5 tips to stay safe on the Internet
Why is is that many computer users do not take better care of their systems security-wise? I think the main reason for that is that security does not matter for as long as you are not attacked or encounter situations where you need better security. When that happens, it is often too late and while many Internet users learn from this, it is still fair to say that security is something that many users ignore for the most part.
Many may have an antivirus solution installed because all the magazines and sites tell them that this is important, but it usually does not get farer than this.
I'd like to present to you 5 tips that help you stay safe on the Internet. Some recommend software programs or browser extensions, while others explain key security concepts that you can use to make sure you are safe. Feel free to add your own recommendations in the comment section below.
I'm not telling you to install antivirus solution A or B, or that you need a bi-directional firewall, or need to scan your system from time to time with a rootkit scanner. No, the most important tip is to keep your system up to date. This includes Windows Updates that get released on the second Tuesday of every month. Make sure you install them when they are released, and not days, weeks or months later (unless you know what you are doing).
But updating does not end there. You also need to make sure that your programs are up to date, especially those that you use to connect to the Internet, web browsers for instance, but also programs that may embed plugins into those browsers, like Adobe with its Flash Player.
Some programs come with options to install updates automatically, while others require you to download and install updates by yourself.
I recommend to activate automatic updates in Windows and in your browser of choice. It is also useful to stay on top of Flash and Java updates, and updates for other browser plugins you are using.
To find out which you are using, enter about:plugins in Firefox or Opera, and chrome://plugins/ in Google Chrome. For Microsoft's Internet Explorer, it is complicated.You need to open the Windows Registry Editor and look under the following keys:
HKLM\Software\Microsoft\Windows\CurrentVersion\explorer\Browser Helper Objects
Some web browsers inform you if plugins need updating. You can visit Mozilla's Plug-in Check site to test if plugins in your browser need updating. Note that this may not work in all browsers.
2. Know Internet addresses
Sounds easy but is something that most users do not pay attention to. The Internet address, or website address or url, determines the site you are connected to. What you need to understand is that https is better than http, and that finance related sites, like your bank's website, payment processors and the payment section of shopping sites, need to display https in front. You also need to make it a habit to check the web address.
You can also click on the icon in front to get additional information in your browser.
Link checking is important. This is done by hovering your mouse cursor over a link to read the web address it links to. Browsers and other programs usually display link destinations then, which you should make use of to make sure a link leads to the correct destination and not a phishing or fake site.
If you are unsure, enter the address manually instead in your browser or contact the support of the site to find out if the mail is legit or not.
3. Pick secure unique passwords
A password like Dallas or 123456 is easy to remember, but what you need to consider is that it is also easily guessable. You need to select secure unique passwords whenever you sign up for a service.
Secure means that it needs to have a decent length, 12 to 16 characters is a good start, that it is diverse, meaning that you need to mix letters, numbers and special chars if allowed by the site. Since it is quite difficult to remember passwords like V34cy_dsf23$s23, especially if you have dozens or more of those, it is advised to use a password manager. You can use an online password manager like Last Pass for that, or a desktop password manager like the excellent KeePass.
These programs not only save your passwords and usernames, they also include password generators which simplifies the generation of secure passwords.
Unique on the other hand means that you should not use the same password on more than one sites. The only exemption that I'd make here is if the account is not personal, e.g. you have signed up for a site to watch videos there but have not entered any personally identifiable information.
Do not write those passwords down physically, save them in unencrypted form on the computer, or tell them to anyone you know or do not know.
4. Use disposable mail / a second mail account
You do not and should not sign up for all services with your main account. One option that often makes sense is to create a second email account and use that account exclusively for sign ups on sites that are not overly important to you. While you might want to sign up with your real email address on your University's student site, you should prefer a secondary address for social networking sites, news sites, blogs, gaming sites and more or less all other sites on the Internet.
Why? This is more of a "we sell your email address and profile information" kind of thing that it is a potential security hazard. Still, if you do not want to be swarmed by spam, use a secondary address or disposable email.
Disposable email addresses basically let you create email addresses on the fly that have a limited lifespan. The idea is to sign up using one, get the confirmation email, click on the link, and never use that email address again. Pretty handy huh?
They are not useful for all types of sign ups though. Anyone with knowledge of the email address you signed up with can for instance request a password reset for your account. The email goes directly to the disposable email provider where anyone with knowledge can access it and reset your password. When that happens, it is usually only a matter of time until your account gets hijacked.
In short: they are very good when you need to sign up to a site to access contents. As soon as you reveal personal information, it is better to use a secondary email account for sign up.
5. Use common sense
A Nigerian prince wants to give you 10% of his 10 billion Dollar stash but requests that you send him money first so that he can make the transfer? A women emails you that you never heard of before and claims that she wants to have sex with you? An Iraqi war veteran stumbled upon a ton of Gold and needs logistics to transport it out of the country?
Those email messages and a lot more are common. Spammers try a lot to get you on the hook. Even if you would not fall for those examples, there are others that you may. Examples of this are information about a package that a service like UPS tried to deliver but could not, a Casino that is offering you free spins, or someone who claims to have made millions with a simple Internet site (and wants to sell that secret to you for $10).
A rule of thumb is that you should not open attachments of emails where the sender is not known to you. I do not open emails from businesses that I do not have a relationship with.
But common sense is also important when you are browsing the web. Congratulations, you are the 1,000 visitor, you have won an Apple iPad. Bogus messages are all around you, and it is best to ignore them all instead of falling pray to people who just want your data so that they can sell it to the highest bidder.
Common Sense should probably have been number one of the list
Anything that I missed that you'd like to add? Leave a comment below, I'd love to read your suggestions.Advertisement
” Iâ€™d like to present to you 10 tips that help you stay safe on the Internet.” :/
Hah, yeah I combined some and forgot to edit the sentence. Corrected ;)
OpenDNS has an interesting phishing quiz you can take to see if you recognize various forms of bogus addresses. Anti-phishing is one built-in advantage to LastPass and other password managers. Unless they recognize a site as authentic they will not paste in a saved login. Using them is like having a firewall against phishing. (Of course, if you use the “fill forms” function, that will paste info into any site)
Good point about the online password managers. I agree that this is quite good for security.
Change your PC/whatever’s user account login password every so often – helps avoid the remote-operating threats.
If you use a browser’s built-in password storage (I use Firefox’s password manager), this is not extremely secure. So definitely use its Master Password option and change that password every so often too.
Agreed, the master password needs to be set, even though it may be seen as a nuisance having to enter it regularly.
I also rely on the multi-source site safety rating browser add-on ‘LinkExtender’ to look before I leap. It can place safety signals into Google search results pages, among other highly configurable features.
‘WOT’ (one of the sources factored into LinkExtend) works similarly. And there are others.
“…(I use Firefoxâ€™s password manager), this is not extremely secure…”
most likely right but I cannot find any useful info on how secure this is… any idea?
Hi there Martin I totaly agree with you!
Poeple shouldn’t download all kind of crap from the internet, free music, movies and so , there is always a price to pay for this!
I’ve found that the last part: Use Common Sense, is very very hard for most people.
common sense is not so common …
“Why is is that many computer users do not take better care of their systems security-wise?”…
Because many users believe Microsoft’s hype that Windows is the most secure OS
on the planet, IE is the most secure browser and MSE and defender are the best
anti-virus / malware solutions. So, these users don’t see the need for added
security measures for their Windows PCs.
In Opera the correct way to access plugins it’s opera:plugins
Yeah, I think mainly its the user initiative and surfing the net without a trace is also a factor.Just beware of communicating people and clicking links that contains malicious codes or phishing schemes to get your private data…
This is not original but I use Sandboxie to stay safe on the Internet. It is a very strong shield against malwares. Once you understand how it works, it is a good solution even for not advanced user.
There is also Toolwiz TimeFreeze and Returnil but Sandboxie does not need a reboot.
yes, i agree on sandboxie. have been using it for a couple years
and have had zero problems. i still think its scarey using a
password program that is in the cloud. everyone that is
touting these may be eating crow when they get hacked.
i prefer to keep my passwords on my machine…just my
Some very good points, Martin!
Do you know of a live forum/community/wiki about ‘common sense security measures everyone should take’?
I donâ€™t like changing password often. This forces to remember a new password every time. The risk to be cut off balances the security advantage.
Moreover, I thing that such security advantage is only (or mainly) illusory.
If an evil minded person catchs a password, he rarely acts after some weeks or some months.
(please reject my previous and ungrammatical message)
I think the most common mistake people make is also the most obvious one – weak password. I don’t think people really understand why the complexity of the password matters.
I would like to add that adding a modified host could significantly increase security, although it does need to be updated from time to time