63 Tips for Improving Your Online Security


Living a connected life can definitely have its perks: what feels like limitless access to learning and entertainment, the ability to engage with global communities, and shopping from the comfort of your couch.

But these benefits also have their dark side: an increased chance of breaches of privacy from marketers and politicians and threats from criminals.

The tips I’ve published for you here will help you take control of your online identity and privacy.

You don’t have to use every tip here.

You don’t even have to use most of them.

The important thing? Just get started.

Table of Contents

1. Check Your Data Breach Status

Wondering whether your personal data is for sale on the web? At you can check your email addresses and usernames against lists from 120 known breaches at companies including Adobe, LinkedIn, and Snapchat.

You’ll need to register to check the full database, but it’s probably worth it if you truly want to be sure you’re secure so far.

If your name pops up, change the password for the compromised account and any other site where you were using the same password – for shame.

To check your data breach status >>

Set a password or PIN for every laptop, smartphone, and tablet you own.

Any lost device without a screen lock is an easy access point for thieves to access your email, banking, social accounts, everything.

Here’s how to choose an effective screen lock:

2. Try to Be Unique . . .

Don’t use any of the obvious PINs!

PINs like 0000, 1111, 1212, and 1234 are far too common.

They account for almost 20 percent of all PINs used!

3. . . . But Don’t Make it Personal

Don’t use any form of personally identifiable information (PII)!

Your birth date?

The last four digits of your Social Security number?

Your phone number?

Those are all terrible, horrible, no-good, very bad PINs.

Don’t use them.

For more on PII >>

4. Take a Lesson from your Kiddo: Finger Art

Android owners can unlock their phones by tracing a pattern on the screen.

It should be unpredictable, but like PINs and passwords, it’s usually not.

Seventy-seven percent of users began their pattern in a corner.

Ten percent formed a letter, and often the letter was the first initial of the user’s name.

5. Shred These 5 Document Types

Do you really need to destroy every piece of paper that has your name and address on it?

Probably not, as long as you’re selective about what to shred and what to just throw in the bin.

This includes medical documentation since health care fraud is becoming such a risk.

Your short-list of paperwork to shred includes any documents containing the following PII:

  • Social Security number (even just the last four digits)
  • Account numbers for banking, loans, and other financial organizations
  • Birthdate
  • Credit card numbers
  • Medical insurance numbers

For more on medical identity theft >>

6. Shut Off the Flow of Credit Card Offers

These unsolicited credit card offers can be intercepted and filled out by identity thieves who would then have credit cards sent to their own addresses, piling up debt in your name.

You can stop most of these mailings by going to or calling 888-567-8688.

Run by the Consumer Credit Reporting Industry, this helpful service will slow down the mail offers permanently or for five years.

You can always opt back in if you change your mind.

To stop all the credit card offers >>

7. Receive Less Mail

When you give a company your name and address, your information will likely be added to direct-marketing lists and used by other companies to send you solicitations. Go to to remove your info from many of the common mailing lists if you don’t want the offers.

To remove yourself from mailing lists >>

8. Return to Sender

When you go to the mailbox, instead of filtering out the offers you don’t want and putting them in the recycling bin, if an unwanted envelope says “Address Correction Requested” or “Return Postage Guaranteed,” you can write “Refused/Return to Sender” and mail it back.

You’ll keep your recycling bin svelte while making the marketing company pay the return-trip postage.

Cherish the small victories.

Web browsers don’t come with every protection you might want. Download extensions to improve security.

9. Add HTTPS Everywhere

When you see “https” and a green padlock alongside a URL in your browser’s address bar, it means that the data is encrypted as it travels back and forth between the website and your computer. (The “s” stands for “secure.”) Some sites that support https use it inconsistently. Add the HTTPS Everywhere extension, which you can download from the Electronic Frontier Foundation, and your connections will be encrypted anytime you connect to a website that supports https. (Extensions are small pieces of software that can enhance the functionality of web browsers.) HTTPS Everywhere works with the Chrome, Firefox, and Opera browsers.

For more on encrypted sites >>

The HTTPS Everywhere extension >>

10. Block Snoops

Hate ads that steamroll over a web page? That’s not the half of it.

Many ads, along with webpage elements such as the Facebook “Like” button, send information about your online activity to their data-collecting masters.

“These ads aren’t like billboards” that just sit by the side of a road, says Chris Jay Hoofnagle, who teaches privacy and internet law at the University of California, Berkeley. “They’re live code being run by people you don’t know and should not trust.”Extensions such as Adblock Plus, Disconnect, Ghostery, Privacy Badger, and uBlock address this issue using several different approaches. Most of them let you add URLs to a “whitelist” of sites they won’t check. You can do that if a favorite website stops working once you download the extension. There are also additional settings you can use to adjust which ads get through.

Adblock Plus >>

Disconnect >>

Ghostery >>

Privacy Badger >>

uBlock >>

11. Check Links Before You Click

Suspicious of a link in an email or online ad? Check its safety with Sucuri SiteCheck or First, hover over the suspicious link and the full address will appear in the bottom corner of your browser; right-click to access the drop-down menu, and select Copy Link. Now paste the URL into your link checker to get a report. Foolproof? No. A good hint if there’s a problem? Yes.

SucuriSiteCheck >>

URLVoid >>

12. Tweak the Settings

Go to “My Account” to control what data about you is being collected and how it’s being shared.
In particular, go to the Personal Info & Privacy section to review Location, Search, and YouTube Search History.
You can delete records one entry at a time or all at once, and if you’d like to, you can prevent Google from recording data going forward.
Privacy Checkup lets you control what shows up on Google+, the social network.
My Account on Google >>

13. Make Google Forget You

Ready to push the big red Destruct button on Gmail, Google Drive, and the rest? You’ll still be able to use tools such as Search but your account and—Google promises—the data used to target you with ads will disappear.
Go to My Account and look for Delete Your Account or Services.
Take a deep breath (you can’t undo this) and follow the prompts.

14. Let Google scan your files

If you’re suspicious of a document in your email inbox, save it to Google Drive and open it there. This will help you out in 2 ways:
  1. Google Drive automatically scans files for viruses.
  2. If it is infected, the virus will be isolated to Google Drive and away from your personal operating system.
It’s easy to create passwords that are difficult for hackers to crack, but not enough people do it.
People tend to use: foreign words, movie or book titles, patterns on the keyboard, anything to help them remember it. And it doesn’t take long for experts armed with the latest computer technology to run through all of the familiar patterns.
Strong passwords have two things in common. They:
  • avoid patterns
  • are just too darned long for a brute-force attack—in which a computer runs through every possible combination of characters—to succeed.

But assuming that a password is a truly random collection of characters, how long is long enough?

Security experts use some quick math to get the answer. That’s the theory, but you don’t need to crunch numbers to boost your password potency. Just do the following:

15. Stop Making Sense

One way to make a great password is to string together unrelated words. “It’s the Diceware method, in effect,” Gosney says. Diceware is a low-tech way to pick passwords that was developed in the 1990s. You roll dice to pick from a list of 7,776 words. But you don’t have to actually roll dice. Just pick five long, random words and string them together into a nonsense sentence that you can remember.

16. Use a Password Manager

Here’s the rub: We all have a lot of passwords, and it’s tough to remember long strings of random characters. Password managers can generate a complex, unique password for each account.
They used to be hard to navigate, or you had to copy and paste, but now they actually eliminate steps from my workflow. I prefer LastPass and 1Password.
You’ll still need one well-crafted password for your password manager account.

17. Got a Great One? Okay, Write It Down.

Everyone tells you not to commit your passwords to paper.
Ignore that.
As long as you’re not leaving Post-it notes under keyboards on right on your desktop, it’s perfectly OK to write passwords down.

18. Be Password Loyal

People also tell you to change passwords regularly.
Don’t, unless there’s a good reason, such as responding to a data breach. Switch often and you’ll probably end up using weak options.

Lots of stuff that’s fine at home—hanging out in your PJs, using WiFi file sharing, eating Nutella from the jar—is totally inappropriate at a coffee shop.
Here’s how to get your laptop ready to leave your home network.

19. Deploy Your Firewall

Viruses, worms, ransomware, spyware, keyloggers, Trojans, deploy your firewall or you run a risk of some serious damage to your system.

20. Restrict File Sharing

File sharing makes it easy to swap documents among devices. If you’re on your home network, that’s good. When you’re on public WiFi, it’s bad. Turn it off under the Sharing settings on your computer.

21. Cloak Your Computer

You just turned off file sharing, right? Also turn off Network Discovery to make it more difficult for other devices on the network to find your laptop. On PCs, it’s under Advanced Sharing settings. Mac users can enter Stealth mode through Firewall Options.

22. Do All of This Automatically

Clicking away at laptop menus every time you leave home can be annoying. Windows makes it easy to automate the process using Advanced Sharing settings. Also, whenever you join a new WiFi network, Windows asks whether to add it to your “home” or “public” profile; the operating system forgets the public networks when you log off. To do something comparable on a Mac, use the free-to-download ControlPlane app.

23. Use a VPN

Virtual private networks route your traffic through a single remote server that has tight security in place. Traveling with a work laptop? Turn on your company’s VPN even for personal use, if that doesn’t conflict with company policies. Or consider using a paid service such as IVPN or the free VPN that was recently introduced by the Opera web browser.
and always

24. Turn On Automatic Updates

Keeping your software up-to-date is the most critical step you can take to boost security, according to professionals surveyed last year by Google. “Software updates are like oil changes,” says Mark Surman, executive director of the Mozilla Foundation. “They can be a hassle at the moment but a lifesaver in hindsight.” Hackers are always exploiting more vulnerabilities, while security pros play nonstop malware whack-a-mole. If you’ve got old software, you’re missing the latest protections. “Most modern software will update itself if you let it,” Surman says. Make sure you have auto-updates turned on across the board.

At Home

All the devices you use at home, laptops, smartphones, and tablets, connect to the internet through your router. And so do web-connected devices such as smart TVs and some security cams and children’s toys. Here’s how you can make your router more secure. The whole project shouldn’t take more than 10 minutes.

25. Find an Ethernet Cable

Then use it to temporarily connect the router to your computer. You’ll be updating your router’s firmware. And losing your connection during that process could turn your router into a doorstop. It’s safer to rely on old-fashioned wires and plugs.

26. Get the IP Number

Every router has two IP (internet protocol) addresses, an external one for communicating with the internet through a modem and an internal one for your laptop, smart TV, and other devices. To make changes to your router’s settings, you need to access it through your browser using the local IP address. (Owners of Apple’s Airport routers who have a Mac can make changes via Airport Utility.)
The local IP address is very likely to be, but you can double-check by looking in the router’s manual.
Lost it?
Go to and enter the model name to find it. You’re in.
Now let’s get to work.

27. Update the Username and Password

If you never changed the default settings, do that now. (See Tips 15-18 for password advice.)

28. Change the SSID . . .

Your SSID—service set identifier—is your home network’s name. Replace the default SSID with something more creative but not too personal. There’s no need to identify this as your network, is there?

29. . . . Then Hide It

Router settings allow you to hide your WiFi network from prying outsiders. Note that once you do this, you’ll stop seeing the network pop up in your own devices’ WiFi lists, and you’ll need to type the SSID into each device you want to connect.

30. Embrace Encryption

Fasten your jargon seatbelts: You need to switch from WEP to WPA2-AES and disable the PIN method of using WPS. These acronyms represent ways to encrypt communications on your WiFi network. You want WPA2-AES because it’s the newest and strongest. If you have really old devices, they may not be able to connect this way. And that means it’s time to replace them.

31. Update Firmware

Some routers today automatically update their firmware—they check for updates, install new software, and reboot in the middle of the night. But not all of them do—and many routers that say they have automatic updates require users to log on and hit “Okay.” So do that.

32. Make Sure Remote Management Is Off

Are you going to need to change your router settings when you’re far away from home? Probably not. Do you want to allow anyone else to do it? No, so make sure that this feature is disabled. It’s often referred to either as Remote Management, Remote Access, or Remote Administration.

33. Shut It Down

Going out of town? Turn off the router unless you need it to access smart devices such as your thermostat or a security camera.

34. Consider Getting a New Router

Signs it could be time for an upgrade: One, the router is too old to have WPA2-AES (see Tip 49); or two, it follows an old WiFi standard such as 802.11b or 802.11g. If you’re getting a new router, skip 802.11n devices and choose one that follows the newer, faster 802.11ac standard.


35. Stop WiFi Imposters

Laptops, smartphones, and other WiFi-enabled devices can automatically connect to familiar networks. That’s convenient—no one wants to enter a password for their home or work WiFi every day—but it can also be risky. A hacker can set up a rogue WiFi network with the same name as a legitimate one such as “Google Starbucks” or attwifi and trick your gadgets into joining it.
Periodically get a fresh start by using your devices’ network or WiFi settings to prune the networks you join automatically. Most devices let you delete networks one by one, but if you have an iPhone or iPad, you need to go to Reset Network settings under General settings and delete all of them at once.

36. Use a VPN

Especially when you’re on public WiFi, you’ll want your online activity encrypted and kept away from prying eyes.
See tip 23.

37. Use 10-minute email

When you want to use an online service that requires you to provide your email address, but you don’t plan on returning to the site, use a 10-minute email address so you don’t have to give out your own.
10-minute email >>

38. See Who Shared Your Private Data

Sometimes you need to register for a website with your real email address, say, if you plan to log in repeatedly to make purchases.

Here’s a neat hack for ferreting out which companies are sharing your data with email lists, if you have a Gmail account: Type “+” before the @ symbol and add the website’s name. Email addressed to will go to the regular inbox for But now it will carry an extra crumb of data, and if you get spam from a company you’ve never heard of, you’ll know whom to blame.

39. Just Fake It.

Toymakers are rolling out connected kids’ products—including tablets and talking dolls—and asking families to divulge personal information to register them.
Unfortunately, by doing this you are essentially providing marketers and potential hackers with details about your children.
Consider providing fake information instead.

Web-connected devices promise convenience, but some can leak private data. Here’s how to keep your information safe.

40. Lock Down Your Baby Monitor

Hackers sometimes break into WiFi-connected babycams, even hijacking the speakers to talk to children and caretakers. That’s often because users don’t know to change the default settings.
When you set up any internet-enabled camera, create a unique username and password.
Also, turn off the babycam when it’s not in use.
Turning it off will make hackers less likely to discover it.

41. Outwit Your Smart TV

Automatic content recognition (ACR) systems built into many smart televisions transmit data to analytics companies that may use it for marketing. You’ve already paid for your TV with money. If you don’t want to pay again with your data, hunt through your TV’s “smart” settings for the feature—which may be called Live Plus, SynPlus, or anything but ACR—and turn it off.

42. Shut Down Webcam Creeps

Trust me, hacking a webcam is a lot easier than any of us would feel comfortable with. Do yourself a favor and cover up your computer’s webcam when you’re not using it.

But I’m a really boring person… do I really need to protect my privacy? >>

43. Keep Your Fitness Data to Yourself

Many wearables are paired with users’ smartphones using Bluetooth technology—but those phones may not be the only hardware scooping up the data. A 2014 study by the security firm Symantec and a June 2015 study by Germany’s found that many Bluetooth devices don’t prevent data access by “sniffers” located nearby.
Fitness trackers and running watches can broadcast sensitive information such as the user’s name, address, password, and GPS data. Not all trackers let you shut off Bluetooth, but many do.
If possible, keep your wireless settings turned off until you choose to upload the data to your phone at the end of a workout or at night.
Extra bonus: Turning off your Bluetooth will extend the battery life.
“Encryption is for everybody—activists, journalists, secretaries, grandmas,” says Matt Mitchell, aka Geminiimatt, an info-security consultant and host of monthly cryptography-instruction gatherings in Harlem.
“When you mail a letter, you seal the envelope so no one can read it. It’s the same idea with your data and encryption.”
Basically, encryption scrambles your data so that it’s unreadable by anyone who doesn’t have permission to access it.

44. Do Your Phone First

The truth is, your smartphone knows everything about you.
New iOS and many Android smartphones are encrypted by default; if you have an older mobile OS, you’ll need to go into Settings.

45. Next, Your Computer Files

You can encrypt your whole machine or just sensitive files. To encrypt specific files on a Mac, use the Disk Utility. Windows 10 Home users can download a free app such as GPG4win (aka Gnu Privacy Guard).

46. Finally, Your USB Drive

Flash drives can be misplaced—along with your files. Mitchell recommends Apricorn flash drives with built-in encryption. He says they’re pricey but worth it, starting at $99 for 8GB.

47. Check on the Kids

Minors had their identity stolen 51 times more often than adults in a study by researchers at Carnegie Mellon University. Keep an eye out for letters from collection agencies, bills for unpaid balances, or a warning that pops up when you try to file your taxes electronically if you list your child as a dependent.
But sometimes there’s no hint that a minor is a victim of identity theft.
To be safe, request reports from the three big credit-rating agencies by the time your children turn 15. That will give you time to clear up any problems before they apply for college loans, jobs, or credit cards.

48. Stop ID Theft After a Death

Identity theft affects 2.5 million estates every year, according to the IRS. If a loved one has died, send a copy of the death certificate to the IRS (the funeral home may help with that). Also, cancel any driver’s license, and notify credit agencies, banks, insurance firms, and financial institutions.
One way to stay safe is to use two-factor authentication, which prevents a criminal armed just with a password from accessing your accounts.
Here are two more:

49. Be Wary of Fake Email Notices

Surprised to find an email from a bank or social site asking you to log on?
Don’t click it!
Instead, open a new browser window and type in the address of the company website instead.

50. Call Customer Service

Be leery if an institution asks for your log-on credentials through email or a text message.
Instead of replying, call the company.

51. Back Up Your Data

Use a system that backs up your files automatically. If you’re hit with ransomware, you’ll have the option of restoring the data.

52. Keep Software Updated

Ideally, set your computer and key programs to update automatically (see Tip 24).

53. Try Haggling . . .

Ransomware crooks are honing their “customer service,” according to Philip Casesa, a strategist at the International Information System Security Certification Consortium. So it’s worth asking for a ransom discount.

54. . . . But Not Right Away

Wait to click on the pop-up until you’ve obtained bitcoin, which can take time. The reason: The criminals will likely impose a time limit before deleting your data—and the clock starts ticking as soon as you click.

55. 2-factor authentication

As I mentioned under Beware Phishing, use 2-factor authentication any time it’s offered to keep your accounts secure.

56. Activate a PIN

Sprint requires customers to set a PIN and security questions for their accounts, and the other major mobile providers offer customers the option. Take it. Having a PIN can help keep strangers from making changes to your account.

57. Watch Your Bills

Many wireless plans are based on a flat rate, so make sure your bill is consistent from month to month. If it’s not, take a closer look at your account.
It doesn’t cost old-fashioned money to use Facebook, but you pay for access with your data, which is vacuumed up by the $350 billion monster in ways both obvious and hidden. Take these steps to boost privacy and limit how much Facebook—and its partners and users—can learn about you.

58. Keep GPS Data Private

Facebook can extract your whereabouts from your mobile phone, but you can turn the function off using your phone settings.
For an iPhone, you’ll find the controls under Location Services.
If you’ve got an Android device, look under Facebook Permissions in Applications Manager.

59. Turn on Log-In Approvals

This is Facebook’s name for two-factor authentication.
See Tip 55.
It keeps strangers from accessing your account—even if they steal your password.

60. Become Elusive

Don’t want people finding your Facebook page when they type your name into a search engine? You can change that and more under the “Who Can Look Me Up?” section of Facebook Settings.

61. Leave the Group

Facebook lets users add friends to groups without their consent. But you can remove yourself from any group by going to your Activity Log.

62. Reduce Ad Overload

You know those posts that read “So-and-so likes this” with a sponsored link? You can avoid being used in ads by tinkering with Facebook’s Ad settings.

63. Hide ID-Theft Clues

  • Birthday
  • Hometown
  • Alma mater
Those are all things Facebook can reveal to the world—and they’re answers to potential security questions.
Hide such information by using the Privacy Checkup Tool found under the padlock on the upper right of any Facebook page.


And so if you were needing some tips for improving your online security, here you have 63 of them!

Which of these, if any, will you be implementing first?

Let me know in the comments below!

If you found this post helpful, please be sure to share it with your loved ones and acquaintances alike. Online security benefits us all, and will only become more critical as technology’s presence grows in our community.

Get informed. Stay safe.


Tags: , , , ,

4 thoughts on “63 Tips for Improving Your Online Security”

Leave a Reply

Your email address will not be published. Required fields are marked *