Tips to help you stay more secure online
We put together some quick tips and best practices for you to create stronger passwords, protect your devices, avoid phishing attempts and browse the Internet securely.
Strengthen your account security
Take the Security Check-Up
An easy way to protect your Google account is to take the Security Checkup. We built this step-by-step tool to give you personalised and actionable security recommendations to help you strengthen the security of your Google account.
Create strong passwords
Creating a strong, unique password is one of the most critical steps that you can take to protect your online accounts. You can do this by using a series of words that you will not forget but that would be hard for others to guess. Or take a long sentence and build a password with the first letters of each word. To make it even stronger, make it at least eight characters long, because the longer your password, the stronger it is.
If asked to create answers for security questions, consider using fake answers to make them even more difficult to guess.
Use unique passwords for every account
Using the same password to log in to multiple accounts, such as your Google account, social media profiles and retail websites, increases your security risk. It is like using the same key to lock your home, car and office – if someone gains access to one, all of them could be compromised. Creating a unique password for each account eliminates this risk and keeps your accounts more secure.
Keep track of multiple passwords
A password manager, like the one in your Google Account, helps protect and keep track of the passwords that you use on sites and apps. Google’s password manager uses your saved passwords to safely and easily sign you in.
Defend against hackers with 2‑Step Verification
2-Step Verification helps keep out anyone who shouldn’t have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account. With Google, for example, this can be a six-digit code generated by the Google Authenticator app or a prompt in your Google app to accept the login from a trusted device.
For further protection against phishing, you can purchase a physical Security Key that inserts into the USB port of your computer or connects to your mobile device using Near Field Communication or Bluetooth. For anyone who feels at risk of highly targeted attacks – including activists, journalists or political campaign teams – the Advanced Protection Programme provides Google’s strongest defence against phishing by enforcing the use of a physical Security Key as the only form of 2-Step Verification.
Protect your devices
Keep software up to date
To protect yourself from security vulnerabilities, always use up-to-date software across your web browser, operating system, plug-ins and document editors. When you receive notifications to update your software, do so as soon as possible.
Review the software that you use regularly to make sure that you are always running the latest version available. Some services, including the Chrome browser, will automatically update themselves.
Keep potentially harmful apps off your phone
Always download your mobile apps from a source that you trust. To help keep Android devices secure, Google Play Protect runs a safety check on apps from the Google Play Store before you can download them and periodically checks your device for potentially harmful apps from other sources.
To keep your data protected:
- Review your apps and delete the ones that you do not use.
- Visit your app store settings and enable auto-updates.
- Only give access to sensitive data, such as your location and photos, to apps that you trust.
Use a screen lock
When you are not using your computer, laptop, tablet or phone, lock your screen to keep others from getting in to your device. For added security, set your device to automatically lock when it goes to sleep.
Lock down your phone if you lose it
If your phone is ever lost or stolen, you can visit your Google account and select 'Find your phone' to protect your data in a few quick steps. Whether you have an Android or iOS device, you can remotely locate and lock your phone so that no one else can use your phone and access your personal information.
Avoid phishing attempts
Always validate suspicious URLs or links
Phishing is an attempt to trick you into revealing critical personal information, such as a password. It can take many forms, so it is important to learn how to spot suspicious emails and websites. For example, a hacker might create a login page that looks legitimate but is actually fake, and once your password is revealed the hacker could access your account or infect your machine.
To avoid getting phished:
- Never click on questionable links.
- Always double-check the URL to make sure that you’re entering your data into a legitimate website or app.
- Before submitting any information, make sure that the site’s URL begins with 'https'.
Watch out for impersonators
If someone that you know emails you but the message seems odd, their account may have been hacked. Don’t reply to the message or click any links unless you can confirm that the email is legitimate.
Look out for things such as:
- Urgent requests for money.
- The person claiming to be stranded in another country.
- The person saying that their phone was stolen and cannot be called.
Be wary of requests for personal information
Don’t reply to suspicious emails, instant messages or pop-up windows that ask for personal information, such as passwords, bank account or credit card numbers, or even your birthday. Even if the message comes from a site that you trust, such as your bank, never click on the link or send a reply message. It is better to go directly to their website or app to log in to your account.
Remember, legitimate sites and services will not send messages requesting that you send passwords or financial information over email.
Beware of email scams, fake prizes and gifts
Messages from strangers are always suspect, especially if they seem too good to be true – such as declaring that you have won something, offering prizes for completing a survey or promoting quick ways to make money. Never click suspicious links, and never enter personal information into questionable forms or surveys.
Double-check files before downloading
Some sophisticated phishing attacks can occur through infected documents and PDF attachments. If you come across a suspicious attachment, use Chrome or Google Drive to open and reduce the risk of infecting your device. If we detect a virus, we will show you a warning.
Browsing on secure networks and connections
Use secure networks
Be careful about using public or free Wi-Fi, even those requiring a password. These networks may not be encrypted, so when you connect to a public network, anyone in the vicinity may be able to monitor your Internet activity, such as the websites that you visit and the information that you type into sites. If public or free Wi-Fi is your only option, the Chrome browser will let you know in the address bar if your connection to a site is secure. Even at home, protect the privacy and security of your browsing activity by making sure that your Wi-Fi network is encrypted and by setting a strong password.
Look for secure connections before entering sensitive information
When you are browsing the web – and especially if you plan to enter sensitive information such as a password or credit card number – make sure that the connection to the sites that you visit is secure. If it is a secure URL, the Chrome browser will show a grey, fully locked icon in the URL field. HTTPS helps keep your browsing safe by securely connecting your browser or app with the websites that you visit.