The website uses cookies. By using this site, you agree to our use of cookies as described in the Privacy Policy.
I Agree
Text direction?

Protecting Your Digital Life in 9 Easy Steps

Credit...George Etheredge for The New York Times

Editors’ note: This article, originally published in November 2016, was updated May 16, 2017.

There are more reasons than ever to understand how to protect your personal information.

Major website hackings seem ever more frequent. A set of top-secret National Security Agency hacking tools were dumped online over the past year. In May, hackers used some of those tools to hijack computers around the world.

In a Medium post, Quincy Larson, the founder of Free Code Camp, an open-source community for learning to code, detailed the reasons it might be useful for people to make their personal data more difficult for attackers to obtain.

“When I use the term ‘attacker’ I mean anyone trying to access your data whom you haven’t given express permission to,” he wrote, “whether it’s a hacker, a corporation or even a government.”

In an interview, Mr. Larson walked us through some of the basic steps he recommended. We added a few of our own, based on additional interviews and news events.

We encourage you to send any questions or feedback about this article to

Credit...Ritchie B. Tongo/European Pressphoto Agency

Encryption is just a fancy word for scrambling your data so no one can understand what it says without a key. It’s useful for protecting information on your computer, but also for making sure prying eyes can’t snoop on text messages and emails on your phone. But encryption is more complex than just switching a couple of letters around.

Signal is one of the most popular apps for those who want to protect their text messages. It is free, available for iPhone and Android, and extremely easy to use, but it does depend on your friends downloading and using it along with you. And unlike Apple’s iMessage, which is also encrypted, the code it uses to operate is open source, which is easier for an independent security expert to examine without the special permission of the developer.

“You can be sure by looking at the code that they’re not doing anything weird with your data,” Mr. Larson said.

“In general, the idea behind the app is to make privacy and communication as simple as possible,” said Moxie Marlinspike, the founder of Open Whisper Systems, the organization that developed Signal.

WhatsApp, the popular chat tool, uses Signal’s software to encrypt its messaging. And in Facebook Messenger and Google’s texting app Allo, you can turn on an option that encrypts your messages. Here’s how to do that on Facebook. Here’s how to do it on Allo.

In May, cybercriminals used ransomware, a type of software that locks down people’s data and threatens to destroy it if the attacker is not paid, to hijack hundreds of thousands of computers worldwide.

Such attacks are often spread through malicious email attachments and links, a practice known as phishing. So make a rule of not clicking on anything when you do not know where it will take you, even if it appears to come from someone you know.

Also, make sure to update your software regularly, particularly your operating system. Frequently, software companies will release updates that patch bugs and vulnerabilities when they are discovered. But outdated or unauthorized copies of the software may still contain the security flaws. This is a particular problem with computers using Microsoft Windows, the most popular operating system in the world and therefore a big target for hackers.

Finally, for those using Windows, antivirus software can go a long way toward shoring up protection. Mr. Chen recommends antivirus tools from Bitdefender or Malwarebytes.

Your phone may be the device that lives in your pocket, but Mr. Larson described the computer as the real gold mine for personal information.

Even if your data were password-protected, someone who gained access to your computer “would have access to all your files if they were unencrypted.”

Luckily, both Apple and Windows offer means of automatic encryption that simply need to be turned on. In Apple’s macOS, FileVault can be enabled from the Security and Privacy System Preferences panel. Apple has detailed instructions to enable it here. Microsoft Windows users must be running Windows 7 Ultimate or the Professional version of Windows 8, 8.1, or 10 to use BitLocker. Here’s a guide on how to check, and how to turn it on.

Similarly, keep your data backed up. If something happens to it, or you lose it all, you can recover quickly without hassle. An online backup service, like CrashPlan, a favorite of The Wirecutter, a New York Times Company, backs up your data and encrypts it at the same time. Even an external hard drive gives your files an extra layer of security.

Backups will protect your photos, documents and other data not only from a technical malfunction, but from ransomware and other malicious hacking. Just make sure to test or check your backups periodically.

You know this by now. Creating strong passwords and never using the same password across sites is one of the simplest things you can do to protect yourself from digital invasion. Not everyone agrees about frequent password changes. Most say you should use really strong passwords and no more than one password per site, THEN use the password managers.

But making up new combinations all the time is irritating and inconvenient, tempting people to reuse them or make them too simple. That is one reason some experts object to frequent password changes. It’s far better to create really strong ones for every login. And new passwords can pose security risks, because it’s hard to remember complex ones, so you are tempted to write them down.

That can lead to a lot of hard-to-remember passwords.

To keep track of them, Mr. Larson recommends password managers, which help store many passwords, with one master password. He said he uses LastPass but knows plenty of people who use 1Password and KeePass, and he doesn’t have a strong reason to recommend one over another.

As far as making passwords up goes: Don’t be precious about it. Use a random word (an object near you, for example), scramble the letters and sprinkle in numbers and punctuation marks. If you’re writing passwords down or using a password manager, you don’t have to worry about making them memorable.

Credit...Pawel Kopczynski/Reuters

When you turn on two-factor authentication, anyone trying to sign in to your email from new devices will have to go through a secondary layer of security: a code that is sent to your phone via text message. (Though sadly, not through Signal.)

Here’s a link to turn on two-factor authentication for Gmail accounts.

Here’s one for Yahoo accounts, and here’s one for Outlook accounts.

You should also set two-factor authentication for social media accounts and other sites where it’s available. But email is the most important account, since many sites use email for password recovery, a fact that hackers have exploited. Once they have access to your email, they can get access to banking, social media, data backups and work accounts.

Mr. Marlinspike recommended this plug-in, developed by the Electronic Frontier Foundation, a digital security organization. It ensures that you are using the secure form of websites, meaning that your connection to the site will be encrypted and that you will be protected from various forms of surveillance and hacking.

Download HTTPS Everywhere for Chrome here. For Firefox here.

Here’s a list of FAQ’s about the plug-in, including whether it is available for other browsers.

And this is a good time to note that you should always find out whether the Wi-Fi network you are using is secure. Public networks — and even private networks without security keys — often are not.

The Times’s personal tech expert, Brian X. Chen, recommends using a VPN to shield browsing information, encrypt all of the data coming to or leaving your computer or phone, and hide your location.

VPNs create an encrypted “tunnel” through which all of your data is sent, meaning other computers or devices on the same network as your computer can’t make sense of it. The only people who have the “key” in this case is your computer and the VPN provider you connect to when you turn it on. This is especially useful on public Wi-Fi networks, like at the airport or coffee shop, where you don’t know who else is using the same network.

Some VPNs are free, and others require monthly subscriptions. The best offer apps for your phone as well as your computer. Mr. Chen highlights three providers: Freedome by F-Secure, TunnelBear and a service called Private Internet Access.

This feature, available on Chrome, Safari and Firefox, among other browsers, may sound secure, but pay attention to the clear warnings.

On Chrome, the second paragraph of the “incognito” home screen spells it out for you.

“You aren’t invisible,” it says. “Going incognito doesn’t hide your browsing from your employer, your internet service provider or the websites you visit.” In reality, it simply keeps your computer from keeping a record of where you go. It doesn’t stop sites from tracking and collecting data on you, and doesn’t do anything to protect your online privacy or security. It does, however, keep anyone using your computer from knowing where you went.

Mr. Larson said that if people were paranoid about Google, he would strongly encourage them to use DuckDuckGo, an alternate search engine.

He said, however, that he was not paranoid.

“Google is built on the hacker ethic, and they have put principle above profits in some aspects,” he said.

But he also acknowledged that he meets “people all the time who are extremely skeptical of any large software organization, and I think that’s reasonable.” There are trade-offs. Google’s search results are more useful and accurate than competitors’ precisely because of the ways it collects and analyzes information about its customers’ searches.

That way, if someone has found a way to compromise your computer, they cannot spy on you.

And yes, this happens. Even Mark Zuckerberg of Facebook worries about it.

Related Notes
Get a free MyMarkup account to save this article and view it later on any device.
Create account

End User License Agreement

Summary | 9 Annotations
Major website hackings seem ever more frequent. Investigators believe that a set of top-secret National Security Agency hacking tools were offered to online bidders this summer
2017/04/01 13:52
Protect your computer’s hard drive with FileVault or BitLocker.
2017/04/01 13:52
Not every security expert trusts password managers. Some noted that LastPass itself was hacked last year.
2017/04/01 13:53
4. Protect your email and other accounts with two-factor authentication
2017/04/01 13:53
5. Use a browser plug-in called HTTPS Everywhere.
2017/04/01 13:53
6. Invest in a Virtual Private Network, or VPN.
2017/04/01 13:54
The Times’s personal tech expert, Brian X. Chen, recommends using a VPN to shield browsing information and hide your location. He highlights three providers: Freedome by F-Secure, TunnelBear and a service called Private Internet Access.
2017/04/01 13:54
On Chrome, the second paragraph of the “incognito” home screen spells it out for you.“You aren’t invisible,” it says. “Going incognito doesn’t hide your browsing from your employer, your internet service provider or the websites you visit.”
2017/04/01 13:55
A Bonus: Cover your webcam with tape.That way, if someone has found a way to compromise your computer, they cannot spy on you through its camera.
2017/04/01 13:56