Tips to help you stay more secure online
We put together some quick tips and best practices for you to create stronger passwords, protect your devices, avoid phishing attempts, and browse the Internet securely.
Strengthen your account security
Take the Security Checkup
An easy way to protect your Google Account is to take the Security Checkup. We built this step-by-step tool to give you personalized and actionable security recommendations to help you strengthen the security of your Google Account.
Create strong passwords
Creating a strong, unique password is one of the most critical steps you can take to protect your online accounts. You can do this by using a series of words that you will not forget but would be hard for others to guess. Or take a long sentence and build a password with the first letters of each word. To make it even stronger, make it at least eight characters long, because the longer your password, the stronger it is.
If asked to create answers for security questions, consider using fake answers to make them even more difficult to guess.
Use unique passwords for every account
Using the same password to log in to multiple accounts, like your Google Account, social media profiles, and retail websites, increases your security risk. It is like using the same key to lock your home, car and office – if someone gains access to one, all of them could be compromised. Creating a unique password for each account eliminates this risk and keeps your accounts more secure.
Keep track of multiple passwords
A password manager, like Smart Lock in Chrome, helps you safeguard and keep track of all the passwords for your different online accounts. It can even keep track of your answers to security questions and generate random passwords for you.
Defend against hackers with 2‑Step Verification
2-Step Verification helps keep out anyone who shouldn’t have access to your account by requiring you to use a secondary factor on top of your username and password to log in to your account. With Google, for example, this can be a six-digit code generated by the Google Authenticator app or a prompt in your Google app to accept the login from a trusted device.
For further protection against phishing, you can purchase a physical Security Key that inserts into the USB port of your computer or connects to your mobile device using Near Field Communication or Bluetooth. For anyone who feels at risk of highly targeted attacks – including activists, journalists, or political campaign teams – the Advanced Protection Program provides Google’s strongest defense against phishing by enforcing the use of a physical Security Key as the only form of 2-Step Verification.
Protect your devices
Keep software up to date
To protect yourself from security vulnerabilities, always use up-to-date software across your web browser, operating system, plugins, and document editors. When you receive notifications to update your software, do so as soon as possible.
Review the software you use regularly to make sure you are always running the latest version available. Some services, including the Chrome browser, will automatically update themselves.
Keep potentially harmful apps off your phone
Always download your mobile apps from a source you trust. To help keep Android devices secure, Google Play Protect runs a safety check on apps from the Google Play Store before you can download them and periodically checks your device for potentially harmful apps from other sources.
To keep your data protected:
- Review your apps, and delete the ones you do not use.
- Visit your app store settings and enable auto-updates.
- Give access to sensitive data, like your location and photos, only to apps you trust.
Use a screen lock
When you are not using your computer, laptop, tablet, or phone, lock your screen to keep others from getting into your device. For added security, set your device to automatically lock when it goes to sleep.
Lock down your phone if you lose it
If your phone is ever lost or stolen, you can visit your Google Account and select “Find your phone” to protect your data in a few quick steps. Whether you have an Android or iOS device, you can remotely locate and lock your phone so that no one else can use your phone and access your personal information.
Avoid phishing attempts
Always validate suspicious URLs or links
Phishing is an attempt to trick you into revealing critical personal information, like a password. It can take many forms, so it is important to learn how to spot suspicious emails and websites. For example, a hacker might create a login page that looks legitimate but is actually fake, and once your password is revealed the hacker could access your account or infect your machine.
To avoid getting phished:
- Never click on questionable links.
- Always double-check the URL to make sure you’re entering your data into a legitimate website or app.
- Before submitting any information, make sure the site’s URL begins with “https.”
Watch out for impersonators
If someone you know emails you but the message seems odd, their account may have been hacked. Don’t reply to the message or click any links unless you can confirm the email is legitimate.
Look out for things for like:
- Urgent requests for money
- The person claiming to be stranded in another country
- The person saying their phone was stolen and cannot be called
Be wary of requests for personal information
Don’t reply to suspicious emails, instant messages, or pop-up windows that ask for personal information, like passwords, bank account or credit card numbers, or even your birthday. Even if the message comes from a site you trust, like your bank, never click on the link or send a reply message. It is better to go directly to their website or app to log in to your account.
Remember, legitimate sites and services will not send messages requesting that you send passwords or financial information over email.
Beware of email scams, fake prizes, and gifts
Messages from strangers are always suspect, especially if they seem too good to be true – like declaring you have won something, offering prizes for completing a survey, or promoting quick ways to make money. Never click suspicious links, and never enter personal information into questionable forms or surveys.
Double-check files before downloading
Some sophisticated phishing attacks can occur through infected documents and PDF attachments. If you come across a suspicious attachment, use Chrome or Google Drive to open and reduce the risk of infecting your device. If we detect a virus, we will show you a warning.
Browsing on secure networks and connections
Use secure networks
Be careful about using public or free Wi-Fi, even those requiring a password. These networks may not be encrypted, so when you connect to a public network, anyone in the vicinity may be able to monitor your Internet activity, such as the websites you visit and the information you type into sites. If public or free Wi-Fi is your only option, the Chrome browser will let you know in the address bar if your connection to a site is secure. Even at home, protect the privacy and security of your browsing activity by making sure your Wi-Fi network is encrypted and by setting a strong password.
Look for secure connections before entering sensitive information
When you are browsing the web – and especially if you plan to enter sensitive information like a password or credit card number – make sure the connection to the sites you visit is secure. If it is a secure URL, the Chrome browser will show a gray, fully locked icon in the URL field. HTTPS helps keep your browsing safe by securely connecting your browser or app with the websites you visit.