Skip to content

Watch: "Four Easy Ways to Stay Safe Online"

Four Easy Ways to Stay Safe Online

 

#1: Learn to recognize phishing

Phishing occurs when criminals try to get us to open harmful links, emails or attachments that could request our personal information or infect our devices. Phishing messages or “bait” usually come in the form of an email, text, direct message on social media or phone call. These messages are often designed to look like they come from a trusted person or organization, to get us to respond.

Recognize:

  • Urgent or emotionally appealing language, especially messages that claim dire consequences for not responding immediately
  • Requests to send personal and financial information
  • Untrusted shortened URLs
  • Incorrect email addresses or links, like amazan.com

Resist:

If you suspect phishing, resist the temptation to click on links or attachments that seem too good to be true and may be trying to access your personal information. Instead, report the phish to protect yourself and others. Typically, you’ll find options to report near the person’s email address or username. You can also report via the “report spam” button in the toolbar or settings.

Delete:

Delete the message. Don’t reply or click on any attachment or link, including any “unsubscribe” link. Just delete.

 

#2: Use strong passwords

Simple passwords, such as 12345, or common identifying information, like birthdays and pet names, are not safe for protecting important accounts holding personal information. Using an easy-to-guess password is like locking the door but leaving the key in the lock. Weak passwords can quickly be broken by computer hackers. But it’s impossible to remember a unique strong password for every account!

The good news is that creating and storing strong passwords with the help of a "password manager" is one of the easiest ways to protect ourselves from someone logging into our accounts and stealing sensitive information, data, money or even our identities.

Make them long

At least 16 characters—longer is stronger! 

Make them random

Two ways to do this are:

Use a random string of mixed-case letters, numbers and symbols. For example:

  • cXmnZK65rf*&DaaD
  • Yuc8$RikA34%ZoPPao98t

Another option is to create a memorable phrase of 4 – 7 unrelated words. This is called a “passphrase.” For example:

  • Good:  HorsePurpleHatRun
  • Great: HorsePurpleHatRunBay
  • Amazing:   Horse Purple Hat Run Bay Lifting

Note: You can use spaces before or between words if you prefer!

Make them unique 

Use a different strong password for each account.

For example:

  • Bank: k8dfh8c@Pfv0gB2
  • Email account: legal tiny facility freehand probable enamel
  • Social media account: e246gs%mFs#3tv6

Use a Password Manager

For most people, generating and remembering long, random and unique passwords for every account is not possible. Rather than write them down, use a password manager! A password manager is an easy-to-use program that generates stores and even fills in all your passwords. Password managers tell us when we have weak or re-used passwords and can generate strong passwords for us. They can also automatically fill logins into sites and apps as we move from one to another.

When we use a password manager, we only need to remember one strong password—the one for the password manager itself. (Tip: Create a memorable long “passphrase” as described above.)

There are many password managers to choose from. Some are free, like the built-in password managers in your web browser, and some cost money. Search a trusted source for “password managers” like Consumer Reports, which offers a selection of highly rated password managers. Read reviews to compare options and find a reputable program for you.

When we use a password manager, we are much more likely to use a long, random and unique password on every site. And that makes it much harder for someone to steal our valuable information!

PRO TIP Check to see whether your email accounts, banks, healthcare providers and other important accounts enforce strong password requirements. If they let you use a short password or a dictionary word, ask them why. It’s your information they’re putting at risk!

And don't forget to enable MFA, especially for your email, social media accounts and financial accounts.

 

#3: Turn on MFA

MFA provides us with extra security by confirming our identities when logging in to our accounts, like entering a code texted to a phone or one generated by an authenticator app. MFA increases security—it can make us significantly safer online. Even if an unauthorized user steals your password, they won’t be able to meet the second step requirement to access your accounts. 

Go to Settings

Look for settings under your account profile. It may be called Account Settings, Profile, Preferences, Privacy or similar. Then, select the security settings. This could be labeled Security, Password and Security or similar.

 Look for and turn on MFA 

It may be called two-factor authentication, two-step authentication or similar.

Confirm your choice

Select which MFA method to use from the options provided by each account or app. Examples are:

  • Receiving a numeric code by text or email
  • Using an authenticator app: These phone apps generate a new code every 30 seconds. Use this code to complete logging in.
  • Biometrics: This uses facial recognition or fingerprints to confirm our identities.

 

#4: Keep software updated

Many people might select “Remind me later” when we see an update alert. However, many software updates are created to fix security risks. Keeping software up to date is an easy way for us to stay safer online. To make updates even more convenient, turn on the automatic updates in the device’s or application’s security settings.

 Watch for notifications

Our devices will usually notify us that we need to run updates. This includes our devices’ operating systems, programs and apps. It’s important to install ALL updates, especially for our web browsers and antivirus software. 

Install updates as soon as possible

When notified about software updates, especially critical updates, we should be sure to install them as soon as possible. Malicious online criminals won’t wait, so we shouldn’t either!   

Turn on automatic updates

With automatic updates, our devices will install updates without any input from us as soon as the update is available—Easy! 

To turn on the automatic updates feature, look in the device’s settings, possibly under Software or Security. Search settings for “automatic updates” if needed.

Why It’s So Important to Update Promptly

If a criminal gets into our devices through a security flaw, they will look for sensitive information to exploit. Technology providers issue software updates to "patch” security weak spots as quickly as they can. If we don’t install them, they can’t protect us!

 Software updates can also:

  • Fix bugs
  • Improve performance
  • Add features that can enhance our experience

PRO TIP Every product you use should have auto-updates turned on by default. If you’re using a product or device that doesn’t have an auto-update option, ask your provider why not. It’s your information they’re putting at risk!