1. Before you begin
What you'll learn
- How to secure your online information
- How to identify phishing attacks
- How to enable Advanced Protections for your Google Accounts
- How to stay safe on social media
2. Secure your online information
Create strong passwords
It's easier than you might think for someone to steal your password. Any of these common actions could put you at risk:
- Using the same password on more than one website.
- Downloading software from the internet.
- Clicking links in email messages.
Your password is your first line of defense, so use these tips to create strong passwords:
- Use at least 8 characters.
- Never use the same password for multiple accounts.
- Make it memorable to you, but difficult for someone else to guess.
- Use a mix of uppercase and lowercase letters, symbols, and numbers.
- Use the first letter of each word in a sentence. For example, your sentence might be, "I got married on Oct. 4, best day of my life!" so your password would be
Igmo104bdoml!
.
If necessary, use a password manager to manage your passwords. A password manager securely stores your passwords so that the only password that you need to remember is the one for the password manager. Many also come with password generators, which makes it even easier to generate and store secure passwords. For example, Google's Password Manager can review the security of the passwords saved to your Google Account. It assesses the strength of your passwords, and tells you whether any of them are used more than once or are compromised.
Enable 2-step verification
In addition to a password, 2-step verification requires another login credential, usually the input of a code sent to a mobile device. For example, you can enable 2-Step Verification for your Google Accounts.
Recently, sophisticated attackers have intercepted these codes to phish users. For the strongest form of 2-step verification, use physical security keys, which you learn about later.
Remove your personal information from people-finder websites.
People-finder websites are public databases where it's possible to look up a person's email address, phone number, and physical address with their name and any other identifying information. These websites gather information from public records, social media, and other sources, and could possibly reveal your address, criminal records, and other private information.
You can visit each people-finder website and request the removal of your information, but you need to check back every 6 months and possibly request the removal of your information again because it can be relisted. Alternatively, you can subscribe to a service that removes your information from people-finder websites, such as DeleteMe. For a fee, these services save you time and deliver a more-reliable result.
Install software updates for your devices
Don't ignore your device's notifications about software updates. These updates can include powerful privacy features that further secure your accounts, so update your software whenever an update is available.
Audit your online presence
Every once in a while, do an internet search of yourself to see what images appear on various search engines. If there's a particular photo that you're concerned about, do a reverse images search with Google or TinEye, which search for the image across indexed websites on the internet. Also, create a Google Alert for your name that alerts you whenever your name pops up in search results.
Disable location tracking on social media and web browsers
If location tracking is enabled on your phone or laptop, it might mean that your social-media posts have the GPS coordinates of your location associated with the post. To keep your location private, disable location services on each device that you use. Also, turn off geolocation tagging in your social-media accounts.
Limit who sees your posts
Make your accounts and posts private so that only your circle of friends or connections can see them.
Restrict what you share, such as location or other common security questions
Attackers can use your location or other information to hack your online accounts, such as your mother's maiden name.
Use a VPN to log in when you're on an unsecured network
A VPN lets you create a private network from a public internet connection, which masks your internet protocol addresses to keep your online actions private. This secure and encrypted connection provides you with greater privacy and security. Avoid public wifi as it puts you at risk. These are public network connections and if you access your accounts via these connections, your information can be hacked. Avoid using unsecured connections.
3. Identify phishing attacks
A phishing attack is when someone tries to trick you into sharing personal information online. It's typically done through emails, ads, or websites that look similar to websites that you already use. For example, you might get an email that looks like it's from your bank and asks you to confirm your account number. You can install a password alert to protect yourself against phishing attacks.
Information phishing websites may ask for:
- Usernames and passwords
- Social Security numbers
- Bank-account numbers
- Personal Identification Numbers (PIN)
- Credit-card numbers
- Your mother's maiden name
- Your birthday
A great way to learn how to protect yourself online is to explore what you already know. Do you think you can easily spot threats like phishing attacks? Take this quiz to find out.
4. Enroll your Google Accounts in the Advanced Protection Program
If your Google Account contains particularly valuable files or sensitive information, enroll it in the Advanced Protections Program, which uses 2-step verification. However, instead of a code, it requires a security key, which is the strongest form of 2-step verification. A security key can either be a hardware device or special software on your phone that you use to verify your identity and sign in to your Google Account. Unauthorized users won't be able to sign in without your security key, even if they have your username and password.
Google strongly recommends that journalists, activists, business executives, and people involved in elections enroll in the Advanced Protections Program. Even if an attacker gets through your password layer or intercepts your 2-step verification code, they still need your phone or physical security key to access your Google Account.
The Advanced Protection Program is a free service. However, if you don't have a security key, you may need to buy one.
5. Stay safe on social media
Every social-media platform offers specific tools and settings that help users stay safe. This isn't an exhaustive list, but you can use it as a starting point to ensure that your social-media accounts are safe.
- Resist linking your social media account to a new site (e.g. 3rd party apps). In doing this, you allow access to all your personal information. In these situations, it is recommended to sign up with a secondary email address.
- Review your privacy settings to limit the visibility of your posts and how people search for you.
- Report and block abusers when necessary.
- Avoid geotagging as online attackers could gain access to your coordinates.
- Check your posts to ensure there's no identifying information about where you're located before you post. Also ensure contact information such as your phone number and home address are omitted.
6. Use these tools to further protect yourself online
Security Checkup
Google's Security Checkup scans your Google Account settings and offers personalized recommendations to increase the security of your data.
Privacy Checkup
Choose the privacy settings that are right for you by signing into your Google Account.
Phone-finder software services
If any of your devices are lost or stolen, use phone-finder software services, such as Find My Device for Android phones. If you can't find your phone, you can lock your screen or erase the device entirely.
7. Congratulations
You learned how to protect your online accounts, identify phishing attacks, enable Advanced Protections for Google Accounts, and stay safe on social media.