8 Tips for Online Safety Used by Security Experts

Joel Lee 14-08-2015

When it comes to personal online security, advice is tricky. A lot of it sounds good in theory, but how much of it actually works as intended? Some oft-repeated wisdom is tried and true while others are just cyber security myths 4 Cyber Security Myths That Must Die Read More .


According to recent research by Google, security experts have fundamentally different approaches to online security than average Web users. These differences not only include habits and behaviors, but mindsets and attitudes as well.

Want to stay safe online? Then forget everything you know about online security because it’s time to be retrained in the right patterns. Here’s what the experts actually do.

Keep Software Updated


Installing software updates, using password managers, and employing two-factor authentication are all top choices for experts while remaining much lower priorities for non users.

HT: Ars Technica

Would it surprise you to know that the #1 practice shared amongst security experts is staying on top of software updates? Most non-experts focus more on antivirus, encryption, privacy — and we’ll cover all of that later — but so many folks forget that software updates are crucial.



Because even though these past few years have really highlighted the dangers of social engineering What Is Social Engineering? [MakeUseOf Explains] You can install the industry’s strongest and most expensive firewall. You can educate employees about basic security procedures and the importance of choosing strong passwords. You can even lock-down the server room - but how... Read More , the truth is that most security breaches are effected through software vulnerabilities and loopholes (and these breaches are called exploits).

Ever wondered why applications keep asking you to update, update, update? Sometimes those updates are there to push new features, but many times they exist to patch vulnerabilities that weren’t discovered until recently.

Updating your software (and in the case of certain gadgets, updating your firmware What Is DD-WRT And How It Can Make Your Router Into A Super-Router In this article, I'm going to show you some of the coolest features of DD-WRT which, if you decide to make use of, will allow you to transform your own router into the super-router of... Read More !) protects you from those who might exploit open vulnerabilities on your system.

Use Strong & Unique Passwords



Password managers change the whole calculus because they make it possible to have both strong and unique passwords.

HT: Tom’s Hardware

A bad password is only slightly better than having no password at all. It lures you into a false sense of security and makes you forget that weak passwords are easy to crack 13 Ways to Make Up Passwords That Are Secure and Memorable Want to know how to make up a secure password? These creative password ideas will help you create strong, memorable passwords. Read More . For a password to be effective, it has to be both strong and unique.

A strong password is at least 8 characters long, doesn’t contain any words you’d find in a dictionary, does contain several special characters (e.g. !@#$%^&*), and uses a mixture of uppercase and lowercase letters.

A unique password is one that you use for one and only one account. That way if one account is breached, your others stay secured. Would you ever use the same exact key for your car, your house, your mailbox, and your safe deposit box?

The problem is that memorable but secure passwords 6 Tips For Creating An Unbreakable Password That You Can Remember If your passwords are not unique and unbreakable, you might as well open the front door and invite the robbers in for lunch. Read More are hard to manage, especially if you commit to never repeating a password. So, use a password manager!


When it comes to passwords, only 24% of non-experts polled said they used password managers for at least some of their accounts, compared to 73% of experts.
HT: Information Week

A password manager remembers your account credentials so you don’t have to. When you need to log into a website or a program, the password manager will fill in the relevant details for you. It’s safe and convenient. A win-win.

There are several different password managers available these days, and even more if you count password managers on Android The Best Password Managers for Android Compared Passwords are hard to remember, and it's insecure to only have a few passwords memorized. Let these apps keep your passwords strong and secure! Read More . To get started, check out our guide to password management Password Management Guide Don't feel overwhelmed by passwords, or simply use the same one on every site just so you'll remember them: design your own password management strategy. Read More .

Enable Two-Factor Authentication


Many popular websites and services support two-factor authentication. This means that even if someone is able to get your password, they won’t be able to log into your account.

HT: Laptop Mag

Two-factor authentication is any authentication method that requires two different authenticating credentials. For example, a password would be one kind of factor while facial recognition could be a second factor. Only with both are you granted access.


Today, most services that offer two-factor authentication (not all do, unfortunately) will require a password and a verification code that gets sent to you by email or by SMS. In order to break into your account, someone would have to crack your password and intercept the verification code.

Needless to say, everyone should use two-factor authentication What Is Two-Factor Authentication, And Why You Should Use It Two-factor authentication (2FA) is a security method that requires two different ways of proving your identity. It is commonly used in everyday life. For example paying with a credit card not only requires the card,... Read More !

It stands to reason that if updates, password managers, and two-factor authentication are top priorities for security professionals, they should be top choices for amateurs as well.

HT: Ars Technica

Check Links Before Clicking


“Think before you link.” In other words, think about it before you click that link.

HT: Roger Thompson

How many times have you clicked on a link that looked legitimate only to arrive at a website full of distasteful ads and malware warnings? Unfortunately, it’s pretty easy to disguise a malicious link as a proper one, so be careful when you click.

This is particularly important for emails because a common tactic used by phishers What Exactly Is Phishing & What Techniques Are Scammers Using? I’ve never been a fan of fishing, myself. This is mostly because of an early expedition where my cousin managed to catch two fish while I caught zip. Similar to real-life fishing, phishing scams aren’t... Read More is to recreate emails from popular services (like Amazon and eBay) and insert fake links that take you to pages that ask you to sign in. By logging in, you’ve actually just given them your account credentials!

Hint: Learn how to check the integrity of a link 8 Ways to Make Sure a Link Is Safe Before You Click It Hyperlinks as we all know are the strands that make up the web. But just like the spiders, the digital web can trap the unsuspecting. Even the more knowledgeable among us click on links which... Read More before clicking. Also, stay extra safe with these important email security tips 7 Important Email Security Tips You Should Know About Internet security is a topic that we all know to be important, but it often sits way back in the recesses of our minds, fooling ourselves into believing that "it won’t happen to me". Whether... Read More .

Another link-related risk is the shortened URL. A shortened URL could take you anywhere and it’s impossible to decipher the destination just by reading the URL alone, which is why you should always expand a shortened URL Reveal Where Short Links Really Go To With These URL Expanders A few years ago, I didn’t even know what a shortened URL was. Today, it’s all you see, everywhere, all the time. The rapid rise of Twitter brought a never-ending need to use as few... Read More to see where it leads before clicking on it.

Browse HTTPS Whenever Possible


Encryption of data. Though it is important for companies to protect their data from outsiders, it is also important to protect it inside the network.

HT: Novell

Encryption is extremely important How Does Encryption Work, and Is It Really Safe? Read More and you should be encrypting all of your sensitive data whenever possible. For example, encrypt cloud storage files 5 Ways to Securely Encrypt Your Files in the Cloud Your files may be encrypted in transit and on the cloud provider’s servers, but the cloud storage company can decrypt them -- and anyone that gets access to your account can view the files. Client-side... Read More in case they get hacked or leaked and encrypt smartphone data How To Encrypt Data on Your Smartphone With the Prism-Verizon scandal, what allegedly has been happening is that the United States of America's National Security Agency (NSA) has been data mining. That is, they have been going through the call records of... Read More so nobody can snoop on your communications.

And while privacy is important, there are other reasons for digital encryption Not Just For Paranoids: 4 Reasons To Encrypt Your Digital Life Encryption isn’t only for paranoid conspiracy theorists, nor is it just for tech geeks. Encryption is something every computer user can benefit from. Tech websites write about how you can encrypt your digital life, but... Read More besides it. But for web security advocates, one of the more effective steps is to use HTTPS whenever you can HTTPS Everywhere: Use HTTPS Instead of HTTP When Possible Read More .

Hint: Not sure what that is? Read our HTTPS overview and why it matters What Is HTTPS & How To Enable Secure Connections Per Default Security concerns are spreading far and wide and have reached the forefront of most everybody's mind. Terms like antivirus or firewall are no longer strange vocabulary and are not only understood, but also used by... Read More .

Stop Sharing Personal Information


Don’t post any personal information — your address, email address or mobile number — publicly online. Just one piece of personal information could be used by a complete stranger to find out even more.

HT: Tom Ilube

Posting your personal information online can have serious repercussions. You’d be surprised by how much people can find out about you even from a single breadcrumb or two. Most of the time it doesn’t lead anywhere, but sometimes it can ruin your life 5 Life-Ruining Ways You Can Be Victimized Online The Internet is not as anonymous as you might think it is. If somebody wants to find out who you are and where you live, the tiniest bit of information can lead back to you... Read More .

There’s a process called doxxing (or doxing) whereby people will scour the Internet for your personal information What Is Doxing & How Does It Affect Your Privacy? [MakeUseOf Explains] Internet privacy is a huge deal. One of the stated perks of the Internet is that you can remain anonymous behind your monitor as you browse, chat, and do whatever it is that you do.... Read More and eventually have enough puzzle pieces to determine who you are, where you live, who your family members are, where you work, and more.

It’s scary enough on its own, but when you combine it with something serious like a death threat or a prank call to 911 that screams were heard in your house, it becomes more than just a fairy tale of stalkers and inconveniences.

Ignore Anything “Too Good to Be True”


If it sounds too good to be true, it is probably not true. No one wants to send you $5 million. You are not the millionth visitor to the website. You are not a winner … and the Pretty Russian Girl who wants to be your friend is probably not pretty and not even a girl. She doesn’t want to be your friend … she wants your money.

HT: Roger Thompson

The problem with “too good to be true” is that it usually indicates deceit or fraud, as is the case in a lot of eBay scams 10 eBay Scams to Be Aware Of Being scammed sucks, especially on eBay. Here are the most common eBay scams you need to know about, and how to avoid them. Read More , Craigslist scams Taking the Battle to Craigslist Scammers: How to Avoid Scams on Craigslist Launched way back in 1995, Craigslist took the Internet world by storm with its innovative cross of classified ads with the web. But as with all Internet-based transactions, some users prefer to game the system... Read More , and even apartment scams How to Avoid Apartment and Condo Rental Scams More and more people are finding their next place to live through online services, and scammers have learned to take advantage yet again. Don't become the next victim. Read More . Few things on the Internet are ever perfect.

You can take the risk if you want to, especially if you can eat that potential loss without flinching, but the general rule of thumb is to ignore it if you can’t find “the catch”. If you can’t find a catch, then the catch is likely you.

Scan For Malware Regularly


Among respondents who are not security experts, 42% consider the use of antivirus software to be among the top three things one can do to stay safe online. Only 7% of the security experts polled believe that.

HT: Information Week

Would you believe that only 7% of security experts bother using antivirus software? Sounds crazy, doesn’t it? Is antivirus software really that bad? It depends on your criteria.

Non security experts listed the top security practice as using antivirus software … One likely reason explaining the divide over use of antivirus software is that security experts are more likely than non experts to use a non-Windows operating system. So while it may be tempting to interpret the results as showing experts think AV isn’t an effective security measure, that’s not automatically the case.
HT: Ars Technica

Antivirus software should be seen as backline defense, as more of a last resort than a primary shield. Even the best antivirus programs The 10 Best Free Antivirus Software No matter what computer you're using, you need antivirus protection. Here are the best free antivirus tools you can use. Read More are far from perfect, so it’s more effective to focus on proper security habits Change Your Bad Habits & Your Data Will Be More Secure Read More .

In other words, security experts know how to keep themselves secure, so they don’t really need that last line of defense. On the other hand, the average user doesn’t know how to practice safe security habits, so antivirus is good to have.

This is the only tip where we recommend that average users deviate from the experts: they don’t need antivirus software, but you and I do! Don’t forego it. You never know when it’ll save you.

Are you a security expert or an average user? What techniques do you use to keep yourself safe online? What other tips would you add to this list? Share with us in the comments below!

Image Credits: Businessman at computer via Shutterstock, Software Update by Hadrian via Shutterstock, Password Login by kpatyhka via Shutterstock, Two Factor Authentication by Dave Clark Digital Photo via Shutterstock, Credit Card Phishing by wk1003mike via Shutterstock, HTTPS Browser by TACstock1 via Shutterstock, Anonymous Computer User by Ditty_about_summer via Shutterstock, Wooden Fraud Blocks by schatzy via Shutterstock, Computer Virus by wk1003mike via Shutterstock

Related topics: Antivirus, Online Privacy, Online Security.

Affiliate Disclosure: By buying the products we recommend, you help keep the site alive. Read more.

Whatsapp Pinterest

Leave a Reply

Your email address will not be published. Required fields are marked *

  1. lpc123
    January 19, 2017 at 3:19 pm

    Your forgot the most important security tip: "Replace Windows with Linux"

  2. Charlie
    November 23, 2016 at 7:57 pm

    So they leave you with empty threats. Why should I not mess with them....?

  3. Anonymous
    August 15, 2015 at 5:22 am

    I use an anti-virus, plus Malwarebytes Free, plus Malwarebytes Anti-Exploit.
    I use an adblocker, as well as cookie/tracker blockers.
    I use site adviser extensions to warn me of dodgy sites (There are websites to do this as well).
    I check downloaded files and some URLs with VirusTotal.
    I use "HTTPS Everywhere".
    I use a password manager. I considered the "single point of failure" issue, but concluded that the benefits far outweigh the risks as it enables me to use a unique, long, "random gibberish" password on every site. I also have a large collection of email addresses (many email providers let you set up multiple aliases), so I use unique email addresses for most sites. I have 2 factor authentication enabled on the email accounts I use for log-ins to sites I care about, as well as the email account I use for important correspondence.
    Sensitive files are encrypted when I save them. For important stuff I use a cloud storage service that encrypts locally before uploading, so uploaded sensitive stuff is encrypted twice. I don't worry so much about non-sensitive stuff. Pictures of the cat are backed up unencrypted.
    I have a couple of thoughts on the password advice given in the article. An 8-character "random gibberish" password was once very secure. Advances in computing power mean that now a well equipped hacker who has obtained password hashes may--depending on how the passwords were hashed--be able to brute force any 8-character password in a day or two. At the same guess rate it would take decades try all possible 10-character passwords and tens of thousands of years to try all possible 12-character passwords. If you are using a password manager there is no reason whatsoever not to use longer passwords. I have two accounts that limit passwords to 12 characters, and a few more that limit them to 16 characters. Elsewhere I use passwords that are significantly longer than 16 characters. It's overkill in most cases, but if you aren't filling them in by hand it makes no difference whether you use a 10 or 20 or 30 or 40 character password for a site, so why not use a long password? The question of using dictionary words is a little more nuanced than the article suggests. It's a bad idea to use a single dictionary word, or an obvious combination of words (secretpassword), or a word combined with a trivial numeric suffix (password123). It's also a bad idea to use a keyboard pattern (1qazxsw2). On the other hand, for a password you need to remember (such as the one for your password manager) a group of unrelated words (spirerussetevictshaftomahaflak) can be secure and relatively easy to remember. If you like you can add to the security by using a couple of upper case letters (avoid using upper case only for the first letter of a word, especially the first word. It's better to have a different case somewhere in the middle of a word), or sticking one or two numbers and symbols in there somewhere. I don't normally use passwords that are words only, but I have a couple that I sometimes need to enter by hand that have words in them, though if you took the words out the remainder would still make a fairly strong password.

    • Joel Lee
      September 2, 2015 at 5:50 pm

      Wow, Gilbert! That was enough to fuel a separate article altogether. Lots of great points regarding secure passwords, and thanks for your clarifying statements (such as the dictionary point).

      • Anonymous
        September 4, 2015 at 3:40 pm

        Thank you! I hope it's helpful to someone. And if you want to make a separate article about it, feel free to use my stuff :-)
        Looking over what I wrote, I see I didn't mention an important benefit of using unique alias email addresses for important sites. I have filters set up so mail sent to each alias address is forwarded to an appropriately named folder. If Megabucks Financial sends me an email concerning my Megabucks account it will show up in the "Megabucks" folder. Anything that purports to be from Megabucks that shows up anywhere else is certainly fake. Of course, if I get an unexpected email from Megabucks about my account I'll still go to their website to log in rather than clicking on a link in the email, even if it was sent to the correct email address, but an easy way to tell at once that there's something fishy going on is always valuable.

  4. Anonymous
    August 14, 2015 at 3:09 pm

    "use a password manager!"
    My only reservation about password managers is that if the password to access the manager is compromised, doesn't the hacker have access to all the password store by the manager?

    "Stop Sharing Personal Information"
    Easier said than done. Unfortunately almost every site, especially the retailers, wants you to provide your whole life's history when you join them.

    Also, it seems like Google has a lot of our personal information which they have gathered from databases available online; information we have not knowingly provided.

    • Anonymous
      August 15, 2015 at 2:36 am

      TL;DR: Being able to use a single, really strong password is probably better than using a bunch of different weak ones (and most people probably use the same weak one on different sites).

      Some password managers (KeePass at least) will let you create a key file which you need to use as well as a password to access your password database. The idea is that you can still sync the password database via Dropbox or another cloud storage service, but you manually transfer the key file (over USB, probably) to every device you'll want to access your passwords on (just keep a backup somewhere, if you lose every copy of the file you lose access to your passwords). That way even if someone does get into wherever you store your passwords and has the password to unlock it, it still won't do them any good.

      Obviously malware could upload the key file to a bad guy, or someone could steal your laptop or phone with the key file on it, but in those situations you can just generate a new key file and use that one instead (although you should also change the password for your password manager, and possibly all your passwords if that happens - just in case they manage to brute force the password to your password manager - because hopefully you're not using a password which would fall quickly under a dictionary attack as your single password).

      But I'd say as long as your password manager has a good password, it's not something you should worry about. Before I started using a password manager, I used two or three different passwords (each without about two or three different variations) everywhere. And they weren't good passwords to begin with. Figuring out just one of them would have meant being able to access a lot of my accounts (not to mention that half the time I couldn't remember which password or which variant was used on which site). Now, having the password to one web site won't let you in to a bunch of others, none of my accounts should crack easily under a dictionary attack, and I only have to remember one, strong password instead of a bunch of weak ones (yes, it's harder to remember, but it's only one, and when you use it several times a day, you remember it fairly quickly).

  5. Anonymous
    August 14, 2015 at 1:24 pm

    Ad Blocking like Adblock Plus or Ad-Away on . Make sure to exclude your favorite sites so they get the revenue they are supposed to.

    • Joel Lee
      September 2, 2015 at 5:52 pm

      But if you do use adblock, remember to whitelist sites that you want to support. Hint hint, nudge nudge. :)

  6. Anonymous
    August 14, 2015 at 12:23 pm

    Using password with special characters ? Not a good idea :p Passphrases are preferable.
    Where's why :

    • Joel Lee
      September 2, 2015 at 5:55 pm

      In the XKCD example, you're right. Now how would a phrase like "correct horse battery staple" compare against a gibberish combination of alphanumerics and special characters, like "humu$^%&fomo!@#$"? If the difference is not so great, then maybe we should switch to passphrases full-time.