There are add-ons, VPNs and apps galore that offer a safer browsing experience — but the browser you use, and the sites you visit, offer strong but simple security tools, too. Here are the best of the no-hassle, no-install-required options that you should be using now.
Image via jeff_golden
Stash Your Passwords the Safe Way
If you're up for it, consider making LastPass your easy, any-browser, any-OS solution, or get into KeePass for even tighter, more customised security. Not up for installing something new and setting it all up? Then simply fix up your current browser's password-saving system.
Firefox can save your passwords, but does so insecurely, so that anyone who grabs your laptop, or digs into your files, can read them. So be sure to enable the Master Password, and while you're at it, install Master Password + for a less-annoying, more-secure tool. Chrome can save your passwords, too, and also sync them through the Google cloud to any other Chrome browser you use. But be sure to protect your passwords with a passphrase. Internet Explorer, even in its pre-release ninth version, doesn't offer much in the way of password protection, beyond a toggle to ask you before saving each password. You're best off getting friendly with LastPass.
Enable HTTPS and Better Security Everywhere You Can
If you're surfing without an encrypted connection, you're leaving yourself open to, at best, a practical joke from friends; at worst, a breach of security in your social networks, email or other accounts, which can lead to further harm. It seems like paranoia, unless you've had a tech-savvy friend prove to you just how open you are.
Most sites that you'd want to use now offer an encrypted connection option, usually termed as "HTTPS" or "SSL". If a site doesn't have that option, and it's holding your personal data, consider whether you really need to be using that service. Here are the services for which you should definitely enable the secure/https option:
Gmail: Secure connections are usually a default now, but double-check: head into Settings, look under "Browser connection", and ensure that "Always use https" is enabled. (Be sure, too, that you've enabled two-step verification for your Google account, Gmail included.)
Facebook: Recently offered, and not enabled by default. To make use of it, click the Account link on any Facebook page while logged in, head to Account Settings, then, under "Account Security", hit the change button and check the box that says "Browse Facebook on a secure connection (https) whenever possible". Hit the Save button and head elsewhere.
Yahoo: Yahoo has a lot of really great, personalised account security options — so why aren't you using them? Logged into any Yahoo page, click under your name (in the "Hi Kevin" link), and choose Account Info. You'll have to enter your password again (but, hey, that's good!), but then you can set custom password reset questions, require an SMS code for verification, set up an alternate email address for account recovery, and many more really good options that are both free and easy to use.
Hotmail: Now offered for everyone, though not fully supported across clients like Outlook and Windows Live Mail. If you're mostly using Hotmail in your browser, add an "s" to your Hotmail URL (https://hotmail.com), and you should see a screen asking you if you always want to use a secure connection. You probably do.
eBay/PayPal: Log into PayPal, click the My Account tab, then click the Profile sub-tab. Look for the "Security Key" tab. For $US5, you can order a passphrase that arrives in physical form, and without which PayPal won't let anyone come close to your money. For those who do a decent amount of trading, especially overseas, it's a worthy investment.
Make It Harder for People to Pretend They're You
Not every site offers encrypted connections or extra security options, but most offer some kind of password recovery scheme for your convenience. Then again, most of them are hinged around simple email confirmations, or security "questions" that someone could discover from, say, your Facebook profile.
What's to be done about overly simple security features? Do your own thing. Create fake, snarky answers to security questions about your favourite teacher, your first pet or easily discovered relatives. One thing I've done for security questions that seem halfway decent is to answer the opposite of whatever the question was — so, enter your least favorite teacher, your last childhood pet, and maybe not the mascot of the high school you attended, but the mascot of that school's arch-rival.
Keep Insecure Plug-Ins from Exposing You
Take a tip from Jeff Atwood, who found that, despite his best intentions, he had a fake antivirus app installed on his machine. The culprit was a Java plug-in that allowed a site Atwood was passing by to sneak in some badly behaved code.
The modern browser is full of plug-ins, some of them occasionally necessary. How does one prevent these house guests from inviting all kinds of crashers onto your system?
First things first: head to Mozilla's super-handy Plugin Check page, which works with almost any browser, and see which of your plug-ins need updating now. You'll probably be a bit surprised, as even I was, evidenced by the screen capture above.
Chrome has a few good options for keeping insecure plug-ins at bay. You can set them to "click-to-play" or disable them individually, or enter
about:flags into your address bar and enable the "Disable outdated plugins" option to automatically shut down plug-ins that have known vulnerabilities.
Firefox will work some automatic plug-in monitoring into its future versions, as will other browsers; for now, consider making Plugin Check something you visit frequently — maybe even as one of your multiple startup pages.
What's the easiest way you've increased your own security online, without having to learn a new app or get a new number tattooed on your wrist?