Keeping yourself safe and secure online is more important than ever, with the rise in malware and social engineering attacks. We are seeing these become not only more prevalent, but more advanced too. Not all hope is lost though! While 100% safety is impossible to guarantee, I want to share 5 tips that will greatly improve your chances of staying secure. With this being said, let’s dive in.
One of the easiest things we can do to stay safe and secure is stay updated. This means updating everything on your computer. Things you can update include programs, games, system software, drivers and more. This is a fairly tedious task on Windows. Luckily there are programs designed to assist us with these tasks!
For updating programs, Patch My PC seems to be the best option. It is completely free, easy to use and does not try to install bloatware. This program simply scans your computer and reports which programs need updated, it can then update those programs in the background. While of course not every program can be detected, it does a great job and did not miss anything for me. It was also easily deleted when I was done using it.
Typically I do not recommend third party tools for updating programs and everything, however this seems to be safe and ran extremely good. This being said, it is always best to update yourself and not rely on third party programs.
On the topic of system software, Windows 10 Update Assistant is the best tool. It is official and free. This will check your system for the latest version of Windows and any updates that may be out but not installed. It then will install them for you if you wish.
If you use Steam to manage your games, luckily it should keep them automatically, and Steam updates every time your computer restarts.
The final thing to keep updated is drivers and probably the most difficult to update. Driver updater programs are very common to find. However like most program updaters, they are full of bloatware, malware, and just generally unsafe and could compromise your system’s security. Update drivers in Windows 10 (microsoft.com) has all the details you need to update the drivers. Which involves using the device manager.
Have Secure Passwords
Passwords are a tricky thing to get right. One one hand, you want them to be complex enough that brute forcing is not going to be easy and it will not be guessed easily by using information about you too. On the other hand, you need to be memorable. Otherwise you will write it down on a sticky note or a file on your computer, compromising safety. So here are different things you want to make sure to do.
Typically applications enforce some sort of password policy. Usually it goes along the lines of 8 characters minimum, 1 number, 1 upper case letter and 1 special character. This is good. Even if it is not enforced, use this. It is the a start to keeping it secure.
You can even go beyond this. What is better than having an 8 character minimum? Having 12 characters. 12 is a good length because this is a length which we usually can still remember while being complex enough that brute force attacks are fairly useless against it. Keep in mind dictionary attacks do exist with combinations of common words and phrases.
When making a password, checking it against rockyou.txt (downloadable here) and top 10000 passwords. These lists are common in brute forcing, and if they are in this list, they are more likely to be cracked.
Symbol replacement can be good, such as @ for a, $ for s, ! for ! for 1, or 0 for o. However it would not be wise to rely on this alone, as attacks on common short passwords can account for common rules like this. This being said, it still increases complexity by some degree.
Length is still a very important feature as pure brute forcing programs will crack small ones fast, but large and secure passwords can take years, thousands of years or more. Meaning you will be relatively safe from this attack. One single long word is probably not the best approach either, instead use a passphrase, a few smaller words combined into one phrase. Combine it with numbers and symbols and you will do relatively fine.
The comic below shows this, however Correct Horse Battery Staple Review – Password Advice – Virtual CISO (fractionalciso.com) gives some more advice. If you are using this phrase style of password, make sure they are actually random and not related or common words. Because attackers are viewing this comic too. Correct Horse Battery Staple can help generate a secure password using the phrase style, and you can even customize the rules of it.
In the end, using a password manager will be your best bet and is the most secure option out of any. One master password you have to remember is it. The rest will be automatically generated and very secure, these are monstrosities and almost impossible to brute force, and dictionary attacks will not get them either. So this is the recommended option. There is a lot of managers and I recommend researching the various ones, such as LastPass.
How Secure Is My Password? will also check your password and give you a score of how secure it is. While it is not a guide to use for 100% safety, you can make sure it is not rated too low. Common sense and using the tips provided above will make it so you will typically score well.
Two Factor Authentication
Use this. What exactly is it? Well this is another method of authentication that is becoming more and more common. It can take place as one of three methods typically.
Something you know: This could be a personal identification number (PIN), a password, answers to “secret questions” or a specific keystroke pattern
Something you have: Typically, a user would have something in their possession, like a credit card, a smartphone, or a small hardware token
Something you are: This category is a little more advanced, and might include biometric pattern of a fingerprint, an iris scan, or a voice printWhat Is Two-Factor Authentication (2FA)? – Authy
Something you know typically is used for applications online, and they come in form of,
Email is well, an email. Applications such as Steam by default use this to prevent hackers from accessing your account. When you correctly enter your credentials it sends you an email to confirm your login, once you confirm it you are logged in. So if you receive an email and you did not log in, it is time to change your password.
Text is simple too, it is more common than email though. Many apps including Instagram use text for two factor authentication. This is a preferred method too, as email can be hacked much easier than obtaining your cell phone. This will send a either a link to confirm your login or send a code which you must enter on the website.
The app is the last method and very good too. First install an app such as Google or Microsoft authenticator. Then enter the code of the app(when setting it up it will give you a code) or scan the QR code it gives you. Not all apps support two factor authentication as well. If it does offer it, and offers an app version, you can get the code this way.
Once entered in you are ready to go. It will continuously run, generating codes. When you login you will be asked for the current code. Each code only lasts maybe 30 seconds. The best part is that it is only accessible on your device, and not even hijacking your sim card can bypass that. For this reason I recommend this over the over options as it is the most secure, and in my opinion, the easiest.
All in all, enabling two factor authentication is something that is very easy to do, and will improve your security by a lot. By just entering that second code or confirming the login, even hackers with your password cannot login.
Anti Viruses and VPNs
While this should be fairly common sense, make sure your anti virus is not only updated, but properly configured. If it is not enabled do so. Windows Defender is on by default on Windows computers and it is a great anti virus, ignore the memes about it. It has been getting better over the years and is just another anti virus now and will keep you secure just like the others. However if you want something paid, Bitdefender, Kaspersky, or Sophos are all respected good ones.
VPNs or Virtual Private Networks encrypt your traffic and make sure you are secure. Attackers attempting to eavesdrop on your traffic will not be able to, as it is encrypted and they do not have the key. However make sure you get a good VPN, as free ones may have exploits and render them useless. Or worse, introduce malware themselves. Good VPNs include Nord VPN or IPVanish, although more exist. A lot of antivirus solutions either include a VPN, or offer one at a price such as Bitdefender.
Practice Internet Safety
Even though this has been mentioned in other articles, it is important to reiterate again. This is just making sure to avoid sketchy files, know about phishing emails, etc…
Pirated programs and nulled plugins often contain malware, so best to avoid getting them. In addition, if it seems too good to be true, it probably is. Not only that, but sketchy free programs can introduce viruses too. Or they may exist simply to farm your personal information. Often times you can trust your gut feeling on whether something is safe or not. Research and see if the internet has anything to say about it, upload to VirusTotal first and see if it’s safe. Virus Total checks the file against many anti viruses to tell if it is malicious or not, keeping you secure.
For phishing emails, 5 Social Engineering Attacks and How To Stop Them | Cyber Code can provide an insight into phishing emails, and how hackers use social engineering against you. Make sure the address is actually who sent it, hackers can sometimes spoof the email, but it still shows the real sender. Email headers are perfect to examine this. If it is again too good to be true, it is. You did not win a cruise when you signed up for no contests, nor did you randomly win 1 million dollars. Your anti-spam filter should catch most of these, but be aware of them if you do see them.
Finally, avoid sketchy websites. Stick to reputable sites, and never input personal information to sites which are sketchy. They may use passwords for password spraying attacks, or personal information for phishing. Url Scanner to Detect Phishing in Real-time | CheckPhish can check sites to see if they are a phishing site using AI. Even if its not phishing, sites which host malware typically give off a shady vibe. With time and experience these will become blatantly obvious. And this is also why anti viruses are important. Bitdefender will scan sites for you, and even if it does start to infect you, an anti virus will keep you secure.
Kaspersky has written 10 tips to follow.
Besides these, common sense and internet safety tips will work wonders. The most common means of infection are by sketchy websites, downloading trojan horses in apps and games and phishing emails.
In all, you can never be 100% secure, however, you can vastly increases your chance at being secure. By making sure your computer is properly updated, making sure your password is secure, enabling two factor authentication where possible, having an anti-virus and VPN and just generally acting safe and cautious online will help keep you secure.