The Basics

Basic info on how to stay safe online

This portion of the site covers three topics and provides a list of resources to use and learn more from. Click the links below to explore each topic.

Note: Due to the infeasibility of covering every security risk and to prevent overloading (i.e., giving you too many things to consider), we don't cover every topic nor every risk. That said, properly following the suggestions on this site will make your online life more secure.





Strong Passwords

Making and remembering strong passwords tends to be a really frustrating process for most people Let's talk about four ways to address these frustrations while making strong passwords!

  1. Use a Phrase, not Symbol Substitutions
  2. Use Two-factor Authentication (2FA, MFA)
  3. Securely Store Your Passwords
  4. Don't Reuse Passwords for Important Sites


1. Use a Phrase, not Symbol Substitutions

Recommendation: Use 4 - 5 random words rather than a password with numbers and symbols.

Using a "passphrase" of 4 - 5 random words (like correct horse battery staple) is generally stronger and easier to remember than something like Tr0mbOn&?! (Trombone, with lots of substitutions). (We don't talk about the math behind this, but contact us if you'd like to learn about the math.)

To do this properly:

  1. Get 5 dice (can be physical or generated online)
  2. Go to this word list from EFF
  3. Roll all the dice, and write down the word that corresponds to the number on the word list
  4. Do Step 3 four more times
  5. Combine all the words, and that's your password!

This comic from XKCD summarizes this principle:




2. Use Two-factor Authentication (2FA, MFA)

Recommendation: Use two-factor authentication (where available) for important accounts

Two-factor Authentication (2FA), sometimes referred to as Mult-factor Authentication (MFA), is where you have to enter your password and then a code. That code is usually sent to you via text or given in an app.

Go to the security settings page of your important accounts and enable 2FA. They'll give you instructions specific to their site on how to do this.

What do you mean by "important accounts"?

Important accounts are those accounts that have access to your:

  • Financial info (e.g., bank and credit card sites)
  • Email accounts (email accounts are frequently used to reset passwords)
  • Other personal info (e.g., social media, employer HR portals, etc.)




3. Securely Store Your Passwords

Recommendation: Use a password manager or write down your passwords in a notebook

Remembering passwords is really difficult for most of us. Even if we use phrases, having to remember lots of those can be still be a daunting task. So, securely storing your passwords will improve your overall online security better than trying to memorize all of your passwords.

There are two options to doing this:

  1. Use a password manager (makes it so you have to remember only one password)
    • If you do this, be sure to use a very strong phrase and two-factor authentication
    • LastPass and 1Password are great password managers (and sync across all of your devices)
  2. Write your passwords down in a notebook



This video discusses password managers in more detail.

Why is this safer? I thought I should never write down my passwords?

The odds of an online hacker guessing your memorized (and likely weak) password are far greater than someone stealing a notebook (which contains really strong passwords) out of your house.




4. Don't Reuse Passwords for Important Sites

Recommendation: Use unique passwords (or passphrases) for your important accounts

If a hacker is able to login to one of your accounts, they'll likely attempt to get into your other accounts by using the same password and variations of that password. For this reason, don't reuse passwords for your important accounts.

For sites that aren't important (e.g., don't have any financial-related info.), it's generally okay to reuse passwords or weak passwords (but just make sure you don't reuse passwords from your important accounts!). This is because if one of these unimportant accounts gets hacked, the breach is unlikely to have an impact on your life (besides having to reset your password).





Device Updates

Recommendation: Update devices in a reasonable amount of time, perhaps when you're going to bed.

Many device updates come with important security patches, which is one reason your devices prompts you to "restart and update." While updating is important, these prompts often come when we're in the middle of something - replying to an email, FaceTiming with a family member, etc. - resulting in us often ignoring the annoying prompts.

To find a good compromise between applying security updates and getting things done, we recommend you apply updates at times when you're not using your device, such as:

  • When you're showering
  • At bedtime
  • During family dinner

Because of your busy schedule, you may not be able to update your device for a few days. Just be sure to not go weeks without updating your devices, as your risk of getting hacked will greatly go up.





Anti-Virus

Recommendation: Use the anti-virus software your device comes with.

We're often asked which anti-virus software we recommend, which is why we're talking about it here. Generally speaking, most users are just fine using the built-in anti-virus software their computer comes with (e.g., Windows Defender). These built-in anti-virus programs do a good job detecting malware, and the extra money spent on other anti-virus products don't provide any significant safety (for the normal user).

If you do want to purchase an anti-virus program, we recommend Norton Symantec or Bitdefender. (We aren't paid or affiliated with them in any way - this recommendation is from our personal experience and research.) You should also spend time researching the current best products.

If you're a parent/guardian and want to filter or monitor your children's devices, you might need to purchase other software. Our sister site, SecureFamilies.org covers online security for families and has additional information for you.

Also note that if you visit porn sites, many of these sites are filled with malware, and whatever device you're using (iPhone, Android, Windows, Mac, etc.) is likely to get infected. Buying a resilient anti-virus program may be something for you, although new malware strains are constantly created and aren't always caught, even by the best anti-virus software.





Resources

While we provided some key tips to secure your online life, there are a lot of things we weren't able to cover. This section lists resources and tools you can use to become even safer, stay informed on security news, and learn more.

As always, if you have any questions, please feel free to contact us. We're more than happy to answer any of your questions!


Browser Extensions



Software & Apps.



Tutorials