The Normal Person's Guide to Internet Security
This is a quick and dirty guide to basic internet security for the normal internet user. If you’re engaging in nefarious activities online (i.e. torrenting content) this guide is insufficient. What follows are the six things everyone can do to protect themselves on the internet.
TO BE COMPLETELY CLEAR: I am not an internet security expert. Follow this guide at your own risk. It’s your own damn fault if you get pw3ned. Take this quiz to see if you can outsmart internet scammers.
tl;dr true internet security requires behavior change. This free guide will provide a “good enough” starting point for regular people using the internet in regular ways.
That said, here’s how to protect yourself on the internet in 20-minutes or less – or your money back.
1/ Two-Factor Authentication
You know when you login to your bank, but then they send you a text message with a six-digit code? That’s two-factor authentication. It’s annoying, but it’s the most important thing you can do to protect yourself on the internet.
Enable two-factor authentication on the following services you use: Amazon, Apple, Dropbox, Facebook, Google, Instagram, Microsoft, Paypal, Slack, Twitter, Venmo, and WhatsApp. Don’t forget your bank and email accounts, too!
Check twofactorauth.org for a complete list of apps and services that support 2FA. Enable this for everything you use.
optional – Use an authenticator app like Authy or Google Authenticator (both are free!) to make 2FA life easier. Now, instead of waiting for a text message, you use the app and punch in the six-digit code listed for your service.
You already know what to do. Just do it. And, just because you’re using two-factor authentication for everything doesn’t mean you can skimp on your passwords. Did I say password with an S? Yes. Use a unique password for every service you use – do not repeat your same password over and over.
Use strong passwords that are 12-14 characters in length and a mix of capital and lowercase letters, numbers, and punctuation. Don’t use the same password for every site or service. Change your passwords twice year (I change mine when I go to the dentist). Don’t keep a text file or email to yourself with all your passwords listed.
An easy way to create and remember a strong password is to grab your favorite book. Turn to a page. Select a word. Count the number of lines from the top. For instance, from 1984, on page 36, the word “thoughtcrime” is on line 5.
Smush these three things together using a symbol between each (i.e. “!” or “#” or “$”). Capitalize the first letter of your word.
For example, my password is: 36$Thoughtcrime$5
This is a good starting point and an upgrade over “password123” – just remember to dog ear the page and underline your word.
Another easy way is to combine a memorable sentence with some unique capitalization and puncutation to modify the sentence into a password.
For example, “I love to eat pizza in my pajamas in the morning!” Coudld easily turn into the password: I<32epimpithm!.
Get it? I <3 2 e(at) p(izza) i(n) m(y) (p)ajamas i(n) t(he) m(orning) !
On your phone. Turn on your phone’s password protection and set it to always require a passcode. Use the fingerprint reader.
On your computer. Set a login password. Require a password immediately after waking from sleep and the screen saver. Lock your screen when you walk away from your computer. (One easy way to do this is to create a hot corner on your screen that immediately starts your screensaver.)
optional – Password manager. I don’t use a password manager. I find it’s easier to remember a strong passwords than it is to remember to use the tool on multiple devices. That said, both 1Password and LastPass are good, multi-device options.
3/ Ad Blocker
An ad blocker does exactly what you think: they prevent ads from loading on web pages. This is great for several reasons: faster web browsing, less stuff to download, and it prettifies web sites. But the best reason is that they also block those sneaky trackers used to retarget the same ad over and over again.
Install uBlock Origin. It’s free and takes two seconds to install on your browser. Get it for Chrome and Firefox. The Safari installation is a little trickier – you’ll have to do it manually. Follow the instructions here to download and install (it takes five total clicks).
HTTPS works by encrypting traffic between the websites you visit and the device you’re using. Think of it as a way to protect yourself against inappropriate eavesdropping on your browsing habits.
Install HTTPS Everywhere from the Electronic Frontier Foundation. This free browser extension will encrypt your communication with most major websites by loading the content over an HTTPS connection rather than a standard HTTP connection when possible. Get it here: EFF.org/https-everywhere
5/ Third-party content blocker
In the same way you want to use an ad blocker to prevent ads from following you around the internet, you want to prevent third-party cookies from recording your browsing habits.
Install Privacy Badger, another free browser extension, to block certain cookies and third-party content.
Install it for Chrome and Firefox here. Sorry Safari.
6/ VPN (optional)
NOTE: This is seriously overkill for most normal users. If you’re going to inquire about a VPN, you’ll need to do a fair amount of personal research. Free VPNs will likely cause more harm than good!
A VPN stands for Virtual Private Network and is a way of using the internet in a much more secure way. It works by encrypting your data (Private) and then routing your traffic through servers elsewhere in the world (Virtual Network) so no one can see what you are up to. If you use public wifi at a cafe, hotel, or airport, a VPN is essential.
Choose a VPN. A VPN you can trust costs money. Period. Most options will cost you $10 or less per month. I personally use Private Internet Access. It’s barebones, but it’s also $3.33/mo. Nord is another good choice, which looks to be more user friendly and costs $5.75/mo.
Using your VPN. Some people leave their VPN on 24/7. Others only use it when they’re doing something extra private (i.e. porn). If you’re a normal person using the internet, I’d suggest this rule of thumb: if you’re using the internet outside of your home, turn on your VPN. Note: if you’re going to login to your bank or a financial institution, turn off your VPN – you’ll likely get flagged and locked out of your account since you’ll appear to be somewhere else in the world.
Check it’s working. With your VPN connected, head over to ipleak.net and see where in the world you’re connected.
The above isn’t a comprehensive list – there’s a lot more you could do – and there’s no silver bullet when it comes to internet security. Nerds will point out that this guide falls woefully short in a lot of ways. They’re right. It does.
Help me improve this. This guide lives on GitHub, which means anybody can request to edit the content. Do you know something smart that was left out? Make a pull request. github.com/mkiser/WTFJHT/
The point of this guide isn’t to ensure absolute internet security and anonymity online – it’s to help normal people using the internet a little more safely. If you want to take a few more actions to ensure you’re more secure, check out Get Safe.
Let me know what you think @matt_kiser.