Tech blog of Jon Ryan, Web Developer & Geek

5 things you can do to stay safer online

October was “Cybersecurity Awareness Month”, as such, I figured I would write a post on staying safe online… a month late in November!

So here are 5 things you can do to stay safer online:

1. Use MFA (Multi-Factor Authentication)

You know that annoying thing you get with some websites, where you have to receive a text with a code before you can log in? That is multi-factor authentication! It’s a pain, but truly one of the most effective ways to protect your online accounts. The idea with multi-factor auth is that you prove you identity with a combination of different factors. They can be:

  • Something you know (such as a password)
  • Something you have (such as a phone registered to a number linked to your account)
  • Something you are (such as someone with a particular fingerprint, voice or face)

Most decent websites now support MFA, some refer to it as 2FA (two factor authentication). You can search the Authy website for guides on how to set up MFA for various websites.

If you don’t always get the best phone signal or you get fed up waiting for a text to turn up, you can often use an authenticator app that generates the code instead. I find this much more convenient. There are several apps available you can use:

2. Use a Password Manager

If you are entering a password from memory, chances are it’s not very secure…

So use horribly unmemorable passwords instead! Get a password manager app to generate passwords for the websites you use. All you need to remember is one master password, and the app handles everything else. One password to rule them all… one password to find them, one password to store them all and in an encrypted database store them!

These are the ones I would recommend checking out:

  • BitWarden - For most people, the FREE version should be fine
  • LastPass - Also has a FREE option, access limited to one PC and One Mobile on free version
  • 1Password - Good for businesses no free option

3. Change passwords for compromised accounts

WARNING: Chances are after doing this step you will likely be reaching for the tinfoil to craft some new headgear!

Go to haveibeenpwned.com enter your e-mail address. For any accounts that come back as being compromised:

  • Log in to those accounts and change your password (to something secure generated by a password manager, see 2!)
  • If the password used for those accounts was re-used on any other accounts, log in and change thoose too.

You can also check to see if a particular password has been leaked by entering it in haveibeenpwned.com/Passwords

4. Go Incognito when shopping or using online banking

Incognito mode does not stop your internet provider from knowing what you are doing online. It does however do a few things which are good when security is paramount:

  1. Cookies and browsing data will disappear when you close the browser - When you log in to online banking a cookie will be stored in your browser saying that you have authenticated as you. What you don’t want is any app stealing that cookie. With Incognito mode as soon as you are finished and close all the tabs that cookie will disappear.

  2. It disables browser extensions by default - If you’ve installed some strange third-party browser plugin that has access to read everything in your browser, that’s not great for security! Using incognito mode will disable any extensions you may have installed.

5. Don’t click that thing!

If you get an e-mail that says anything along the lines of “Click Here”, don’t click that thing! If you get an e-mail saying “your account may be compromised”, log in to that website the normal way and change your password, don’t click on any links in the e-mail.

Things you don’t need to worry about anymore

If I had written this a few years ago I would have included:

  • Keep your browser up to date
  • Don’t visit unencrypted sites (sites without the green lock)

Thankfully browsers such as Chrome, Firefox, and Edge keep themselves up to date automatically now and will scream at you if you try and visit an unencrypted website, telling you you should run for the hills.

Final thoughts

Hope this was helpful!

Written on November 15, 2022