This will be the list of things I wished someone told me before getting into computer and internet security.
Following these tips will help keep you better secured on your computer and help you avoid bad security mistakes.
1. Use Anti-Virus
You need to run Anti-Virus (AV) software that is beyond what came with your computer.
This is especially true if you have Windows!
It’s not just me who says this; Kaspersky always does well in independent tests on YouTube.
You must have a good AV on your computer as it creates the secure foundation for your digital life. If your computer is infected, anything else you do in this list will be pointless, so it’s essential you have this step done first!
2. Get A Password Manager
The average person has over 100 passwords, and there is no way you can remember them all.
This leads people to reuse the same or similar password across multiple accounts. Password reuse is one of the biggest threats you’re facing online!
To avoid password reuse, you need to give every account its own unique and random password. This is easy to do with a password manager.
I have a beginner’s guide on how to get started using a password manager here.
3. Make A Strong Master Password For Your Password Manager
Honestly, a strong master password is one that you did not create. If people were good at passwords, then there would be no need for password managers.
Picking a bad master password can lead to all your passwords being compromised, so we best not risk it.
Here is how you create a strong master password:
- Go to https://bitwarden.com/password-generator/
- Select “Passphrase” under type.
- Make the length either 3 or 4.
- And check the “Capitalize” and “Include Number” boxes.
You will get passwords that look like this:
Write this master password down and keep it somewhere safe. Keep a copy close to your computer until you fully remember it.
Practice remembering this master password!
4. Have 2FA On Your Password Manager
Two-factor (2FA) or sometimes called Two-Step Login, is a good thing to have on your password manager.
If, for some reason, your master password is already known, your 2FA can stop the attacker from getting full access to your account.
Keep in mind, 2FA is not an excuse for a poor master password. Your data is only encrypted with your master password, and 2FA is the failsafe.
5. Pepper Your Important Passwords
If someone told me about peppering important passwords years ago, I would have used a password manager a lot sooner.
Peppering passwords solves the problem of “keeping all your eggs in one basket” or the general fear people have about password managers.
Learn more about peppering your passwords here.
6. Backup Your Password Manager
Backing up your password manager is a must and also super simple.
Get out a piece of paper and write this down.
- Your email address used for your password manager
- Your master password
- Your password manager 2FA recovery code
- Your pepper
- Your email passwords
This is the bare minimum you should do when backing up your password manager, but you can also backup your whole vault, as shown here.
Tip: Keep a copy of your master password in your password manager. It can protect you from phishing and if you forget your master password but still have access through another device you can still get back in!
7. Never Reuse A Password
Every single account needs its own random password.
This means you need to treat every password like it’s disposable. Once it’s been used, you never use it again.
If you just started using a password manager, you may not know all the passwords you have, and changing them all at once is not possible. What you need to do is change the important passwords like email and banking first and then, over time, work your way to the rest.
8. Use 2FA Where You Can And Try To Avoid SMS 2FA
Try to avoid SMS 2FA, it’s the kind where you get a text message sent to your phone.
Unfortunately, many banks and websites still require us to use SMS 2FA, but where you can, you should try to avoid SMS 2FA. Sim Swapping and many other related attacks are the reason why we avoid it.
Instead, go with App-Based 2FA, often referred to as Google Authenticator or TOTP 2FA.
Authy makes the best App-Based 2FA that supports Google Authenticator codes. Authy allows you to backup your codes and encrypts them with a password of your choosing.
This is important because the Google Authenticator App does not back up your codes. The Google Authenticator App is not attached to your Google account! So if you lose your phone, you lose your 2FA codes inside of the Google Authenticator App.
Tip: Print out the QR Code when setting up app-based 2FA. That QR Code can be scanned into any app like Google Authenticator or Authy. Keep a copy with your other backups.
9. Use Random Words For Security Questions
Use random words instead of real answers for security questions.
Store the questions and answers in your password manager.
Example: What High School Did You Go To = CowShampoo
Some people like to use random passwords but stick to words as it’s easier to say CowShampoo over the phone instead of L676q4cZq#vLLnkd?82.
10. Buy A Safe
Buy a safe and in it keep all your backups and other important information. Preferably get a safe you can bolt to the wall or floor.
If you can’t afford a safe, then get a fireproof document bag and/or a good hiding spot in your home.
Tip: Put documents in a zip-lock bag. The moisture in the air can damage paper and make ink run. Plus, if there is a fire, there is also water, and fireproof safes or bags are not waterproof.
11. Don’t Open Your Password Manager On A Computer You Don’t 100% Trust
This means you never open your vault on a public computer, even if you have 2FA.
If it’s not your computer, you don’t open your password manager on it.
If you need to log in to a website from a computer that is not yours, you’ll need to type the password manually from your phone.
12. Use HaveIBeenPwned
Check https://haveibeenpwned.com/ to see if you’re in any breaches.
We go over why it’s safe to use HaveIBeenPwned here.
You can even give HaveIBeenPwned your email address so they can alert you to new breaches. It’s free and an excellent service!
13. When In Doubt, Change The Password
If you’re using a password manager and giving every account its own unique password, there is no need to change your passwords regularly.
But if you’re ever in doubt, change the password.
This should be easy now that you’re using a password manager.
14. Avoid Unexpected Links In Emails
Unless you’re expecting an email that requires you to click a link, you should avoid emails with links.
Emails with links that are okay, for example, is when you sign up for a website and they want to confirm your email address.
Emails out of the blue with links should be avoided and assumed bad.
If you’re not sure, you can always use these websites to check the URL.
This is where paying for a good Anti-Virus comes into play as many of them do this for you.
The same caution should be had for email attachments. Always scan any downloads on your computer using your Anti-Virus Software (right-click the file and press scan).
15. You Don’t Always Need A VPN
VPNs are kind of oversold and misunderstood when it comes to internet security.
There are times it can help, but for many people, it’s not what you think.
This video does a great job of explaining if you need to get a VPN.