How to Tighten Your Password and Security

The need to protect important information or to verify one’s identity isn’t new – it dates all the way back to ancient times. In ancient Rome, soldiers used a “watchword” system (tessera) to when passing through protected checkpoints. Furthermore, there are records of similar systems being used as early as 3000 BCE, in ancient Sumeria.

Fast forward to today, and those same concepts of information security and verification play a huge role in everything we do on a daily basis. Any way you look at it, the digitalization of nearly all aspects of our lives is inescapable. Today, you can do almost nothing without a phone, a computer, and an active email account. That is why the security of one’s digital assets must be taken very seriously and it is also the reason I am writing this post.

The article you are about to read delves into essential topics like basic Windows security tips, the essence of cybersecurity, the role of password managers, and how to defend against malware and phishing. I’ll do my best to provide you with specific effective tips and actionable advice to help you boost your cybersecurity and minimize the chances of rogue actors getting their hands on anything important to you.

Essential Windows Security Tips

Historically, Windows systems are one of the most commonly targeted and successfully compromised. Windows gives a lot of customization freedom, but this also means it’s easier for cybercriminals to trick the user into allowing them in and to then gain access to various parts of the system.

For this reason, it’s essential to apply some fundamental security rules if you are using a Windows machine. I know you’ve probably heard these next tips hundreds of times before, but the truth is that most users still ignore them and that is why they are getting their online accounts stolen and their PCs infected with malware:

Trust in Windows Security

Modern-day Windows Security (the built-in antivirus of Windows) is actually pretty good. It detects most threats and attempts to compromise your system, so I strongly suggest that you leverage it to its full capacity. Keep all its security features enabled, and trust its warnings unless you are absolutely certain the thing it warns you about is safe.

Keep All Software Up to Date

Enable Automatic System Updates: An essential prerequisite for Windows Security to protect you is to have its malware definitions up-to-date. Therefore, just keep its automatic updates turned on. There are very, very few valid reasons not to let it update automatically.

Update Third-Party Software: Regularly update non-Microsoft software, especially web browsers and commonly used apps, to patch security vulnerabilities. Again, those will typically have the option to update automatically, so I suggest keeping that enabled.

Install Antivirus Software and Keep It Current

There’s no consensus in the cybersecurity circles on whether you actually need dedicated third-party security software on Windows. I personally think responsible online behavior is the best form of protection, but having that extra layer of security that comes from a strong antivirus/anti-malware tool is never a bad thing.

Specific Cybersecurity Advice

Windows PCs aren’t the only devices targeted by hackers and scammers. You must keep all your devices and operating systems protected if you want to make sure there aren’t any holes in your online security. I recommend employing each of the following tips to maintain your virtual safety:

• Be Cautious with Attachments and Links
  • If an email looks sketchy, just don’t open it. If you do open it, don’t interact with it or download any of its attachments unless you know they are safe.
  • If you come across a suspicious link or button, hover over it and pay attention to the address that appears in the bottom-left. If you don’t recognize the address, don’t click the link/button.
• Browse the Web Safely
  • Choose a reliable browser (Edge is a good option for security) and install a security extension with a proven track record.
  • Get an add-blocker. Those don’t simply stop annoying ads but also keep you safe by blocking automatic redirects to shady pages.
  • Obviously, don’t go to sites that offer pirated content or illegal downloads.
• Be Careful with External Devices
  • Don’t connect USB drives and external devices to your PC if you don’t know what’s on them.
  • And even if you think you know what’s on them, do run an antivirus scan before accessing their contents.
• Protect Personal Information Online
  • Don’t share personal info with random people on the web. Not your email, not your phone, not your address. Even such seemingly harmless info can be used by scammers and other criminal actors.
  • I also recommend that you adjust the settings on your social media accounts to limit data exposure to people who aren’t on your friends list.
• Educate Yourself About Scams
  • You must get good at recognizing phishing emails and messages, and other common types of virtual scams. I’ll talk more about it in a bit.
• Create Strong and Protected Passwords
  • It always amazes me how much the majority of users focus on protecting against malware, but they still use the “123456” as their password on multiple accounts. Use strong and unique passwords! More on that in a bit.
  • Consider using a password manager. Seriously, these are very helpful.

I know it can be annoying to apply all these guidelines but, trust me, they help.

How to Protect Against Malware

Malware is short for “malicious software”, and it refers to any software intentionally designed to cause damage to a computer, server, client, or network, or to perform other malicious actions in your system. There are many types of malware, but you really only need to know about the categories:

• Viruses: Attach themselves to clean files and spread to other files.
• Worms: Infect entire networks by exploiting vulnerabilities.
• Trojans and Trojan Miners: Disguise themselves as legitimate software. One of the most commonly encountered threats.
• Ransomware: Encrypts data and demands payment for access. Very difficult to deal with.
• Spyware: Secretly gathers user information without consent.
• Adware: Automatically displays or downloads advertising material.
• Browser Hijackers: They attach to the browser and make unwanted changes to it. Like adware, they are mostly used for advertising purposes.

Realistically, the types of malware that users encounter most commonly are Browser Hijackers, Adware, Trojans, and Ransomware (pretty much in that order).

But no matter the malware, the distribution techniques are generally the same and so are the ways to protect your system from such programs:

• Stay away from pirated software
  • I know you already know that, but it still amazes me how many people get viruses from downloading pirated stuff. Just don’t do it – it’s not worth it. And if you do it, then don’t be surprised when you get malware on your PC.
• Check the installation settings
  • People will often just click Next until the program they want is installed, and that is how you get Browser Hijackers, Adware, and sometimes even Trojans. Pay attention to the installation settings and deselect any bundled components. This will save you a ton of headaches.
• Adjust your browser’s download settings
  • Make your browser always ask you to specify a location when a file is about to be downloaded. That way, even if you mistakenly click a malware download link, the file won’t be allowed on your PC until a location is chosen, which gives you the opportunity to deny the download.

And if you’ve already been infected with malware, check our guides. Chances are that we’ve already created an article that addresses the threat you are dealing with.

What is Phishing and How to Avoid it

Phishing is an advanced type of online fraud where the scammers impersonate legitimate organizations via email, text message, or advertisements to steal sensitive information.

How Phishing Works:

• The attackers send messages that appear to be from trusted entities and lure you into clicking a link, downloading a file, or calling a phone number.
• The victim is tricked into sharing personal info – typically their credit or debit card numbers.
• Alternatively, the attacker might gain direct access to the victim’s device if the latter was tricked into downloading a remote access malware (RAT).
• The scammer gets hold of the user’s financial data and empties their bank accounts or gets access to sensitive private info and then blackmails the victim for a payment.

Defending Against Phishing:

The key to not falling victim to such schemes is to be able to recognize them from the very beginning. Here are actionable tips that will help you spot phishing attempts:

• Never act on anything requested in an email or another type of online message without first taking the time to verify its legitimacy.
• Always check the email addresses and sender details of unexpected emails.
• If you’ve received a suspicious email that’s supposedly from a well-known organization, Google the organization and contact it through its official site to inquire about the email and see if they’ve sent it to you.
• Be Skeptical of urgent requests – emails that require you to do something within a set deadline such as 24 or 48 hours have a very high probability of being linked to a scam.
• Look up the sender or ask on security forums, such reddit.com/r/antivirus to see if anyone else has received the same email. The same phishing emails get sent to thousands or even millions of users.

The most important thing to remember about phishing is that the scammers largely rely on a strong emotional response from the victim. If you manage to stay calm and assess the situation, you’ll easily see through the scam, ignore it, and move on with your day.

How to Create a Strong Password

I briefly mentioned the problem with weak passwords earlier in this post, but now I must elaborate further on this topic as it’s essential, yet often overlooked. Here are some good pointers on how to ensure your passwords are strong:

1. Don’t use Personal Information in Your Passwords
   • Don’t use names, birthdays, or common words.
   • Personal info can be found through social media or public records.
2. Diversify the Password Characters
   • Use a combination of uppercase letters, lowercase letters, numbers, and symbols.
   • Put the symbols in a random order.
3. Create Longer Passwords
   • Your passwords should be at least 12 characters.
   • You can use phrases or a combination of random words to create a longer password (e.g., “B1u3H0rseRain7!”).
4. Don’t Use Correctly Spelled
   • Hackers use tools that can try every word in the dictionary.
   • You can misspell words or replace letters with numbers or symbols (e.g., “P@55w0rd!”) to make it easy to remember but more difficult to crack.
5. Modify Memorable Phrases
   • Think of a sentence and use the first letter of each word. Example: “I love to read books at night” becomes “Iltrban”.
   • Then replace some of the letters with numbers like so: “I1tr8@n”.
6. Use unique Passwords for Each Account
   • Using the same or similar passwords for different accounts is a huge mistake.
   • However, you can create iterations if a single master password which you can use on different accounts. You can learn how to do that from our dedicated article on how to create strong passwords.

Never underestimate the importance of using strong and reliable passwords for your online accounts. However, I get it can be difficult to keep track of multiple complex passwords, which is why people will often use a single simple one for all their accounts. That is why we created a special How to Create a Strong Password article, where we provide a much more detailed explanation of how to manage your passwords.

What is a Password Manager and Do You Need One?

Anyway you look at it, it’s challenging to manage several complex passwords, especially if you have a large number of online accounts. That is why it’s sometimes better to use a password manager tool. It lets you securely store and use all your passwords, which you can access with a single master password, which is the only one you need to rememer.

Types of Password Managers:

• App-Based Password Managers
  • They are apps installed on your phone, tablet, or computer.
  • Some have free versions, but most will still require a paid subscription for advanced features.
  • They are generally more advanced and offer features such as cross-platform password syncing.
• Browser-Based Password Managers
  • Pretty much all modern browsers, including Chrome, Safari, and Edge offer built-in password management.
  • These offer basic functionalities, such as the option to save and automatically fill in login details.
  • Such password managers are convenient but are nowhere near as secure as the ones that come with a dedicated app.

Benefits of Using a Password Manager:

• Lets you use much stronger passwords that are unique for each account.
• You only need to remember one ‘master’ password.
• The more advanced password managers protect your passwords with encryption.

Ultimately, it’s up to you to decide if it’s worth getting a password manager. You may or may not need it, but in either case, you must absolutely ensure your passwords are unique and strong, or else your virtual security might be at risk.

Conclusion

There are many ways you can enhance your virtual security and all of them are important. You need to respect the basic Windows security practices, learn to recognize and protect against threats like malware and phishing, use strong passwords, and more.

This post is supposed to quickly point out the most important aspects of cybersecurity, but it’s ultimately up to you to correctly employ each of the tips and suggestions outlined on this page.