Online Safety Tips

This image has an empty alt attribute; its file name is IMG_1602.jpg


1. Keep Personal Information Professional and Limited

Potential employers or customers don’t need to know your personal relationship status or your home address. They do need to know about your expertise and professional background, and how to get in touch with you. You wouldn’t hand purely personal information out to strangers individually—don’t hand it out to millions of people online.

2. Keep Your Privacy Settings On

Marketers love to know all about you, and so do hackers. Both can learn a lot from your browsing and social media usage. But you can take charge of your information. As noted by Lifehacker, both web browsers and mobile operating systems have settings available to protect your privacy online. Major websites like Facebook also have privacy-enhancing settings available. These settings are sometimes (deliberately) hard to find because companies want your personal information for its marketing value. Make sure you have enabled these privacy safeguards, and keep them enabled.

3. Practice Safe Browsing

You wouldn’t choose to walk through a dangerous neighborhood—don’t visit dangerous neighborhoods online. Cybercriminals use lurid content as bait. They know people are sometimes tempted by dubious content and may let their guard down when searching for it. The Internet’s demimonde is filled with hard-to-see pitfalls, where one careless click could expose personal data or infect your device with malware. By resisting the urge, you don’t even give the hackers a chance.

4. Make Sure Your Internet Connection is Secure. Use a Secure VPN Connection

When you go online in a public place, for example by using a public Wi-Fi connection, PCMag notes you have no direct control over its security. Corporate cybersecurity experts worry about “endpoints”—the places where a private network connects to the outside world. Your vulnerable endpoint is your local Internet connection. Make sure your device is secure, and when in doubt, wait for a better time (i.e., until you’re able to connect to a secure Wi-Fi network) before providing information such as your bank account number.

To further improve your Internet browsing safety, use secure VPN connection (virtual private network). VPN enables you to have a secure connection between your device and an Internet server that no one can monitor or access the data that you’re exchanging. Read more about What is VPN

5. Be Careful What You Download

A top goal of cybercriminals is to trick you into downloading malware—programs or apps that carry malware or try to steal information. This malware can be disguised as an app: anything from a popular game to something that checks traffic or the weather. As PCWorld advises, don’t download apps that look suspicious or come from a site you don’t trust.

6. Choose Strong Passwords

Passwords are one of the biggest weak spots in the whole Internet security structure, but there’s currently no way around them. And the problem with passwords is that people tend to choose easy ones to remember (such as “password” and “123456”), which are also easy for cyber thieves to guess. Select strong passwords that are harder for cybercriminals to demystify. Password manager software can help you to manage multiple passwords so that you don’t forget them. A strong password is one that is unique and complex—at least 15 characters long, mixing letters, numbers and special characters.

7. Make Online Purchases From Secure Sites

Any time you make a purchase online, you need to provide credit card or bank account information—just what cybercriminals are most eager to get their hands on. Only supply this information to sites that provide secure, encrypted connections. As Boston University notes, you can identify secure sites by looking for an address that starts with https: (the S stands for secure) rather than simply http: They may also be marked by a padlock icon next to the address bar.

8. Be Careful What You Post

The Internet does not have a delete key, as that young candidate in New Hampshire found out. Any comment or image you post online may stay online forever because removing the original (say, from Twitter) does not remove any copies that other people made. There is no way for you to “take back” a remark you wish you hadn’t made, or get rid of that embarrassing selfie you took at a party. Don’t put anything online that you wouldn’t want your mom or a prospective employer to see.

9. Be Careful Who You Meet Online

People you meet online are not always who they claim to be. Indeed, they may not even be real. As InfoWorld reports, fake social media profiles are a popular way for hackers to cozy up to unwary Web users and pick their cyber pockets. Be as cautious and sensible in your online social life as you are in your in-person social life.

10. Keep Your Antivirus Program Up To Date

Internet security software cannot protect against every threat, but it will detect and remove most malware—though you should make sure it’s to date. Be sure to stay current with your operating system’s updates and updates to applications you use. They provide a vital layer of security.

How to set up two-factor authentication on all your online accounts

Just about any account you own on the internet is prone to being hacked. After numerous widespread breaches through the past years, tech companies are now working together to develop a standard that would make passwords a thing of the past, replacing them with more secure methods like biometric or PIN-based logins that do not require transferring data over the internet.

But while those standards are still being adopted, the next best way to secure your accounts is two-factor authentication, or 2FA. This a process that gives web services secondary access to the account owner (you) in order to verify a login attempt. Typically, this involves a phone number and / or an email address. This is how it works: when you log into a service, you use your mobile phone to verify your identity by either clicking on a texted / emailed link, or by typing in a number sent by an authenticator app.

WHAT ARE AUTHENTICATOR APPS?

Authenticator apps are considered more secure than texting; in addition, they offer flexibility when you are traveling to a place without cellular service. Popular options include Authy, Google Authenticator, Microsoft Authenticator, or HDE OTP (iOS only). These apps mostly follow the same procedure when adding a new account: you scan a QR code associated with your account and it is saved in the app. The next time you log in to your service or app, it will ask for a numerical code; just open up the authenticator app to find the randomly generated code required to get past security.

While 2FA — via text, email, or an authenticator app — does not completely cloak you from potential hackers, it is an important step in preventing your account from being accessed by unauthorized users. Here’s how to enable 2FA on your accounts across the web.

APPLE

Two-factor authentication is currently offered to Apple users on iOS 9 or macOS X El Capitan or later. (We don’t make the rules!)

iOS

The steps are slightly different depending on how updated your iOS software is. For those using iOS 10.3 or later, you can enable 2FA on your Apple ID by going to Settings > [Your Name] > Password & Security. Turn on 2FA to receive a text message with a code each time you log in.

For those using iOS 10.2 or earlier, the settings are under iCloud > Apple ID > Password & Security.

macOS

Click the Apple icon on the upper left corner of your screen, then click System Preferences > iCloud > Account Details. (You can shorten this step a bit by typing in “iCloud” using Spotlight.) Click on Security, and you’ll see the option to turn 2FA on.

The remainder of the steps, from either iOS or Mac, are the same. You can opt for Apple to send you a six-digit verification code by text message or a phone call. You can also set up a physical security key here.

INSTAGRAM

Instagram added 2FA to its mobile app in 2017, but now you can also activate it through the web.

To activate 2FA on your mobile app, head over to your profile and click the hamburger menu on the upper right corner. Look for Settings, then Privacy and Security. The menu item for Two-Factor Authentication is located in the Security section.

From here, you can choose between text message-based verification, a code sent to your authentication app, or one of Instagram’s pre-generated recovery codes. The last is most useful if you are traveling in a place where you lack phone service to receive texts.

To turn on 2FA using the web, log in and head to your profile. Next to your profile name, there is a gear icon next to the Edit Profile button. Clicking this will pop open a settings menu, where you can find the same Privacy and Security section as on the app. From here, you can turn on 2FA and, just as in the app, choose your method for verification.

FACEBOOK

The way to access Facebook’s 2FA settings is bit different on the app and the web (and Facebook tends to update both layouts often).

As of March 2019, you can access your privacy settings on the mobile app on both iOS and Android by clicking the hamburger icon on the upper right corner and scrolling down to the bottom to find the Settings & Privacy menu. Tap Settings > Security and Login. The 2FA option will be available under Setting Up Extra Security.

Like Instagram (they are part of the same company, after all), you can opt for a text message, an authentication app, or recovery codes for verification.

On the web, click the arrow next to the Help icon (a circle with a question mark inside) on the upper right side. Toward the bottom, you can find the Settings menu that can take you to the main page where you’ll find Security and Login on the left-hand side. Click on that, and then find the Two-Factor Authentication subsection. You can also add a security key login through USB or NFC here.

If you prefer to not use 2FA each time you log in from the same device (say, your personal laptop or phone), you can also set up your trusted devices under the Authorized Logins menu. This will allow you to bypass 2FA for devices currently logged in to your Facebook account. If you’ve logged into Facebook on a foreign device — say, a hotel computer while you were on vacation — you can also revoke that access through this setting.

Additionally, for apps that don’t support 2FA when logging in with a Facebook account (such as Xbox and Spotify), you can generate a unique password specifically associated with that account. Just name the app, click generate, and save that password for the next time you have to log in.

TWITTER

On either the Twitter mobile app or browser version, click your profile avatar and find the “Settings and privacy” menu. On the left-hand menu, go to Account. Look for the Security subhead, click on “Set up login verification,” and follow the directions.

Once you’re all set up, Twitter will then text a code number to your phone number when you want to log in. Recently, Twitter has also added security key support.

As with other services mentioned above, you can generate a backup code to use when you’re traveling and will be without internet or cell service.

If you have a verified Twitter profile, you may see the option to create a temporary app password that you can use to log in from other devices. This can be used to log into third-party apps if you have them linked to your Twitter account. Note that the temporary password expires one hour after being generated.

AMAZON

Go to the Amazon homepage and log in. Hover over Accounts & Lists and click on Your Account. A box labeled Login & Security will be at the top of the page; click on that and then click the Edit button on Advanced Security Settings. (You can also navigate directly to that page by following this link.)

Click Get Started and Amazon will walk you through the process of registering your phone number, or you can opt to use your preferred authenticator app by syncing it through a QR code.

Once your phone number or authenticator app has been verified, you can select trusted devices to bypass 2FA or generate a code to log in via a mobile app.

GOOGLE

The easiest way to turn 2FA on across your Google accounts (i.e., Gmail, YouTube, or Google Maps) is by heading over to the main 2FA landing page and clicking Get Started. You’ll be asked to log in, then to enter a phone number; you can then choose whether you want to receive verification codes by text message or phone call. You can also choose to use prompts that allow you to simply click “Yes” or “No” when a login attempt occurs, or generate a security key link.

You can also generate backup codes for offline access. Google generates ten at a time and they’re designed to be single-use, so once you’ve successfully used one, cross it out (assuming you’ve printed them out) as it will no longer work.

SNAPCHAT

From the app’s main camera screen, tap your profile icon and find the gear icon to access your settings. Select Login Verification and choose whether to receive a text message verification or hook it up to your authenticator app.

Once 2FA has been enabled on your Snapchat account, you can add trusted devices or request a recovery code for when you’re planning to be somewhere without cellular service. Unlike other services on this guide, Snapchat does not seem to currently support security key logins.

SLACK

To enable 2FA, you’ll first need to find the Account Settings page. There are three ways to access this:

1) Click on your username on the upper left corner of the Slack app to open a drop-down menu and select “Profile & Account.” Your account information will now display on the right side of the chat window. Under your avatar and next to the “Edit Profile” button, click the three-dotted icons for additional actions, and find “Open account settings.”

2) Click on your own username from the chat window and select “Open account settings.”3) Head straight to my.slack.com/account/settings

Once on the Account Settings page, you should see the option for turning on 2FA under Password. If you do not see this available, however, check whether your Slack account is for work. Some employers may use single sign-on services that bypass the need for 2FA, which eliminates this from Slack’s Account Settings page.

If this is a personal Slack, however, then click Expand on the 2FA section to verify your information by an SMS or authenticator app. If you have multiple email addresses, you may need to select a default one before you can decide on your preferred 2FA method.

MICROSOFT

Log in to your Microsoft account and find the “Security settings” menu. Look for the “Two-step verification” section and click on the setup link. You’ll be walked through the steps needed to use your phone number, similarly to the process outlined for the other services. For when you lack cell service, click “App passwords” to generate a unique, one-time use password to log in.

DROPBOX

From your Dropbox homepage on the web, click your profile avatar and find Settings; then go to the Security tab. Find Two-Step Verification; it will tell you the status of your 2FA. Toggle to turn the feature on and choose to receive 2FA through a text or your authenticator app.

WHATSAPP

Open up WhatsApp, and find the Settings menu under the upper right hamburger icon. Look under Account > “Two-step verification” > Enable. The app will ask you to enter a six-digit PIN to use as verification, and optionally add an email address in case you forget your PIN.

Having an associated email with your WhatsApp account is important since the service won’t let you reverify yourself if you’ve used WhatsApp within the last seven days and have forgotten your PIN. So if you can’t wait a week to reverify for whatever reason, it’s helpful to have entered an email address so you can log yourself in or disable 2FA. In the same vein: be cautious of emails encouraging you to turn off 2FA if you didn’t request it yourself.

PAYPAL

On the main Summary page, click the gear icon and find the Security tab. Look for the section called “2-step verification” and click on the Set Up link. You’ll get a choice to have a code texted to you or use an authenticator app. (PayPal also offers to find you an authenticator app if you want one.)

If you lose your phone, change numbers, or decide to revoke authorization rights, come back to this menu to make adjustments.

Note that the interface is different if you use PayPal as a business account. From the main Summary page, click the gear icon to be taken to the Settings page. Under Login and Security, look for the Security Key option to add your phone number or a security key as your 2FA method.

NEST

Smart home products like Nest are not exempt from getting hacked. For Nest, make sure your app is up to date on all your devices. Then, on the home screen, go to Settings > Account > Managing account > Account security, and select two-step verification. Toggle the switch to on. A series of prompts will ask for your password, phone number, and the verification code that will be sent to your phone.

Keep in mind that all of your devices will be automatically signed out, so you’ll have to sign in again using the two-step verification.

If all your family members don’t have their own logins and have been using yours, it’s a good idea to set them up with separate logins using Family Accounts. Otherwise, when they try to log on using two-step verification, the necessary code will be sent to your phone, not theirs.

RING

Like with Nest, make sure your Ring app is up to date. Then go to Account > Two-factor Authentication (you’ll find it under Enhanced Security). Tap the big “Turn on Two-Factor” button. A series of prompts will ask for your password, phone number, and the verification code that will be sent to your phone.

From then on, you’ll need both your password and an SMS verification code whenever you want to log into Ring from a new device.

SIGNAL

Click the hamburger icon on the upper right side and find Settings. Under Privacy, find Registration Lock to add a PIN of your choice. Signal requires your PIN to be at least four digits long, and up to a maximum of 20 digits.

When you first enable Registration Lock, Signal will ask you to type in your PIN in the first six and 12 hours after being enabled. The company says this is designed to help you to remember it through random repetition. So after the first day, it will ask you to enter it in the next day, then in three days, and finally one last time after a full week.

If you happen to forget your PIN and can’t log into Signal, you will have to wait seven days of inactivity for your registration lock to expire, after which you can log into your app again to set up a new PIN. Those who are already actively using Signal won’t have to worry about the Registration Lock resetting, as that clock only starts when the app isn’t open.

DID WE MISS YOUR FAVORITE APPS?

For services not listed on this guide, check out TwoFactorAuth.org to find the app or service in question. This helpful site links to every official guide for companies that support 2FA, and gives you the option to message the company on Twitter, Facebook, or email to add 2FA if it currently does not have it.

On a final note: while adding 2FA is great for an extra layer of security on all your accounts, remember that you should be changing and updating your passwords regularly even with 2FA enabled, just to stay in tip-top shape. If that’s not your style, you can also use a password manager to automatically take care of it for you.