into Adware. [source]
Web of Trust (WoT) recorded, collected, analyzed, and sold data about its users' browsing activities to third parties without properly anonymizing the data, resulting in the personal identification of Web of Trust users. [source]

Use as few web browser extensions as possible, and only install extensions from developers you trust, such as Google, Microsoft, or other reputable developers.

Also, take your time to read all the dialog boxes that appear when you install an extension, and avoid downloading browser extensions bundled with other applications.

3. Use strong passwords

You should use a strong password that's at least 20 characters long and includes uppercase and lowercase letters, numbers, and symbols.

Don't use a weak password like '123456', 'qwerty', 'test1', 'password', 'abc123', '123123', 'P@ssw0rd', or another weak password, because even someone with basic computer knowledge can access your online accounts or encrypted data easily and quickly.

You can create a strong secure password using a poem, a lyric from a song, or a line from a movie.

For example:

Let's take the following lyric “Life is too short, and I got no time to sit around just wasting it.”

Take the abbreviation of the lyric (e.g., litsaignttsajwi)
Change a few letters to uppercase letters (e.g., LitSaignTtsajWi)
Change letters to numbers (e.g., LitSai9nTt5ajWi)
Add punctuation (e.g., !LitSai9nTt5ajWi$)

Another example:

Take the following line from the movie Braveheart “They may take our lives, but they'll never take our freedom!”.

Take the abbreviation of the lyric (e.g., tmtolbtntof!)
Change a few letters to uppercase letters (e.g., TmtolbtntoF!)
Change letters to numbers (e.g., Tmt01btntoF!)
Add punctuation (e.g., $Tmt01btntoF!)

You can make a unique password for each of your online accounts by adding specific letters to the beginning or end.

Let's say I want to create a password for my Facebook account. I take the first letter of Facebook, the letter f, and add it to the beginning of the password. Like for example 'f!LitSai9nTt5ajWi$'. Or I add the @ symbol followed by the letter f at the end of the password. For example: '!LitSai9nTt5ajWi$@f'.

I prefer to have different passwords for all my accounts, so I use a password manager to create strong, unique, complex, and secure passwords and store the passwords in an encrypted database.

With a password manager, you only need to create and remember one strong password to access all your other passwords.

Some examples of well-known password managers are KeePass, KeePassXC, Proton Pass, DashLane, 1Password, RoboForm, and Bitwarden.

I use KeePass on Windows, KeePassXC on Linux, and Keepass2Android Offline on Android.

4. Don't reuse your passwords

Remembering passwords is hard, and the easiest solution for many people is to use the same one for everything.

You trust your bank to securely store your account password, right?

But do you also trust your email provider and social media sites?

And what about that one site you created an account on to enter a giveaway?

Maybe not.

Using a unique password is an important part of protecting yourself online.

A good option I mentioned before is using a password manager like KeePass, KeePassXC, Proton Pass, DashLane, 1Password, RoboForm, or Bitwarden. Rather than remembering dozens of unique, strong passwords, you only need to remember a single master password and the password manager handles the rest.

You can even let a password manager generate new passwords and update them on your sites to make switching over easier.

5. Use passkeys instead of passwords

Passkeys are a simple and secure alternative to passwords. With a passkey, you can sign in to your online account using your fingerprint, face scan, or phone screen lock, such as a PIN.

Passkeys provide a strong protection against threats like phishing. Once you create a passkey, you can use it to easily sign in to your online account, apps, and services and verify it's you when you make sensitive changes.

Passkeys are safer than passwords because, unlike passwords, passkeys can only exist on your devices. They can't be written down or accidentally given to the wrong person. When you use a passkey to sign in to your online account, it proves to the website or service that you have access to your device and are able to unlock it.

Sources: Google, Microsoft, and Apple.

6. Enable two-factor authentication

Two-factor authentication (also known as 2FA, 2-step verification) is an extra layer of security for your online accounts designed to ensure that you're the only person who can access your accounts, even if someone else knows your passwords.

If you enable two-step verification on, let's say, your Facebook, Twitter, or Gmail account and want to log in, you will need not only a username and password but also a code that you can get via SMS, an authentication app, special software, email, or another method.

Only use SMS as a two-factor authentication method when there is no other option because SMS is the least secure option. However, SMS is still better than no two-factor authentication at all!

A better and more secure way is to use an authentication app like Microsoft Authenticator, Google Authenticator, or Authy.

7. Protect your Wi-Fi network with a password

A Wi-Fi network without a password is more convenient because you don't need to keep telling your friends the password when they hang out at your place.

You might not even care if your neighbors are using your Wi-Fi network.

But do you know the risks of allowing anyone to access your Wi-Fi network?

Many computers have different security settings based on how much you trust a network and also your home Wi-Fi network.

Trusted networks typically let you share folders with other computers on the same network, which means that anyone on your wireless network could look at the files stored in these shared folders.

By protecting your home Wi-Fi network with a password, you protect your computer and everyone else using your Wi-Fi network.

You should use WPA2 or WPA encryption (WPA2 is the strongest) for your Wi-Fi network and not WEP encryption.

8. Think about what you share online

Social media is all about sharing.

Have you ever considered what kind of information you are sharing on social media when you post a photo or a status update about your plans?

Photos include location information, which can tell anyone who can see them exactly where you took the photos.

Posting about your vacation plans lets people know when your house may be empty, which is ideal information for burglars.

Posting your boarding pass online can allow someone to cancel your flight, change your seats, change the date of your return flight, and find out when you leave and return, based on the booking number.

Think about what you post and what people could learn from reading it.

9. Turn off Bluetooth when you're not using it

Bluetooth can be really useful.

You can use it for hands-free calling in the car and also for wireless keyboards and headphones.

But what are the risks of using Bluetooth?

Bluetooth essentially keeps asking everything around it if they're available for a Bluetooth connection.

Under the right circumstances, this is fine since you can't typically connect to something via Bluetooth without entering a code from one device on another device.

However, there are exploits, like BlueBorne, that allow an attacker to access your smartphone, tablet, or computer without even touching it.

So it's best to turn off Bluetooth when you're not using it.

10. Disable Wi-Fi auto-connect

The Wi-Fi auto-connect feature can be useful.

You go to your favorite cafe or restaurant, and your device will automatically log into their Wi-Fi network without having to do a thing.

That's really useful, right?

Have you ever thought about how that all works?

In a nutshell, your phone, tablet, or laptop saves the Wi-Fi name and password and tries to log into a network when it finds one with that same name.

But what stops someone from creating a network with the same name and using it to infect your phone, tablet, or laptop with malware when you auto-connect to it? Nothing!

So it's best to disable Wi-Fi auto-connect and only connect to Wi-Fi networks that you know and trust.

11. Beware of public Wi-Fi networks

You're in a cafe and want to take care of a couple of things from your phone while waiting for your coffee.

You pull out your phone, connect to the cafe's Wi-Fi network, and do your thing.

But have you ever considered the risks?

We've already talked about the risk of malicious Wi-Fi networks, but what can go wrong on a trusted network?

You may know that HTTPS encrypts the data going to and from your computer, but did you know that it doesn't apply to the URL of the site that you're visiting?

Anyone in the cafe with the right equipment (which is cheap) can know what sites you're visiting.

Are you comfortable with anyone knowing every website that you're visiting?

The best solution for this is a Virtual Private Network (VPN).

A VPN acts as an encrypted tunnel between your device and another network.

With a VPN, no one on that public Wi-Fi network can see which sites you are visiting.

12. Cover or unplug your webcam

Hackers can use Trojan horse malware to secretly install and run remote desktop software without your knowledge. With this remote desktop software, they can turn on your computer's webcam to watch and even record you.

If you want to be absolutely sure that nobody is watching or recording you via the webcam, unplug it when you're not using it or cover it with tape, a peel-off sticker, webcam slide cover, or something else that can obscure the lens but can be easily removed when you need to use it.

13. Don't open email attachments from a suspicious email

Many computer viruses are spread through email attachments.

Attachments that contain viruses are either executable programs (file extensions: .com, .exe, .vbs, .zip, .scr, .dll, .pif, and .js) or macro viruses (file extensions: .doc, .dot, .xls, and .xlt).

If you don't trust a file or link, you can also check it online using VirusTotal.com.

Note: VirusTotal is not a 100% accurate solution. Even though it scans files and links with over 70 antivirus scanners and URL/domain blacklisting services, it's still possible that it misses something.

14. Never click on links you don't trust

There are various ways in which a simple click on the wrong link can cause problems. A link can be a direct download link for a piece of malware, redirect you to an infected malicious website, or lead you to a fake login page that steals your login information.

When you receive an email that contains a link, don't just click on it. The same applies to links on websites, links in messages on social media (e.g., Facebook), and links in documents (e.g., Word, PDF, etc.).

If you don't trust a link, you can also check it online using VirusTotal.com.

Author: EasyTech

Category: Internet