My Results: Security: How the Internet Works
Protect Yourself from Account Theft
Control access to your devices and accounts with good passwords.
- Require a passcode and/or fingerprint verification to access your smartphone and other devices. Set a strong password if you can. (But even a short PIN or swipe pattern is better than nothing.)
- Create strong passwords for all of your accounts on apps, sites, and services.
- Use These Tips: How to Create a Strong Password
- Don't share your passwords or PINs with anyone, even people you trust.
- Physically block the view of your keyboard or screen from onlookers when you're entering a password while in a public space.
- Use different passwords for different services and devices, especially the ones with the most sensitive information about you. If you’re worried about remembering all of your passwords, you can use password management software that allows you to create one "master password", then does the rest for you:
- Learn More About Password Managers: Why You Should Use a Password Manager and How to Get Started
- Don't have your web browser or phone automatically "remember" your passwords.
- For your most important accounts, use two-step verification, where the service sends you a code—usually to your phone—when you want to log in. This prevents others from using your account even if they guess your password. You can enter "two-step verification" and the name of the service in a search engine to find instructions.
If a service offers you a choice about your "password recovery questions", don't use information about you that someone could easily get from your social-media profiles, that is otherwise public information, or that is easy to guess because it has a limited set of likely answers.
- Advice About Strong Security Questions: Which security questions are good and bad?
If a company or website tells you your account has been compromised, take care of it as soon as possible. But be careful; many scammers use fake security notifications (phishing) to breach your security.
- If you know one of your accounts has been hacked, change the password immediately, then contact the provider. Use this guide:
- Steps to Take if Your Account Has Been Compromised: Hacked Accounts
- Change the passwords for any other accounts that use the same password, or where your account recovery information may be stored in the hacked account.
- If you get email or a pop-up message on your screen saying you have a security problem, don't click on any links or buttons in the message! Instead, go directly to the company's or provider's website (type the URL in your browser or use a search engine). Use the provider's Contact page or call them to find out if there's really a problem.
- How to Recognize and Avoid Phony Security Alerts: Fake Anti-Virus Pop-Up Alert Scams
- Use this site as a backup to check if any of your accounts have been hacked:
- Tracker for Security Breaches: Have I Been PWNed?
- Keep in mind that if a hacker has copied your contacts and profile, they'll always be able to use that information, even if you secure your account against future attacks.
Protect yourself from viruses, worms, and other malware by:
- Keeping your software up to date and installing (or at least running) antivirus software on all your devices.
- Only downloading files from sources you trust—and that you're sure haven't been hacked.
- Doing a quick search on the name of unfamiliar apps or services before downloading or using them. If they're malware or vulnerable to malware, a warning will usually turn up in the top few search results.
Use these resources to help you learn more about basic computer security topics:
- General Security Tips: Computer Security
- Guide to Avoiding and Removing Malware: Secure Your Computer—Malware
- Listing of High-Performing Antivirus Software: The Best Antivirus Software
Keep in mind that people who communicate with you online may not be who they say they are.
- Before sharing information online with someone you know, think about whether or not their online behavior matches their behavior in other parts of your life. If it doesn’t, their account may have been hacked.
- If you’re not sure of the identity of a person or organization, call them on the phone (using a number you already have) before sharing anything important or personal.
- Use this guide to help you recognize suspicious email messages:
- Guide to Phishing and Other Scams: Recognizing and Avoiding Email Scams (pdf)
Secure Your Communication Channels
Be selective about using public wifi networks. Wireless networks with “WPA2” encryption are the most secure.
- Set your phone or computer to ask you before joining a new wireless network (rather than connecting automatically). Don't join a network if you don't know who's providing it. Ask before you connect.
- Try to avoid any wireless network that is not password protected or where many people have access to the password, such as those in coffee shops, and airports.
- If you have to use a public wifi network, only login to "HTTPS" websites. Avoid banking and shopping activities. Use these tips to reduce the risk of eavesdropping:
- Tips and Instructions for How to Change Your Wireless Settings: How to Stay Safe on Public Wi-Fi Networks
- Introductory Video About Using Public Hotspots (More) Safely: Public Wi-Fi Networks / Cómo usar las redes wifi públicas
- If you frequently use public wireless, consider setting up a Virtual Private Network. VPNs are also useful for accessing a business network remotely, or accessing your home network while travelling.
- Overview of VPNs and Recommendations for Choosing a Service: Why You Should Start Using a VPN
Whenever possible, use encrypted web browsing.
- Look in the address bar to see if the website you are using is encrypted. If it says "HTTP", the website is not encrypted. If it says "HTTPS", the website is encrypted.
- If you're not sure whether the mobile app for a particular service uses encryption, try the service using a web browser instead, so you can check for "HTTPS".
- Install this browser add-on to open major websites with encryption by default:
- Add-On for Mozilla Firefox, Google Chrome, or Opera: HTTPS Everywhere
- If you like a website that isn't HTTPS, tell them about Let's Encrypt.
Note that using HTTPS only protects your communications from hackers spying on the network you're using. The site or app delivering the communication still sees it unscrambled.
There are a number of tools for encrypting specific types of communications, like email, chats, and text messages, so that even the app or site that delivers the communication can't read it. Most of these tools are useful only if the recipient is also using encryption technology and has the key to decode your messages. Use these directories and guides to help you choose encryption tools that work for you:
- Guide to Encryption Tools and Methods for Various Devices: How to Encrypt Everything
- Tutorials for Encryption Tools, Including PGP for Email and OTR Chatting: Surveillance Self-Defense
Cell phones, computers, and other devices are important to our lives, but they can also be used by others to track where we are. If you believe someone is harassing, stalking, or abusing you, it's important to make sure you take the steps needed to ensure your devices are not being monitored.
- Spyware can make it easy for perpetrators to stalk, track, monitor, and/or harass victims. Learn how to protect yourself from spyware:
- National Network to End Domestic Violence's Resource for Learning How to Improve the Safety and Security of Your Devices: Technology Safety & Privacy: A Toolkit for Survivors
- Develop your cell phone safety plan to protect against tracking:
- National Network to End Domestic Violence's Tips for Cell Phone and Location Safety: Cell Phone & Location Safety Strategies
Resources to Learn More About the Topic
-
Basics of Online Security
- Resources for Beginners on a Variety of Online Security Topics: Internet Safety
- Interactive Comics Explaining Major Online Security Topics: Secure Comics
- For Parents: Tips for Talking to Your Kids About Online Security: Kids and Computer Security
-
Online Security and Internet Structure
- Explanations, Advice, and Resources About Internet Structure and Security: Communication over a Network, Unless Strongly Encrypted, Is Never Just Between Two Parties
- Book Chapter With a Very Readable Explanation of How the Internet Works: Blown to Bits, Appendix: The Internet as Spirit and System (pdf)
-
Identity Theft
- Explanations, Advice, and Resources About Online Impersonation: Identity Is Not Guaranteed on the Internet
- Information and Resources for Victims of Identity Theft: ID Theft, Fraud, and Victims of Cybercrime
- Audit Tools That Show What a Hacker Could Get from Your Email: Cloudsweeper Email Tools